Job Information
MyFlorida 833197-Commerce-Chief Information Security Officer-INFO TECH BUSINESS CONSULTANT MGR -SES - 40060006 in TALLAHASSEE, Florida
833197-Commerce-Chief Information Security Officer-INFO TECH BUSINESS CONSULTANT MGR -SES - 40060006
Date: Aug 23, 2024
The State Personnel System is an E-Verify employer. For more information click on our E-Verify Website (http://www.dms.myflorida.com/workforce_operations/human_resource_management/for_job_applicants/e_verify) .
Requisition No: 833197
Agency: Commerce
Working Title: 833197-Commerce-Chief Information Security Officer-INFO TECH BUSINESS CONSULTANT MGR -SES - 40060006
Pay Plan: SES
Position Number: 40060006
Salary: $100,000 - $120,000
Posting Closing Date: 09/06/2024
Total Compensation Estimator Tool (https://compcalculator.myflorida.com/)
Re-Advertisement – Previous applicants will be considered and need not reapply.
Anticipated Vacancy
Our Organization and Mission:
FloridaCommerce works across the state to support Florida’s economy, robust and talented workforce, and our local communities. We are dedicated to making a stronger and more resilient Florida, so our businesses, communities and workforce are better prepared to withstand future economic slowdowns and natural disasters.
In collaboration with our partners, we salute our nation’s veterans and are honored to have the opportunity to support them and their family members by encouraging them to apply for positions at FloridaCommerce that fit their skill sets.
FloridaCommerce is an Equal Opportunity Employer/Program. Auxiliary aids and services are available upon request to individuals with disabilities. (TTY/TDD 1-800-955-8771 or the Florida Relay Service – 711.)
Let FloridaCommerce’s mission become yours. To find out more about us, click on the link : http://www.floridajobs.org/
The Work You Will Do:
The incumbent of this position fulfills the role of Chief Information Security Officer (CISO). The CISO is responsible for designing, implementing, and maintaining, FloridaCommerce’s Cybersecurity activities. The CISO will be expected to execute the findings and recommendations from the Security Architecture Review Audit to ensure the implementation of the comprehensive, in-depth work performed by public and private sector stakeholders. The CISO, possessing a high degree of technical knowledge and skills will communicate and collaborate with non-technical leadership. The CISO, as an effective leader will be responsible for building and managing highly motivated teams with a commitment to accomplishing the mission.
The Difference You Will Make:
FloridaCommerce is a fast-paced work environment in which critical thinking and commitment to serving the citizens of Florida is a vital to the Agency’s vision. As a member of the Division of Information Technology, you will help to support the Agency goals through providing affordable, reliable, effective, and secure technology services.
How You Will Grow:
FloridaCommerce encourages its employees to constantly innovate and seek efficiencies. Trainings are made available throughout the year and on request with our Office of HR Training and with our Division of Workforce Training Unit. In accordance FloridaCommerce Vision and Mission, the employee:
Furthers Florida’s economic vision by providing support that enhances the economy and develops, safe, and healthy communities.
Meets customer/client expectations with an emphasis on responsiveness, quality, quantity, and timeliness of work.
Provides information clearly, accurately, and succinctly; and also exhibits good listening skills.
Works collaboratively to optimize the effectiveness of FloridaCommerce available resources and tools.
Uses knowledge acquired through education, training, or experience to complete tasks.
The Division of Information Technology provides its staff with access to resources and trainings provided by the following:
Pluralsight
CBT Nuggets
Gartner
Microsoft
These expectations are for all our employees, and you will be expected to model these as a leader. We believe in supporting and encouraging you as you take on important and often complex projects while offering you the opportunity to gain valuable experience. We make available other career growth opportunities such as CPM “Certified public Manager,” Certified PMP “Project Management Professional,” and Gartner GTP access.
Where You Will Work:
Tallahassee is Florida’s capital city and continues to grow attracting development and new business. Tallahassee is a mid-sized city in the heart of Florida’s Big Bend. Florida Commerce is in downtown Tallahassee, the political epicenter that draws in visitors each year to visit the Capitol. Each spring, the legislative session opens and people pour in to see the State perform its business. So regardless of what brought you here, being here will guarantee you an experience vibrant with entertainment, culture and delight. Tallahassee is:
Known for its beautiful parks, rolling hills and oak trees, canopied roads, hotels, dining, museums, arts, music, and natural resources ( https://talgov.com/ )
Home to major college campuses, Florida State University(FSU), Florida A & M University (FAMU) and Tallahassee Community College (TCC).
Approximately 22 miles from the nearest beach ( https://choosetallahassee.com/beaches-near-tallahassee/ )
Within a state having no state income tax for residents of Florida
WORKING FOR THE STATE OF FLORIDA IS MORE THAN A PAYCHECK!!
State Group Insurance coverage options+ * Retirement plan options, including employer
( health, life, dental, vision, and other supplemental options ) contributions ( FYI, please click www.myfrs.com )
Nine paid holidays and a Personal Holiday each year * Annual and Sick Leave Benefits
Student Loan Forgiveness Program (Eligibility required) * Flexible Spending Accounts
Tuition Fee Waivers (Accepted by major Florida colleges/universities) * Ongoing comprehensive training provided
Career Growth * Highly skilled, professional environment
+For a more complete list of benefits, visit www.mybenefits.myflorida.com .
We care about the success of our employees.
We care about the success of our clients.
We are always improving our technology, our tools, our customer’s experiences and ourselves.
A rewarding experience for reliable, compassionate and professional employees.
Pay
$100,000 – $120,000 Annually
Your Specific Responsibilities:
“Supervisory employees” are those who spend the majority of their time communicating with, motivating, training, and evaluating employees, and planning and directing employees’ work, and who have the authority to hire, transfer, suspend, lay off, recall, promote, discharge, assign, reward, or discipline subordinate employees or effectively recommend such action, including all employees serving as supervisors, administrators, and directors in accordance with 110.205(20(w), Florida Statutes.
The CISO works closely with the Chief Information Officer (CIO) and other IT leadership staff to establish cybersecurity operations, coordinate strategic directions relative to Information security and information assurance, that is congruent with business needs, with the goal of meeting the confidentiality, integrity, and availability objectives of all information and data generated, stored, or processed by the Department.
The CISO is responsible for the following:
Establishing, maintaining, and continuing development of:
Strategic information security plans and associated operational information security plans.
Agency information security policies, procedures, standards, and guidelines, including the review of IT security assessments, best practices, device configurations, build documents, server audit reports, anti-malware implementations, etc.
Developing and maintaining a FloridaCommerce information technology security strategic plan that includes security goals and objectives for the strategic issues of cybersecurity policy, risk management, training, incident management, and disaster recovery.
Establishing a Third-Party Management Program to manage the third-parties FloridaCommerce is engaged with; and
Continuing development and implementation of the agency information security awareness program.
Coordinating, in conjunction with the Chief of IT Operations, of common security operations center (SOC) functions, including threat prevention, monitoring, and response, including, but not limited to, encryption, log management, SIEM, XDR, security automation, security training, incident response and forensics, network security management (including firewalls, intrusion prevention and detection systems, proxy appliances, and other network security devices), etc.
Coordinating of the agency Computer Security Incident Response Team (CSIRT) and maintaining the Incident Response Plan.
Coordinating of agency information security risk management processes.
Overseeing incident response planning as well as the investigation of security breaches and assisting with disciplinary and legal matters associated with such breaches as necessary and maintaining authority to direct discontinuation of services that impact Confidentiality, Integrity, and Availability (CIA).
Assisting in information technology disaster recovery planning in support of the agency Continuity of Operations Plan (COOP) and IT contingency planning.
Taking an active role in the agency information technology monitoring and reporting activities, including assisting with the installation, configuration, monitoring, and troubleshooting of security tools on the department's network, including firewalls, intrusion detection systems, proxy appliances, and other devices.
Management of the IT Compliance Officer with information security audits and formal inquiries from the Auditor General, Inspector General, or other governmental entities and third-party compliance bodies.
Ensuring that periodic internal reviews and evaluations of each security program for the data and information technology resources of the department are conducted.
Supporting the planning, development, implementation, and tracking of information security performance metrics.
Sponsoring projects that advance security maturity and providing information security and risk management subject matter expertise to projects and governance processes.
Assisting System Owners and Information Owners in the creation and maintenance of security documents (e.g., System Security Plans, Continuous Monitoring Plan, Plan of Actions and Milestones).
Facilitating the execution of appropriate identity and access management controls.
Generating operational security spend plans and timely budget estimates based on strategic plans and tactical operations.
Supporting application development best practices, including secure application design and architecture and continuous vulnerability assessment as part of SDLC and DevSecOps lifecycles.
Supporting the ongoing development of information security staff by maintaining staff development plans, identifying and procuring continuing education resources and training, and maintaining team member performance and progress standards.
Supervising staff including performance management, planning and directing work, managing schedules including leave requests, fostering a healthy and positive work environment, and working with the Office of Human Resources during hiring and disciplinary actions.
In accordance with Section 447.203(5),F.S.,the incumbent of this position assists the CTO, CIO, or his/her designee in a confidential capacity by performing duties relative to internal information security and internal information security audits.
In accordance with Section 282.318(4)(a),F.S, the CISO is annually appointed by the agency head as “Information Security Manager” (ISM), for the purposes of administering the agency information security program and coordinating with partners within the State.
Required Knowledge, Skills, and Abilities:
Executive level communications and execution, with an ability to bridge across varying levels of leadership and technical audiences.
Working knowledge and leadership setting cybersecurity strategy, governance, risk, compliance controls, training and aligning policy at a large private, public, defense, or government organization.
Strong organization skills necessary to manage and coordinate across multiple teams with varying levels of technical and non-technical understanding of incident response procedures.
Working knowledge of high-level business analysis, project management, and project governance best practices.
Knowledge of Cybersecurity fundamentals.
Knowledge of Infrastructure security fundamentals.
Knowledge of Operational technology security fundamentals
Knowledge of Risk management processes/governance.
Knowledge of the Open Web Application Security Project (OWASP) Top 10.
Knowledge of the Center for Internet Security (CIS) Controls.
Knowledge of relevant cybersecurity standards, frameworks, and certifications such as NIST Cybersecurity Framework, NICE, and FedRAMP
Knowledge of Federal and State information security laws and statutes, such as HIPAA, PCI-DSS, IRS-1075, CJIS, FERPA.
Knowledge of National Institute of Standards and Technology (NIST) Special Publication (SP) 800 Series guidelines.
Knowledge of common offensive security tactics, techniques, and procedures (TTPs).
Knowledge of common IT network protocols, database technologies, and network, system, and application management methodologies.
Knowledge of security auditing methodologies and corrective action management.
Knowledge of vulnerability assessments and reporting for systems, processes, and applications.
Knowledge of identity and access management best practices.
Knowledge of vulnerability management best practices.
Knowledge of legal and regulatory best practices regarding information security and Data Protection.
Knowledge of best practice digital forensics techniques and tools.
Knowledge of best practice security awareness methods.
Knowledge of disaster recovery (DR) best practices.
Knowledge of common methodologies for assuring information security within common cloud paradigms and environments.
Knowledge of best practice network monitoring techniques, including Intrusion Prevention Systems (IPS), Security Information and Event Monitoring (SIEM), firewalls, and endpoint protection.
Knowledge of high-level business analysis, project management, and project governance best practices.
Knowledge of team management and leadership best practices.
Knowledge of fundamental budgeting and spend planning.
Skilled in process automation and improvement, including experience with technical automation.
Skilled in information security governance, including risk management best practices, business alignment, framework development, and strategic planning.
Ability to assess security needs and make recommendations regarding enablement of the business programs (e.g., mobile security, cloud security, Internet of Things (IoT), and emerging technologies).
Ability to work with minimum supervision.
Ability to balance multiple priorities and quickly adjust to changing priorities.
Ability to work with cross-functional teams and staff of all levels.
Ability to lead and work closely with other leaders.
Ability to both teach and learn.
Qualifications:
As a condition of pre-employment eligibility, a Level 2 security background screening is required, which consists of fingerprinting and a check of local, state and national law enforcement records.
Minimum :
Five plus years of professional experience in information security, cybersecurity, IT auditing, network engineering, computer systems analysis, and/or IT management, with demonstrated security-related responsibilities.
One or more of the following are required:
A bachelor’s degree or higher in Information Security, Computer Science, or a closely related field;
CISSP (Certified Information Systems Security Professional);
CISM (Certified Information Security Manager);
CISA (Certified Information Systems Auditor);
GCIH (GIAC (Global Information Assurance Certification) Certified Incident Handler); or
Similar Information Security Certification.
The State of Florida is an Equal Opportunity Employer/Affirmative Action Employer, and does not tolerate discrimination or violence in the workplace.
Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.
The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.
Location:
TALLAHASSEE, FL, US, 32399
Nearest Major Market:Tallahassee