Project Coordinator (Information Security Officer)

About The Position

Requirements

• A bachelor’s degree with at least 15 credit hours in cyber security, information assurance, or information technology; and three years of information technology experience, including two years of information security or information assurance experience.
• Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify.
• Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year -for -year basis; an associate's degree requires an additional two years of general information technology experience.
• Experience solely in information security or information assurance may substitute for the general information technology experience.

Nice To Haves

• The preferred candidate will have a master’s degree in cybersecurity, risk management, information systems, health information management, computer science, or a related field; a minimum of 3 years of experience in cybersecurity, cyber risk assessment, cyber incident response, or auditing IT systems.
• The preferred candidate should possess a certification in one or more of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), (ISC)2 Systems Security Certified Practitioner (SSCP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), CompTIA Security+,CEH: Certified Ethical Hacker.
• They should have the ability to work effectively in a team environment; they should be highly organized, motivated, and a self -directed professional.
• Additionally, the candidate should demonstrate strong analytical skills and a deep understanding of security frameworks and risk management practices.
• Excellent communication abilities are essential, as the role will involve collaborating with various stakeholders to implement and maintain security policies.
• They should have knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services.
• They should also have a thorough understanding of commonly used computer operating systems, databases, and network structures; they should have familiarity with cybersecurity regulations and framework(s) (HIPAA, HITECH, NIST, PCI, ISO27001/27002, or CIS); and have investigative and analytical skills.
• They should possess excellent oral and written communication skills, including the ability to explain complex technical issues in plain language; knowledge of the current and evolving cyber threat landscape; and knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy.

Responsibilities

• Implements information security and compliance programs.
• Participates in the development, interpretation, review and communication of information security regulations, policies, procedures, and standards.
• Monitors information security compliance and recommends improvements.
• Supports the implementation of information security procedures and protocols and participates in security risk reviews and remediation activity including producing written reports.
• Works with internal and external partners on information security issues.
• Plans and conducts outreach programs and activities to increase cyber security awareness.
• Tracks and reports out on all security related project portfolio tasks.
• Supports the management and resolution of security threats to agency and facility information systems.
• Participates in information security risk analysis and risk management processes with business and IT units.
• Review vulnerability scanning and analysis reports to help determine scope of risk and prioritization of remediation.
• Collects and maintains risk register, including reporting and tracking of remediation.
• Monitors external data sources to maintain currency of threat condition and potential impact on enterprise.
• Participates in the identification and modeling of new threat scenarios to provide proactive defensive measures to technical teams for mitigation of risk.
• Disseminates threat and vulnerability intelligence products.
• Participates in the continuous monitoring and protection of technology resources and determines events that require investigation and response.
• Participates in cyber incident response.
• Supports the implementation and improvement of information security incident response plans and reports.
• Design, plan, and facilitate cyber security tabletop exercises to foster information -sharing and enhance cyber awareness with stakeholders.
• Participates in the investigation of alleged information security violations, follows agency procedures for referring the investigation to other investigatory entities (e.g., NYS Cyber Command, law enforcement, and State and federal oversight agencies), and responds to requests for information from external investigators.
• Performs analysis (e.g., logs, packet capture, reverse engineering) during cyber investigations to establish root cause and provides remediation recommendations.
• Conduct post -exercise after -action analysis, reporting, and assessment, develop recommendations, and design future exercises to validate improvements.
• Serves as information security expert and evaluates systems and contracts for alignment with agency and State information security policies.
• Reviews contract, service level agreement, memorandum of understanding language and other documents to verify that they meet information security needs and requirements and align with facility, agency, and State information security policies.
• Provides information security expertise, advice, and recommendations to agency executives on a broad range of information security matters.
• Acts as information security lead on projects and initiatives to ensure security by design through implementation of the Secure Systems Development Lifecycle (SSDLC).
• Monitors information security trends, tools, and techniques.
• Keeps abreast of relevant laws and regulations that could affect the security controls and classification of information assets and communicates legal and regulatory requirements.
• Researches, administers, and utilizes specialized cyber security tools, techniques, and procedures.
• Represents the agency at internal and external information security meetings and conferences to maintain awareness and evaluates the applicability of the latest information security techniques and tools to the agency’s security program.
• Participates in creation and maintenance of dashboard and reports that present information security data in an intuitive manner.
• Serves as a subject matter expert in multiple areas of cyber security such as incident response, digital forensics, risk assessments, digital identity management, state, and federal compliance requirements.
• May supervise staff and assigns work, writes performance and probationary evaluations, conducts interviews, and hires staff.

Benefits

• Health Insurance
• Dental Insurance
• Vision Insurance