Short Description:
IT Security Policy Advisor is needed to facilitate immediate and comprehensive review of OCTO IT security policies
and procedures to identify gaps, update existing policies and to recommend implementation of new security
policies and procedures to CTO
Complete Description:
Provides review, guidance and development of OCTO IT security risk assessment policies and procedures and
monitors adherence in order to ensure information systems reliability and accessibility and to prevent and defend
against unauthorized access to systems, networks and data. Guides and assists systems staff to ensure the proper
and timely implementation of information systems security standards. Conducts IT security risk and vulnerability assessments for planned and installed systems as requested. Provides guidance to staff pertaining to the preparation, authentication, safeguarding and transmission of sensitive and confidential materials. Versatile with identifying and implementing new security practices and solutions to ensure governance controls and compliance to State, Local and Federal regulations. Ability to draft security advisories and vulnerability compliance documentation for user distribution.
The responsibilities include, but are not limited to:
• Serve as an advisor to the Chief Technology Security Officer (CTO) on a variety of cyber security matters and assisting with the implementation of enterprise information assurance, privacy policies, and procedures that ensure appropriate treatment of risk, compliance and assurance from internal and external perspectives
• Update, edit, and draft cyber security policies, methods, and standards for the Office of the Chief Technology Officer
• Attend various status meetings to discuss and resolve issues surrounding the security posture of the information systems and networks under OCTO
• Experience in cyber security, performing tasks such as security authorization (formerly certification and accreditation), Plan of Action and Milestones Management (POA&M), vulnerability management, as well as compliance and reporting
• Identify and report gaps in the existing cyber security procedures and processes and providing recommendations for improvements
• Assist in developing Security and Cyber Awareness programs for the user community.
• Understanding of various cyber security laws, regulations and standards, including, the Federal Information Security Management Act (FISMA), the National Institutes of Standard and Technology (NIST) guidance and standards, HIPAA, Sarbannes-Oxley, FTI, IRS Publication 1075
• Comfortable communicating with stakeholders at various levels in the chain of command.
• Ability to prioritize assignments on a daily basis
• Some technical writing and edit work may be required
Behavior Characteristics:
Highly articulate; Excellent writing skills;
Skill
Required / Desired
Amount
of Experience
Expertise Rating
Experience in setting IT security standards
Required
8
Years
3 - Expert
Experience in establishing IT security policies for financial or health institutions
Required
10
Years
3 - Expert
Experience in providing security policy guidance/publication in large enterprises
Required
10
Years
3 - Expert
Responsible for crafting policy, planning and management concepts
Required
6
Years
3 - Expert
Expert knowledge and implementation of FISMA and NIST security standards
Required
6
Years
3 - Expert
Broad experience and responsibility for ERM
Highly desired
6
Years
2 - Proficient
CISM Certification
Highly desired
CISSP Certification
Highly desired
Experience in translating goals for security into effective IT security policies
Required
6
Years
3 - Expert
Experience with PCI DSS
Required
3
Years
2 - Proficient
Bachelor's degree
Required
Practical knowledge and experience in information security best practices and industry standards
Required
8
Years