What are the responsibilities and job description for the Information Security Officer/Subject Matter Expert (ISO) position at Jobs via Dice?
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Triwave Solutions Inc, is seeking the following. Apply via Dice today!
Agency Office of Security Management (OSM)
Client Maryland Department of Information Technology (MD DoIT)
Location
100 Community Place, Crownsville, MD 21032
In-person/telework, hybrid
Must also be able to travel throughout Maryland.
Interview Type Google Meet
Duration of the Contract 3 Years
Anticipated Start Date June 2026
Visa Requirements At least 6 months of valid work authorization
(Citizen, H-1B, OPT-EAD, -EAD)
Minimum US Experience 3 Years
Background:
The Department of Information Technology (DoIT) Office of Security Management (OSM) is requiring the services
of Information Security Officer (ISO) Subject Matter Experts to support OSM in coordinating the adoption and
implementation of centrally provided cyber security services.
The Information Security Officer/Subject Matter Expert (ISO) will play an active role in integrating DoIT managed
services and providing tailored cybersecurity consultation to meet the unique mission needs of various agencies.
Embedded within these agencies, the ISO will serve as the primary point of contact, ensuring that cybersecurity
solutions are effectively aligned with agency objectives with the Cybersecurity Framework (CSF). The ISO will regularly
assess and address cybersecurity needs, develop and implement risk management strategies, support incident
response, and maintain security awareness programs. The ISO is expected to reach back to DoIT through the ISO
Program Director to answer questions and gather consensus on direction. Close collaboration with the ISO Program
Coordinator and the ISO Program Director will be essential to ensure consistent alignment with DoIT s cybersecurity
goals, policies, and procedures. These positions require a minimum of 5 years of experience in cybersecurity, with
relevant certifications such as CISSP or CISM, strong communication skills, and the ability to manage complex security
risks. Prior experience and familiarity with federal, state, and local government agencies is highly desirable. The ISO will
be expected to travel as needed to fulfill their duties.
The primary duties involve overseeing the daily operations of ISO-related projects and processes, planning and
scheduling service delivery and adoption, identifying opportunities for the development of new services within their
assigned organizations. Detailed responsibilities include, but are not limited to:
Duties and Responsibilities:
Develop and maintain metrics to track adoption rates and regularly assess and enhance security controls,
conducting assessments and evaluations to ensure effectiveness and compliance with established standards.
Review and implement security policies to ensure compliance with regulatory requirements and organizational
standards.
Conduct thorough reviews of vulnerability data, coordinating with stakeholders to prioritize and address identified
vulnerabilities effectively.
Actively participate in Authorization to Operate (ATO) assessments, contributing expertise to ensure systems meet
security requirements for operation.
Collaborate with cross-functional teams to develop and enhance security protocols and procedures for seamless
integration and utilization.
Regularly report on adoption rates and identify areas for improvement.
Monitor security systems to detect and respond to potential threats.
Information Security Officer SME
Act as the primary point of contact for ISO agency-related inquiries and engagements.
Monitor progress against established plans and adjust as necessary.
Develop strategic plans and roadmaps for service delivery.
Implement measures to address identified vulnerabilities
Participate in the design and implementation of secure system architectures.
Develop and deliver security awareness training programs for employees.
Ability to Develop and maintain an incident response plan.
Lead and manage security-related projects, ensuring timely and successful completion.
Prepare and present security reports to management and stakeholders.
Maintain accurate and up-to-date security documentation.
Ensuring efficient allocation of resources.
Prepare and present security reports to management and stakeholders.
Maintain accurate and up-to-date security documentation.
Ensuring efficient allocation of resources.
Advanced degrees or certifications such as CISSP, CISM, or CISA, Sec , CISSO.
3 years experience in implementing cyber assessment and remediation plans, procedures, and cyber defense
operations.
Practical experience with security technologies, incident response, risk management, and compliance.
Analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective
solutions.
Experience tracking adoption rates and implementing centrally managed cyber services.
Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives
Strong knowledge of industry standards, regulations, and best practices related to information security, including
ISO 27001, and NIST Cybersecurity Framework.
Excellent communication and collaboration skills, with the ability to effectively communicate technical concepts.
Strong analytical and problem-solving abilities.
Meticulous attention to detail to identify and mitigate security risks.
Understanding of various security protocols, standards, and methodologies. Proven experience in managing
scalable cybersecurity projects, including planning, execution, monitoring, and closing phases.
Ability to coordinate cross-functional teams and manage multiple projects simultaneously.
Project management skills, with experience in planning, scheduling, and monitoring the delivery of cybersecurity
services.
The candidate must be able to travel to the Maryland Department of Information Technology (DoIT) office located in Crownsville, MD, as well as to various agencies within the Baltimore/Annapolis region.
Information Security Officer SME
Familiarity with federal, state, and local regulations related to information security and privacy.
Experience in implementing ISO plans, procedures, and cyber defense operations.
Experience tracking adoption rates and implementing centrally managed cyber services.
Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives
Agency Office of Security Management (OSM)
Client Maryland Department of Information Technology (MD DoIT)
Location
100 Community Place, Crownsville, MD 21032
In-person/telework, hybrid
Must also be able to travel throughout Maryland.
Interview Type Google Meet
Duration of the Contract 3 Years
Anticipated Start Date June 2026
Visa Requirements At least 6 months of valid work authorization
(Citizen, H-1B, OPT-EAD, -EAD)
Minimum US Experience 3 Years
Background:
The Department of Information Technology (DoIT) Office of Security Management (OSM) is requiring the services
of Information Security Officer (ISO) Subject Matter Experts to support OSM in coordinating the adoption and
implementation of centrally provided cyber security services.
The Information Security Officer/Subject Matter Expert (ISO) will play an active role in integrating DoIT managed
services and providing tailored cybersecurity consultation to meet the unique mission needs of various agencies.
Embedded within these agencies, the ISO will serve as the primary point of contact, ensuring that cybersecurity
solutions are effectively aligned with agency objectives with the Cybersecurity Framework (CSF). The ISO will regularly
assess and address cybersecurity needs, develop and implement risk management strategies, support incident
response, and maintain security awareness programs. The ISO is expected to reach back to DoIT through the ISO
Program Director to answer questions and gather consensus on direction. Close collaboration with the ISO Program
Coordinator and the ISO Program Director will be essential to ensure consistent alignment with DoIT s cybersecurity
goals, policies, and procedures. These positions require a minimum of 5 years of experience in cybersecurity, with
relevant certifications such as CISSP or CISM, strong communication skills, and the ability to manage complex security
risks. Prior experience and familiarity with federal, state, and local government agencies is highly desirable. The ISO will
be expected to travel as needed to fulfill their duties.
The primary duties involve overseeing the daily operations of ISO-related projects and processes, planning and
scheduling service delivery and adoption, identifying opportunities for the development of new services within their
assigned organizations. Detailed responsibilities include, but are not limited to:
Duties and Responsibilities:
Develop and maintain metrics to track adoption rates and regularly assess and enhance security controls,
conducting assessments and evaluations to ensure effectiveness and compliance with established standards.
Review and implement security policies to ensure compliance with regulatory requirements and organizational
standards.
Conduct thorough reviews of vulnerability data, coordinating with stakeholders to prioritize and address identified
vulnerabilities effectively.
Actively participate in Authorization to Operate (ATO) assessments, contributing expertise to ensure systems meet
security requirements for operation.
Collaborate with cross-functional teams to develop and enhance security protocols and procedures for seamless
integration and utilization.
Regularly report on adoption rates and identify areas for improvement.
Monitor security systems to detect and respond to potential threats.
Information Security Officer SME
Act as the primary point of contact for ISO agency-related inquiries and engagements.
Monitor progress against established plans and adjust as necessary.
Develop strategic plans and roadmaps for service delivery.
Implement measures to address identified vulnerabilities
Participate in the design and implementation of secure system architectures.
Develop and deliver security awareness training programs for employees.
Ability to Develop and maintain an incident response plan.
Lead and manage security-related projects, ensuring timely and successful completion.
Prepare and present security reports to management and stakeholders.
Maintain accurate and up-to-date security documentation.
Ensuring efficient allocation of resources.
Prepare and present security reports to management and stakeholders.
Maintain accurate and up-to-date security documentation.
Ensuring efficient allocation of resources.
- Education:
Advanced degrees or certifications such as CISSP, CISM, or CISA, Sec , CISSO.
- General Experience:
3 years experience in implementing cyber assessment and remediation plans, procedures, and cyber defense
operations.
Practical experience with security technologies, incident response, risk management, and compliance.
Analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective
solutions.
- Specialized Experience:
Experience tracking adoption rates and implementing centrally managed cyber services.
Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives
- Preferred Qualifications:
Strong knowledge of industry standards, regulations, and best practices related to information security, including
ISO 27001, and NIST Cybersecurity Framework.
Excellent communication and collaboration skills, with the ability to effectively communicate technical concepts.
Strong analytical and problem-solving abilities.
Meticulous attention to detail to identify and mitigate security risks.
Understanding of various security protocols, standards, and methodologies. Proven experience in managing
scalable cybersecurity projects, including planning, execution, monitoring, and closing phases.
Ability to coordinate cross-functional teams and manage multiple projects simultaneously.
Project management skills, with experience in planning, scheduling, and monitoring the delivery of cybersecurity
services.
The candidate must be able to travel to the Maryland Department of Information Technology (DoIT) office located in Crownsville, MD, as well as to various agencies within the Baltimore/Annapolis region.
Information Security Officer SME
Familiarity with federal, state, and local regulations related to information security and privacy.
Experience in implementing ISO plans, procedures, and cyber defense operations.
Experience tracking adoption rates and implementing centrally managed cyber services.
Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives