Duties and Responsibilities:

Provide administrative assistance to the ISO Program Director, including scheduling meetings, managing correspondence, and organizing documentation related to program activities.

Contribute to the development and refinement of information security policies, standards, and guidelines to ensure alignment with industry best practices and regulatory requirements.

Coordinate the provisioning of centrally managed cyber services to address the evolving requirements of Maryland agencies following the assessment of a particular agency and identification of pertinent needs.

Coordinate meetings, workshops, and communications with internal and external stakeholders under the guidance of the ISO Program Director, fostering collaboration and information sharing to support program objectives.

Encourage collaboration and the exchange of information to advance the objectives of the program.

Ensure strict adherence to statewide information technology policies, standards, and guidelines. Regularly monitor agency compliance with these directives and promptly address any instances of non-compliance through appropriate measures.

Develop and maintain real-time reporting mechanisms to track program performance, assess organizational maturity, and identify areas for improvement.

As the ISO Program representative, attend meetings, conferences, and other relevant forums specifically within agencies assigned to the program. Advocate for DoIT centrally managed service and effectively communicate the program's objectives to stakeholders. Ensuring that agency-specific cybersecurity concerns are addressed and align with the overarching goals of the program.

Drive continuous improvement initiatives within the ISO Program, incorporating feedback, lessons learned, and best practices to enhance program effectiveness and efficiency.

Support OSM in the coordination for cybersecurity assessments, review security architecture and design, and coordinate remediation efforts to address identified risks and vulnerabilities.

Collaborate with other departments and teams within the organization to support the use of DoIT centrally managed services and align information security efforts with broader organizational goals, as directed by the ISO Program Director.

*Education:

Bachelor's degree in computer science, information technology, cybersecurity, or a related field.

*General Experience:

Minimum of 3 years experience in information security management, with specific experience in implementing cyber assessment and remediation plans, procedures, and cyber defense operations.

Minimum of 2 years of experience in project or program management.

Excellent leadership, communication, and interpersonal skills.

Proven ability to manage complex projects and drive results in a dynamic environment.

Analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective solutions.

*Specialized Experience:

Strong knowledge of information security frameworks, standards, and best practices (e.g., NIST Cybersecurity Framework, NIST 800-53/800-171).

Experience tracking adoption rates and implementing centrally managed cyber services.

Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives

*Preferred Qualifications:

Graduate degree or certifications such as CISSP, CISM, or CISA

Strong knowledge of industry standards, regulations, and best practices related to information security, including ISO 27001, NIST Cybersecurity Framework, and General Data Protection Regulation (GDPR).

Excellent communication and collaboration skills, with the ability to effectively communicate technical concepts.

Project management skills, with experience in planning, scheduling, and monitoring the delivery of cybersecurity services.

Experience working with state government agencies or similar large-scale organizations.