What are the responsibilities and job description for the Director of Cybersecurity (Treasury) position at State of Rhode Island?
Class Definition
GENERAL STATEMENT OF DUTIES: Under administrative direction, performs highly responsible and complex administrative work, directing and leading all information technology (IT) security service functions of The Office of the General Treasurer & Employees’ Retirement System of Rhode Island (Treasury/ERSRI). This encompasses all physical locations and digital systems, including voice, data, wireless networks and other similar applications. This role is responsible for overseeing all technical security staff, vendors and/or consultants. Key responsibilities include establishing, developing, implementing, and improving information security systems and functions across Treasury/ERSRI to promote more effective and efficient security administration, directing the development of security systems and procedures, ensuring maximumusage of information security systems, personnel, and equipment, and auditing and controlling security policies and procedures for cost-effective use of resources; and to do related workas required.
SUPERVISION RECEIVED: Works under the administrative direction of Treasury/ERSRI executive staff and reports directly to the Chief Operating Officer. Exercises wide latitude for initiative and independent judgment in network security development functions; work is subject to review upon completion for results obtained and conformance with agency policies and objectives.
SUPERVISION EXERCISED: Plans, coordinates, directs and reviews the work of IT security technical staff, vendors, and/or consultants.
Illustrative Examples of Work Performed
KNOWLEDGES, SKILLS AND CAPACITIES: A thorough knowledge of the principles, practices, and procedures used in the development and direction of IT security systems and their design as it relates to the development, operation, and maintenance of automated systems. This includes a thorough knowledge of current and emerging information technology systems, hardware, software, and best practices. A working knowledge of the principles and practices of the administration of state government and the ability to apply such knowledge in directing the state’s information technology (IT) security service functions are essential. The ability to provide comprehensive leadership in the area of IT system security to support Treasury/ERSRI goals and objectives is required, alongside the ability to analyze administrative problems and to interpret and apply general policies in specific situations. This role demands the ability to plan, organize, direct, and coordinate the work of staff, vendors, and/or consultants; the ability to identify efficient uses of technology and analyze and evaluate the effectiveness of management information services and resources in direct relation to IT security systems. Furthermore, the ability to develop, manage, and make recommendations for the budgeting of cost-effective IT security solutions, acquisitions, and maintenance is crucial. The ability to establish effective relationships with agency senior staff, program officials, vendors, consultants, and representatives of other state departments and agencies is also necessary, along with other related capacities and abilities.
Educationandexperience
Education: Such as may have been gained through: graduation from a college of recognized standing with Bachelor’s Degree in Computer Information Systems, Computer Science; or a closely related information technology field; professional designation of Certified Protection Professional (CPP), Certified Information Systems Auditor (CISA) or Certification for the Information Systems Security Professional (CISSP) is preferred; and
Experience: Such as may have been gained through: a minimum of 5 years employment in a management position with responsibility for directing an information technology security operation
Or, any combination of education and experience that shall be substantially equivalent to the above education and experience.
NA
GENERAL STATEMENT OF DUTIES: Under administrative direction, performs highly responsible and complex administrative work, directing and leading all information technology (IT) security service functions of The Office of the General Treasurer & Employees’ Retirement System of Rhode Island (Treasury/ERSRI). This encompasses all physical locations and digital systems, including voice, data, wireless networks and other similar applications. This role is responsible for overseeing all technical security staff, vendors and/or consultants. Key responsibilities include establishing, developing, implementing, and improving information security systems and functions across Treasury/ERSRI to promote more effective and efficient security administration, directing the development of security systems and procedures, ensuring maximumusage of information security systems, personnel, and equipment, and auditing and controlling security policies and procedures for cost-effective use of resources; and to do related workas required.
SUPERVISION RECEIVED: Works under the administrative direction of Treasury/ERSRI executive staff and reports directly to the Chief Operating Officer. Exercises wide latitude for initiative and independent judgment in network security development functions; work is subject to review upon completion for results obtained and conformance with agency policies and objectives.
SUPERVISION EXERCISED: Plans, coordinates, directs and reviews the work of IT security technical staff, vendors, and/or consultants.
Illustrative Examples of Work Performed
- Directs and manages all IT security service functions for Treasury/ERSRI, covering all physical locations and digital systems (e.g., voice, data, wireless networks), and all technical security staff, vendors, and consultants.
- Establishes, develops, implements, and continuously improves information security systems and functions to enhance security administration effectiveness and efficiency.
- Develops and implements security systems and procedures, ensuring optimal utilization of information security systems, personnel, and equipment.
- Audits and controls security policies and procedures to ensure cost-effective use of enterprise information security resources.
- Develops, implements, and maintains information security standards, procedures, and guidelines, including compliance monitoring procedures.
- Identifies information security and privacy goals and objectives consistent with strategic plans.
- Establishes workload priorities, assigns tasks, and provides direction to division employees.
- Ensures all new technology projects are monitored for security risks and that appropriate risk mitigation requirements are efficiently set forth, designed, and delivered with newly developed production systems.
- Oversees IT security vulnerability assessments and conducts or directs penetration testing, investigating any security policy violations and reporting them to a superior.
- Presents findings from security assessments, audits, and penetration tests to relevant stakeholders, including the Retirement Board, and provides necessary training and education on information security best practices.
- Provides leadership, guidance, and assistance in information security systems analysis.
- Reviews all proposed revisions of systems and services to ensure application security, economic justification, proper design, and suitability of security-related equipment.
- Coordinates the development and maintenance of disaster recovery and business continuity security plans and procedures for the timely recovery of critical business functions.
- Reviews all information security equipment and services and recommends approval or disapproval.
- Coordinates regular reviews of system and platform access and develops a risk analysis and rating for all current and future systems and platforms.
- Oversees vendors responsible for safeguarding the Treasury/ERSRI assets, intellectual property, and computer systems.
- Ensures operational requirements align with effective business operations as reflected in the state’s security policy.
- Guarantees the confidentiality, integrity, and availability of sensitive information processed by, stored in, and moved through information systems and applications. This includes ensuring data has not been manipulated, is not subject to repudiation, and changes can be verified to their source.
- Oversees the maintenance and updating of incident response plans.
- Performs information security-related strategic, initiative, and project planning.
- Provides information security and privacy services to Treasury/ERSRI.
- To do related work as required.
KNOWLEDGES, SKILLS AND CAPACITIES: A thorough knowledge of the principles, practices, and procedures used in the development and direction of IT security systems and their design as it relates to the development, operation, and maintenance of automated systems. This includes a thorough knowledge of current and emerging information technology systems, hardware, software, and best practices. A working knowledge of the principles and practices of the administration of state government and the ability to apply such knowledge in directing the state’s information technology (IT) security service functions are essential. The ability to provide comprehensive leadership in the area of IT system security to support Treasury/ERSRI goals and objectives is required, alongside the ability to analyze administrative problems and to interpret and apply general policies in specific situations. This role demands the ability to plan, organize, direct, and coordinate the work of staff, vendors, and/or consultants; the ability to identify efficient uses of technology and analyze and evaluate the effectiveness of management information services and resources in direct relation to IT security systems. Furthermore, the ability to develop, manage, and make recommendations for the budgeting of cost-effective IT security solutions, acquisitions, and maintenance is crucial. The ability to establish effective relationships with agency senior staff, program officials, vendors, consultants, and representatives of other state departments and agencies is also necessary, along with other related capacities and abilities.
Educationandexperience
Education: Such as may have been gained through: graduation from a college of recognized standing with Bachelor’s Degree in Computer Information Systems, Computer Science; or a closely related information technology field; professional designation of Certified Protection Professional (CPP), Certified Information Systems Auditor (CISA) or Certification for the Information Systems Security Professional (CISSP) is preferred; and
Experience: Such as may have been gained through: a minimum of 5 years employment in a management position with responsibility for directing an information technology security operation
Or, any combination of education and experience that shall be substantially equivalent to the above education and experience.
NA