- Substitution: bachelor’s degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of general information technology experience.
**Experience solely in information security or information assurance may substitute for the general information technology experience.
- Associates Degree with a concentration or major in Information Security, Cyber Security, Digital Forensics, Information Assurance, or a comparable IT major such as Computer Science or Computer Systems Engineering, OR 4 or more years experience in Information Security or Information Technology.
- Applicable Information Security certificate(s), including but not limited to:
o Certified Information Systems Security Professional (CISSP)
o Certificate in Information Security Fundamentals (e.g., Security+, GSEC, CISF, GISF)
o Certificate in Information Security Management (e.g., GSLC, GSTRT, GCEIT, CISM, CCISO)
o Certificate in Information Security Risk Management (e.g., CRISC, CAP, GCCC, CCSLP)
- Working knowledge of:
o computer networks, intrusion detection systems, routers, firewalls, operating systems, network vulnerability assessments, web application vulnerability assessments, computer programming and scripting
o government security and privacy mandates/regulatory compliance (e.g., HIPAA, PCI, IRS Pub 1075, CJIS)
o Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering)
- 4+ years’ experience in the following areas:
o applying and implementing network and/or system security, independently or as part of the responsibilities as an IT professional working in an area such as software development, identity management, networking, or database management.
o technical writing
- 2+ years’ experience in the following areas:
o information security incident response
o security policy/standard/guideline development, implementation, or interpretation
o conducting risk assessments and evaluating information technology systems for security controls (SSDLC)
o compliance assessments, audit support/response, and compliance/audit remediation
- 1+ year experience in the following areas:
o process development and process improvement
o leading an information security team
- Good oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
- Demonstrated critical thinking, problem solving and analytical skills
- Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results
The position requires communicating orally and in writing with various individuals including management, users, vendors, and other IT staff. The incumbent will have to work with ITS teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure.
The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, NYS agencies, or ITS.
Specific duties include, but are not limited to:
- Assisting in technical security reviews of systems and architecture.
- Identifying risks in new and existing system design and architecture.
- Participating in workgroups to develop solutions and standards for IT systems.
- Providing recommendations for secure/hardened configurations of servers, platforms, networks, and other IT systems.
- Assisting with resolving security threats to ITS systems.
- Serving as information security expert and evaluates systems and contracts for alignment with agency and State information security policies.
- Supervising staff and resources dedicated to the team.
- Monitoring and maintaining awareness of information security industry trends, tools and techniques.
- In addition:
o Maintaining an adequate level of current knowledge and proficiency in information security through annual Continuing Professional Education (CPE) credits directly related to information security;
o Assisting CISO management with overall management of division activities as needed;
o Performing additional duties as required.
Background check and fingerprinting are required.
New York State is an equal opportunity employer.