Leads people, processes, and technologies related to the security of agency information systems and data resources. Establishes solutions to reduce IT risks to business processes and ensures compliance with information security policies, standards, and guidelines.
This class is intended for use at the mid- to senior-level. Employees in this class can be relied upon for sound judgement that considers organizational information security goals and business operations.
Designs and develops security solutions and procedures to address IT risks and compliance requirements. Analyzes business requirements to assess technical feasibility and solutions of security systems and processes. Participates during each phase of systems development projects, ensuring that security requirements are determined and implemented based on threats and business objectives. Develops and validates enterprise baseline security configurations based on industry standards and best practices for on-premises and hosted (i.e., cloud) technology systems and services, operating systems, applications, networking, and telecommunications equipment. Instrumental in the creation and execution of security plans and procedures to ensure all systems, products, and services meet agency security standards and service objectives. Analyzes current security processes and procedures to identify and make formal recommendations towards gains in security, efficiency, and cost savings. Serves as a subject matter expert associated with highly technical security content, processes, and procedures. Consults with users and management to effectively measure and accurately report on information security risks, through audit and assessment of security controls, processes, and routines. Recommends content for information security training and awareness programs.
Knowledge of information security frameworks. Broad understanding of common information security regulations. Knowledge of system and network security for common operating systems and local area networks. Advanced technical knowledge of application, hosted service, and cloud security principles. Thorough knowledge of information risk concepts and principles, with the ability to relate them to business needs and security controls. Strong ability to communicate with audiences with varying levels of technical knowledge. Strong knowledge of project management and solution delivery.
A bachelor's degree in information technology systems, computer science, or a related field and experience in the information technology field to include experience in a security-focused role. Relevant experience may be substituted for the bachelor's degree on a year-for-year basis.