Salary: $7,854.00 – $10,562.00 Monthly
Job Type: Full Time – Permanent
Closing: Continuous
 
 

See full job and application details at https://www.governmentjobs.com/careers/washington/jobs/3128942/chief-information-security-officer-tumwater-06438?keywords=06438&pagetype=jobOpportunitiesJobs

 Washington State Parks and Recreation Commission is currently seeking a full-time permanent Chief Information Security Officer (IT Security – Manager) located at Parks’ Headquarters, in Tumwater, WA.

This posting will remain open until filled. It is in the candidate’s best interest to apply before July 28, 2021, when a first review of applicants will be completed. The hiring authority reserves the right to fill this position at any time after that date without notice. 

For more information on Washington State Parks, click here.

If you have questions regarding this recruitment, please contact the manager listed in the “Supplemental Information” section of this publication.

Duties

The Chief Information Security Officer (CISO) reports to the State Parks Chief Information Officer (CIO) and oversees the agency’s Information Technology cybersecurity functions for new, existing and enhanced services critical to the agency.  Using an in-depth understanding of industry trends and available technologies, the CISO partners with peers and internal and external stakeholders to recommend and develop solutions that align with business strategies.    

Duties include but are not limited to:

Security program –

  • Develops and maintains an agency Cybersecurity program and is responsible for security strategic planning and alignment with state and agency level strategies.
  • Evaluates staff provided recommendations of new information security technologies and countermeasures against threats to information or privacy.
  • As a member of state level policy development committee, this position identifies information technology security initiatives and standards for the state enterprise and develops agency policy and strategies which align with state goals.
  • Manages the development, implementation, and maintenance of the State Parks information security policy, standards, guidelines and procedures.
  • Guides development of the access and authorization controls for everyday operations as well as emergency procedures for data.
  • Sets the standards for access controls, audit trails, event reporting, encryption and integrity controls.
  • Keeps abreast of latest security and legislation, regulations, advisories, alerts and vulnerabilities pertaining to State Park’s IT investments.
  • Provides Bill Analysis for proposed legislature that would impact cybersecurity, IT, and agency related business operations related to IT by conducting impact and cost analysis and providing expert level feedback used by the legislative body.

Security risk and prevention – 

  • Develops and implements an ongoing IT security risk management program targeting information security and privacy matters.
  • Acts as the agency IT Security Risk Manager.
  • Determines the methods for vulnerability detection and remediation and, oversees ongoing vulnerability testing.
  • Leads the information technology security assessments to identify agency IT security risks due to changes or modifications to the State Parks computing environment.
  • Directs the agency security assessments/audits to identify vulnerabilities in the Security Program and policies.
  • Controls testing of security procedures, mechanisms and measures.
  • Collaborates with federal and state auditors, agency managers and subject matter experts for satisfactory completion of compliance and program audits of the State Parks Information Security Program.

Security incident and authoritative contact –

  • Acts as the incident Commander as defined by the National Incident Management Framework.
  • Responsible for all aspects of cybersecurity emergency response; including quickly developing incident objectives, managing all incident operations, application of technical resources as well as responsibility for all persons involved.
  • Agency designated manager of security incident reporting and official responses to security incidents (breaches), responds to potential policy violations, or complaints from external parties.
  • Works with federal and state incident responders in relation to cybersecurity issues as incident requires (FBI, DHS, OCIO, OCS).
  • Leads the oversight and activities for intrusion detection and response.
  • Ensures the internal control systems are monitored and that appropriate access levels are maintained.
  • Investigates agency security breaches and develop agency after action reports for CIO.
  • Acts as the CIO’s designee representing State Parks on information security matters.
  • Serves as the contact point for external auditors and agencies, survey requests, etc. and on department security/privacy matters.
  • Initiates, facilitates, and promotes activities to create information security awareness and training throughout the organization.

Supervision and Mentoring – 

  • Supervises and mentors technical and management level staff in order to support an effective, motivated team.
  • Sets strategic goals and objectives, develops strategies to implement, and develops performance measurements and standards for the purpose of ensuring individual and program performance objectives are met.
  • Monitors and inspects work in progress to ensure continuity and timely completion of work.
  • Develops the Performance Development Plan (PDP) for each assigned direct report; creates or updates position descriptions; monitors and documents employee performance; provides on-going feedback regarding levels of performance and conducts timely and meaningful employee performance evaluations.
  • Manages personnel issues relating to staff conflicts, absenteeism, performance issues, etc. in a positive manner for the purpose of ensuring the efficient and effective functioning of the work unit.
  • Develops and implements staff training and development plans to provide cross training of employees, specific job-related training and other approaches to provides opportunities for staff flexibility and development.
  • Participates in team meetings, communicates status of ongoing projects and/or job tasks, and coordinates work schedule with team for the purpose of maintain open communication.
  • Responsible for planning and maintaining work systems, procedures, and policies that enable and encourage the optimum performance of its people and other resources within the unit.

Qualifications

REQUIRED QUALIFICATIONS:

  • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Information Systems or a related technology field of study.
  • Eight (8) years of experience in at least two IT disciplines (such as information security, technical audit, infrastructure, system analysis and design, application development/architecture, or data management) in a business office environment.
  • At least one of the following certifications: Certified Information Systems Security Professional (CISSP), (ISC)2, CIAC, CompTIA, ISACA, or equivalent.
  • Working knowledge of prevailing industry security standards and Common Body of Knowledge gained via a SISSP, SANS and/or CISA Certification.
  • Valid unrestricted (except for corrective lenses) driver’s license.

DESIRED QUALIFICATIONS:

  • Master’s degree in Business Administration or in Information System Management.
  • Successful and reference-verified experience with Cyber Security and Information Privacy Compliance.
  • Demonstrated experience with the National Institute of Technology (NIST) Risk Management Framework (RMF), and other NIST standards, CIS standards.
  • Working knowledge of Washington State Security Standards and Office of the Chief Information Officer (OCIO) policies.

Supplemental Information

HOW TO APPLY:
To ensure consideration, please complete the online job application and profile at www.careers.wa.gov. Use reference number 06438 when searching for the job announcement.

You must attach in your application package the following:

  • Letter of Interest specifically addressing the qualifications listed in this announcement.
  • Current resume in chronological order.
  • Three professional references.

**All requested materials must be submitted. Incomplete or late application materials will not be accepted. Failure to follow application process may disqualify you from further consideration.**

Please read the supplemental questions carefully and answer completely. Incomplete responses, including “please see resume” may disqualify you from further consideration.  The information provided in your application must support your selected answers in the application questions. Answers will be verified, and documentation may be required. Responses not supported in your application will disqualify you for consideration of employment from this recruitment.

Diversity Policy Statement:
The Washington State Parks and Recreation Commission is committed to creating an equitable, hospitable, appreciative, safe, and inclusive park environment – one that embraces the full spectrum of all community members’ contributions. The Commission makes this commitment because:

  • Diversity strengthens the workforce in competence and ability.
  • Celebrating diversity appreciates and values individual differences.
  • Diversity serves an increasingly heterogeneous society.
  • Diversity helps ensure the relevance of a state park system, its mission, properties, and programs to the people of this state today and in the future.
  • Diversity is crucial to our ability to serve all citizens.

The Commission encourages and supports staff efforts to reach out to people of all races, national origins, abilities, religions, sexual orientations, veteran status, ages, and genders who use the parks and who live in communities nearby parks. This outreach is to focus on engaging in partnerships that expand programs and services in a way that is meaningful and of value to all people. The Commission is dedicated to offering quality experiences to all visitors through a workforce and volunteer corps that reflects the diversity of Washington State.

The Washington State Parks and Recreation Commission is an equal opportunity employer. We strive to create a working environment that includes and respects cultural, racial, ethnic, sexual orientation and gender identity diversity. Women, racial and ethnic minorities, persons with disabilities, persons over 40 years of age, disabled and Vietnam veterans and people of all sexual orientations and gender identities are encouraged to apply. Persons needing accommodation in the application process or this job announcement in an alternative format may contact the human resources office at (360) 902-8565. Applicants who are deaf or hard of hearing may call through the Washington Relay Service by dialing 7-1-1 or 1-800-833-6388.

For information about this position, please contact Harley Graves at Harley.Graves@parks.wa.gov.