Deputy Chief Information Security Officer (Dciso) - Bcit

City Of Baltimore, MD Baltimore , MD 21203

Posted 5 days ago

Class Description

Deputy Chief Information Security Officer (DCISO)

The Baltimore City Office of Information and Technology (BCIT) is seeking a Deputy Chief Information Security Officer (DCISO). The Deputy CISO works with and reports to the BCIT's Chief Information Security Office (CISO) in leading the Agency's enterprise-wide cybersecurity program and providing security oversight to the agency's information technology (IT) investments. The Deputy CISO develops, evaluates and implements policies for agency-wide programs.

Summary of Responsibilities:

  • Leads a team of cybersecurity professionals across a broad range of disciplines including risk management, compliance/audits, incident response, security tools, analytics, threat hunting/emulation, security engineering, monitoring/detection, governance, training, and policy creation and implementation. Ensuring compliance with the National Institute of Standards and Technology (NIST) and other applicable policies, laws and governing frameworks.

  • Develops comprehensive cybersecurity policy that ties to larger IT policy, integrates with security architecture, anticipates future risk areas, and is based on industry-leading best practices, policy and laws. Ensures that BCIT has policies that guides the organization, manages compliance and risk, and defines key roles and partnerships.

  • Oversees (designs architecture/integration, procure, configure, manage) a comprehensive suite of security tools and monitoring technologies based on a continuous review of industry tools, security architecture designs, and gaps in the environment to support system authorization. Continuously monitors threat detection and response, hunting, compliance, and related enterprise-level security activities. Recommends enhancements designed to provide a comprehensive set of tools that integrate effectively and keep pace with evolving threats.

  • Continuously refines the cybersecurity program by developing innovative strategies and tactical plans across a wide array of cybersecurity programs, leveraging the latest industry research, threat analysis, and lessons learned from internal practices.

  • Conducts internal security audits of all aspects of the IT architecture for compliance and to determine where vulnerabilities exits, translating findings into Plans of Action and Milestones. Coordinates external audits to ensure BCIT has an effective compliance program that supports risk-prioritized remediation efforts.

  • Develops a professional cadre of cybersecurity experts through mentorship, creating and facilitating professional development opportunities, and quality reviews and feedback of work. Ensures that employees are challenged and provided opportunities to keep pace with continuously evolving cyber threats.

  • Designs, refines, implements and manages a risk-based, repeatable/consistent system security strategy based on the NIST Risk Management Framework (RFM)/Cybersecurity Framework which includes: control selection, system authorization, documenting, and remediating vulnerabilities, managing a Governance Risk and Compliance (GRC) tool, partnering with developers and stakeholders to ensure security is a part of the complete system development life cycle, and continuous monitoring. Maintains a thoughtful risk-management framework applied to all systems and applications.

  • Leads security monitoring of all environments and incident response to cyber-attacks by: designing comprehensive plans, managing routine exercises, partnering with threat experts and law enforcement, designing and managing a holistic cyber fusion and security operations center, working with external vendors, as well as building and leveraging threat intelligence and analytics programs. Updates and enhances a comprehensive threat monitoring and response program capable of rapidly detecting and responding to attacks.

  • Creates and oversees threat hunting and emulation ("red/blue") efforts designed to detect and repair vulnerabilities across the enterprise based on a strategy tethered to risk and larger corporate future IT goals. Determines where BCIT's architecture lacks sufficient security controls that could be exploited by an adversary.

  • Develops and manages an innovative and current cybersecurity training and awareness program that looks both internally at developing professionals in the field and educating employees across BCIT. Ensures employees at all levels receive training to prevent security mishaps and build a stronger industry-leading workforce.

Required Knowledge, Skills and Abilities

  • Bachelor's Degree in Information Technology, Computer Science, Cybersecurity or a related field.

  • Ten (10) years of experience managing cybersecurity for a large organization with detailed experience one or more of the following cybersecurity areas: operations and monitoring, risk management, or governance.

  • Preferred Education: Master's Degree in Cybersecurity or IT Management

  • Expertise reviewing and approving third party contracts for cyber sufficiency.

Minimum Qualifications

  • Comprehensive knowledge of cyber, information and administrative security related issues.

  • Considerable experience with business practices, budgeting, accounting and support service operations for large government or business organizations.

  • Knowledge of document and records management principles and vital or sensitive information classification policies and procedures as well as personnel intelligence and background review processes.

  • Knowledge of project planning and scheduling; business continuity of operations planning; audit and compliance programs; and pertinent laws, regulations, and best business security practices.

  • Ability to analyze and resolve complex business problems.

  • Ability to supervise, plan, and schedule the work of a professional staff and coordinate large initiatives in an agency defined by cross-functional activities.

  • Ability to analyze and resolve complex business problems.

  • Ability to communicate effectively orally and in writing with internal and external customers.

  • Skilled in the use of computers and software and network applications.

  • Candidate will be expected to have considerable experience in the IT Security field.

  • A mix of experience associated with Cyber, Data, Internet investigative support to the City of Baltimore, law enforcement and the legal department.

  • A mix of experience in various IT disciplines such as networking, system administration, and other disciplines will also be considered.

Certification/Licensure One or more of the following:

  • CompTIA Security+ (SY0-401)
  • (ISC) Certified Information Systems Security Professional (CISSP)
  • (ISACA) Certified Information Security Manager (CISM)
  • GIAC Security Essentials (GSEC)
  • EC-Council Certified Ethical Hacker (CEH)

Compensation: Commensurate with education and experiences.

Equal Opportunity Employer

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Chief Of Human Resources Information Systems Dhr

City Of Baltimore, MD

Posted 1 week ago

VIEW JOBS 12/5/2019 12:00:00 AM 2020-03-04T00:00 Class Description THIS IS A NON-CIVIL SERVICE POSITION The City of Baltimore Department of Human Resources has an immediate opportunity for a progressive, resourceful, highly skilled Human Resources Information Systems (HRIS) professional to expertly steer the City's HRIS and systems support functions. Essential Duties and Responsibilities: * Under direction of the Assistant Deputy Director, assesses, develops, and enhances the HRIS infrastructure to ensure optimal operations and service delivery; and implements, manages, and sustains effective HRIS system(s) procedures and practices to meet organizational business needs. * Researches, evaluates, tests, and recommends hardware/software and/or system upgrades necessary to achieve organizational business goals. * Ensures and provides data managementand reporting requirements. * Liaises and partners with vendors to develop and administer system upgrades; executes change orders; and develops and runs test scenarios and facilitates production movement. * Serves as the Subject Matter Expert, project manager, and liaison with other City agencies. * Will play a lead role in the implementation of the City's transition to Workday. * Performing day-to-day maintenance of HRIS systems, as well as installing new upgrades and testing for bugs. * Establishes and maintains security protocols for ERP users across City agencies; Ensures and maintains security and confidentiality for confidential and highly sensitive information; and serves as Department's chief computing resource. * Identifies, creates, and conducts HR predictive metrics and analytics, data analysis, and trend interpretation to initiate proactive HR strategic planning. * Directs training for HRIS systems; supervises audit functions, and HRIS user help desk and web administration duties and maintenance. Salary is commensurate with experience and education. Minimum Qualifications Minimum Qualifications * Bachelor's degree (Master's degree preferred) in Business Administration, Public Administration, Management, or related field from an accredited college or university and 10 years senior management, policy-driven operational responsibilities 5 of which involve managing heterogeneous functions through subordinate managerial staff in a large, complex organization, or equivalent combination of education and experience required. * Strong leadership and management skills required. * Project management experience essential. * Strong working knowledge of HR policies and practices, employment laws and regulations required. * Ability to evaluate, analyze and maintain records and audit information to ensure continual data integrity. Supplemental Information A letter of interest and desired salary is required at the time of application submission. City of Baltimore is an Equal Opportunity Employer City Of Baltimore, MD Baltimore MD

Deputy Chief Information Security Officer (Dciso) - Bcit

City Of Baltimore, MD