Manager: Information Security

Title Code:

Manager: Information Security

JOB SUMMARY

Plans and coordinates the installation, testing, operation, troubleshooting, maintenance and sustainability of information security hardware and software tools, systems, and services. Leads confidential security investigations and audits, develop reports for management, and refines current information security processes and procedures. Ensures that all sensitive information transmitted and stored are properly protected. Ensures the quality, reliability, and accuracy of all deliverables. May work nights and weekends, as required, to monitor, support, maintain, implement and upgrade supported systems and related components.

Additional Work Days/Hours

Based on the assignment, the following additional work days and/or hours may be required as needed:

• Ability to work flexible schedules

• Emergencies

• Evenings/Nights

• Extended hours

• Holidays

• Inclement weather conditions

• On call

• Outside of normal business hours

• Overtime as needed

• Peak season

• Weekends

ESSENTIAL DUTIES/RESPONSIBILITIES

• Develops and executes the organization's cybersecurity strategy, aligning it with business goals and risk tolerance; collaborates with executive leadership to define cybersecurity policies, standards, and procedures; leads cross-functional teams to implement security initiatives and drives continuous improvement; provides leadership to ensure industrial and cyber security compliance per contract requirements; familiarity with frameworks such as the Risk Management Framework (RMF) and NIST is essential; oversees the implementation of security controls, risk assessments, and vulnerability management.

• Oversees day-to-day security operations, including incident response, threat detection, and vulnerability management; coordinate with security analysts, engineers, and administrators to maintain a secure environment; ensure compliance with industry standards (e.g., ISO 27001, NIST, CIS) and regulatory requirements.

• Leads incident response efforts during security breaches or incidents; coordinate with external partners, law enforcement, and forensics teams; develop and test incident response plans to minimize impact and recovery time.

• Sets up the security project work and delegate targets to the project team; ensures effective communication with all stakeholders across all levels, including detailed engineering and operational communications; identifies and manages project dependencies; undertakes requirements elicitation and definition to determine project scope; coordinates with larger program teams to ensure project compatibility and deliverable schedules.

• Identifies, assesses, and prioritizes cybersecurity risks; develops risk mitigation strategies and ensures their effective implementation; monitors threat landscapes, vulnerabilities, and emerging trends to adapt security measures accordingly.

• Collaborates with business units, legal, compliance, and IT teams to integrate security into project lifecycles and business best practices; communicates security risks and requirements to senior management and board members; fosters a security-aware culture through training, awareness programs, and communication channels.

• Develops and implements security procedures and tools based on industry best practices; Conducts training sessions on proposed security solutions and emerging technologies.

• Performs other related duties as assigned within the same classification or lower.

MINIMUM QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skills, and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education

• Bachelor's Degree in Computer Science or related field of education from a regionally accredited college or university required.

• Master's Degree in related field of education from a regionally accredited college or university preferred.

Experience

• Five (5) years professional experience in cybersecurity required; and

• Three (3) years experience in a supervisory or management role required.

Knowledge, Skills, Abilities and Other Characteristics

• Proven track record of successfully leading security programs and projects.

• Experience with regulatory compliance and audit processes.

• Familiarity with cybersecurity tools and NIST special publication documentation.

• Experience with cloud technology, database security, and cybersecurity principles.

• Previous experience supporting transition/handover of data gathering, enrichment, storage, and usage.

• Collaboration with cybersecurity teams and existing application development teams.

• Budget preparation and oversight.

• Demonstrated experience performing confidential IT security-related investigations and audits.

• Demonstrated ability to work effectively within a team environment.

• Demonstrated project management experience.

• Ability to organize and manage multiple assignments with concurrent time sensitive deadlines.

• Ability to maintain confidentiality in all security-related matters.

• Strong knowledge of network security, encryption, and access controls.

• Excellent oral and written communication skills.

• Experience with regulatory compliance and audit processes.

• Proficiency in risk assessment, threat modeling, and security frameworks.

• Demonstrated ability to effectively work and communicate with diverse populations

• Demonstrated proficiency with business technology applications (e.g. Video/Web Conferencing, Microsoft Office Suite -Word, Excel, Outlook, and/or PowerPoint preferred).

Licenses and Certifications

Employee must retain active licenses, certifications, and enrollment as a condition of employment.

• Hold or be eligible for Certified Ethical Hacker (CEH) issued by EC-Council preferred.

• Hold or be eligible for Project Management Professional (PMP) Certification issued by Project Management Institute (PMI) preferred.

• Hold or be eligible for Certified Information System Security Professional (CISSP) issued by (ISC)² preferred.

• Hold or be eligible for RIMS-Certified Risk Management Professional (CRMP) issued by Risk Management Society (RIMS) preferred.

• Hold or be eligible for Driver's License (DL) Class C Non-Commercial issued by Maryland or State of Legal Residence (MVA/DMV) required; and

• Daily access to reliable transportation.

Driving Requirements

• Driving is required to conduct bona fide Board business that is within the scope of employment in this position.

• Personal Vehicle

LEADERSHIP ROLE

• First level supervisor

People Management

• This position acts as the manager for 1 to 5 direct staff.

• This position acts as the manager for indirect staff.

• This position manages 1 to 2 departments.

Management Duties/Responsibilities

• Interviews, selects, and trains employees.

• Sets/adjusts pay rate and work hours.

• Directs the work of employees.

• Maintains records for use in supervision.

• Assess employees' performance (productivity/efficiency) to make promotional recommendation/other status changes.

• Handles employee complaints/grievances.

• Disciplines employees.

• Plans the work.

• Determines the techniques to use.

• Apportions the work among the employees.

• Determines the type of materials, supplies, machinery, equipment or tools to be used of materials or merchandise to be brought, stocked and sold.

• Controls the flow and distribution of materials or merchandise and supplies.

• Provides for the safety and security of the employees or the property.

• Plans and controls the budget.

• Monitors and implements legal compliance measures.

PHYSICAL DEMANDS/WORKING CONDITIONS

The physical demands and working conditions described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Physical Demands

• Standing: over 2/3 percent of the time

• Walking: over 2/3 percent of the time

• Sitting: under 1/3 percent of the time

• Using hands to handle or feel: between 1/3 and 2/3 percent of the time

• Pinching (fine motor skills): under 1/3 percent of the time

• Wrist deviation: between 1/3 and 2/3 percent of the time

• Keyboarding: under 1/3 percent of the time

• Pushing: under 1/3 percent of the time

• Pulling: under 1/3 percent of the time

• Reaching (with hands and/or arms): between 1/3 and 2/3 percent of the time

• Climbing (Ascend/Descend): between 1/3 and 2/3 percent of the time

• Balancing: between 1/3 and 2/3 percent of the time

• Stooping: between 1/3 and 2/3 percent of the time

• Kneeling: under 1/3 percent of the time

• Crouching: under 1/3 percent of the time

• Crawling: under 1/3 percent of the time

• Bending: between 1/3 and 2/3 percent of the time

• Twisting: between 1/3 and 2/3 percent of the time

• Squatting: under 1/3 percent of the time

• Talking: under 1/3 percent of the time

• Hearing: under 1/3 percent of the time

• Smelling: under 1/3 percent of the time

• Repetitive Motions: between 1/3 and 2/3 percent of the time

• Eye/Hand/Foot Coordination: between 1/3 and 2/3 percent of the time

• As required by the duties and responsibilities of the position.

Vision

The vision demands with correction described here are representative of those that must be met to successfully perform the essential functions of this job.

• No special vision requirements

Work Environment

Location

• Office, school or similar indoor environment: over 2/3 percent of the time

• Outdoor environment: under 1/3 percent of the time

• Street environment (near moving traffic): under 1/3 percent of the time

• Confined space: under 1/3 percent of the time

Exposure

• Outdoor weather conditions: under 1/3 percent of the time

• Extreme cold (below 32 degrees): under 1/3 percent of the time

• Work near moving mechanical parts: between 1/3 and 2/3 percent of the time

• Work in high, precarious places: between 1/3 and 2/3 percent of the time up to 40 feet on vertical ladder/scaffolding

• Fumes or airborne particles: between 1/3 and 2/3 percent of the time

• Toxic or caustic chemicals, substances, or waste: under 1/3 percent of the time

• Risk of electrical shock: under 1/3 percent of the time

• Vibration: under 1/3 percent of the time

Noise Level

• Moderate: between 1/3 and 2/3 percent of the time

Weight & Force

Lifting and carrying requirements

• Up to 50 pounds: under 1/3 percent of the time

Travel Requirements

• N/A

JOB INFORMATION

Approved Date: 7/1/2024 Established Date: 11/25/2019 Title Code: B05809 Title: MANAGER: INFORMATION SECURITY Alternate Title: Manager: Information Security Reports to Generic: Senior Manager Reports to Specific: MANAGER SENIOR: INFORMATION SECURITY

ORGANIZATION

Division: Technology Business Unit: Information Security Department: Negotiated Agreement: N/A

HR JOB INFORMATION

Unit: V Days Worked: 260 FLSA Exemption Status: Exempt Grade:

PG14

Click HERE to view salary scale. Scroll down to locate (Unit 5 - Professional Staff).

Essential Job: Months Worked: 12 Hours Worked: 8 Job Family: Information Technology Sub-Function: Information Security

VR# 23369