This job was posted by https://joblink.maine.gov : For more information, please see: https://joblink.maine.gov/jobs/1183608

Reporting to the CTO, the Information Systems Security Officer (ISSO) is responsible for developing and implementing security measures to protect Academy computer systems, networks, and digital information. The ISSO will work closely with the IT team and Academy management to identify potential security vulnerabilities, analyze security risks, and ensure compliance with industry regulations. The ISSO has a solid understanding of information security principles, excellent problem-solving skills, and the ability to communicate effectively with both technical and non-technical personnel. This position is a full-time, 12-month, benefited SSP staff position.

DUTIES

• Develop and maintain a comprehensive information security program to safeguard the organizations data, systems, and networks.
• Designs, maintains, and executes vulnerability testing processes and security breach mitigation tactics.
• Assists in the selection of appropriate controls, control objectives, and activities to achieve policy goals and regulatory compliance.
• Designs, configures, implements, and maintains all security platforms and associated software including routers, switches, firewall, VPNs, WAF, NIDPS, SIEM, anti-SPAM, anti-virus, anti-malware, cryptology systems and MDM.
• Designs, reviews, and continuously assesses firewall, intrusion detection/prevention, SIEM, VPN, SSL, application control, anti-virus and other network component policies and underlying systems.
• Performs security reconnaissance on assets, gathering intelligence to identify and respond to potential security threats and vulnerabilities of moderate organizational risk and complexity, ensuring appropriate threat mitigation procedures are followed.
• Responsible for major security platform upgrades and changes.
• Coordinates and oversees third party penetration testing and security audits.
• Coordinate incident response activities, investigate security breaches, and provide recommendations for incident mitigation.
• Maintains up to date baselines for secure configuration and operation of all systems infrastructure.
• Performs security analysis of new and existing security applications and operating systems including hosted solutions. Applies standards to new installations before they transition from development to production environments.
• Performs regular analysis of all infrastructure systems to assess security vulnerabilities and needs.
• Coordinates and oversees log analysis for external monitoring services provider.
• Monitors data security systems to identify security events and leads event response efforts.
• Interfaces with external vendors to assess network access requests and ensure that they meet adopted standards and best practices.
• Stay up to date with the latest information security trends, technologies, and best practices to ensure continuous improvement of the organizations security posture.
• Educate and train employees on best practices for information security, data privacy, and incident response.
• Collaborate with internal and external stakeholders to address security concerns, implement security standards, and ensure compliance with regulatory requirements. Responsible for all security related training for the institution.
• Collaborates with CTO to create policies, procedures and best practices.
• Other duties as assigned.