DAS is looking for an ISSO

Background: The Information Security Officer (ISO) Program, within the Office of Security Management (OSM) under the Maryland Department of Information Technology (DoIT), is a strategic initiative aimed at fortifying cybersecurity measures across Maryland units of state government. Managed by the ISO Program Director, through strategic planning, collaboration, and adherence to statewide policies and standards, the ISO Program strives to foster a culture of cybersecurity resilience, ensuring the efficient deployment and utilization of cyber services. The Information Security Officer (ISO) Program Coordinator will to support the ISO Program Director and team in the initial adoption, implementation, and management of centrally provided cybersecurity service across Maryland units of state government. This role requires a seasoned professional with an understanding of information security frameworks, standards, and best practices, along with exemplary leadership and project management skills.

The Information Security Officer (ISO) Program Coordinator plays a pivotal role in supporting the ISO Program Director and team in the adoption, implementation, and management of centrally provided cybersecurity service across Maryland units of state government. This role requires a seasoned professional with an understanding of information security frameworks, standards, and best practices, along with exemplary leadership and project management skills. Detailed responsibilities include, but are not limited to:

Duties/Responsibilities:

• Team Management: Provide administrative assistance to the ISO Program Director, including scheduling meetings, managing correspondence, and organizing documentation related to program activities.
• Policy Development: Contribute to the development and refinement of information security policies, standards, and guidelines to ensure alignment with industry best practices and regulatory requirements.
• Service Delivery: Coordinate the provisioning of centrally managed cyber services to address the evolving requirements of Maryland agencies following the assessment of a particular agency and identification of pertinent needs.
• Coordinate meetings, workshops, and communications with internal and external stakeholders under the guidance of the ISO Program Director, fostering collaboration and information sharing to support program objectives. Encourage collaboration and the exchange of information to advance the objectives of the program.
• Compliance Management: Ensure strict adherence to statewide information technology policies, standards, and guidelines. Regularly monitor agency compliance with these directives and promptly address any instances of non-compliance through appropriate measures.
• Reporting and Evaluation: Develop and maintain real-time reporting mechanisms to track program performance, assess organizational maturity, and identify areas for improvement.
• Representation and Advocacy: As the ISO Program representative, attend meetings, conferences, and other relevant forums specifically within agencies assigned to the program. Advocate for DoIT centrally.
• managed service and effectively communicate the program's objectives to stakeholders. Ensuring that agency-specific cybersecurity concerns are addressed and align with the overarching goals of the program.
• Continuous Improvement: Drive continuous improvement initiatives within the ISO Program, incorporating feedback, lessons learned, and best practices to enhance program effectiveness and efficiency.
• Assessment and Remediation: Support OSM in the coordination for cybersecurity assessments, review
• security architecture and design, and coordinate remediation efforts to address identified risks and vulnerabilities.
• Cross-Functional Collaboration: Collaborate with other departments and teams within the organization to support the use of DoIT centrally managed services and align information security efforts with broader organizational goals, as directed by the ISO Program Director.

Education:

• Bachelor's degree in computer science, information technology, cybersecurity, or a related field.

General Experience:

• Minimum of 3 years’ experience in information security management, with specific experience in implementing cyber assessment and remediation plans, procedures, and cyber defense operations.
• Minimum of 2 years of experience in project or program management.
• Excellent leadership, communication, and interpersonal skills.
• Proven ability to manage complex projects and drive results in a dynamic environment.
• Analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective solutions.

Specialized Experience:

• Strong knowledge of information security frameworks, standards, and best practices (e.g., NIST Cybersecurity Framework, NIST 800-53/800-171).
• Experience tracking adoption rates and implementing centrally managed cyber services.
• Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives.

Preferred Qualifications:

• Graduate degree or certifications such as CISSP, CISM, or CISA
• Strong knowledge of industry standards, regulations, and best practices related to information security, including ISO 27001, NIST Cybersecurity Framework, and General Data Protection Regulation (GDPR).
• Excellent communication and collaboration skills, with the ability to effectively communicate technical concepts.
• Project management skills, with experience in planning, scheduling, and monitoring the delivery of cybersecurity services.
• Experience working with state government agencies or similar large-scale organizations.