IT DIRECTOR III

This is a Management Service position and serves at the pleasure of the Appointing Authority.

23

Department of Human Resources

Office of Technology for Human Services

311 W. Saratoga Street

Baltimore MD 21201

The Chief Information Security Officer (CISO) in the Office of Technology for Human Services (OTHS) within the Department of Human Resources directs, manages, and coordinates all Information Technology (IT) efforts that pertain to the security of the infrastructure and data processing systems. The CISO oversees the administration, development, review, and initiation of policies and procedures that governs DHR's infrastructures and systems; functions as the Audit Liaison for OTHS; develops and maintains IT policies and procedures to prevent unwarranted disclosures of sensitive/confidential data; and protects networks and data systems from abuse and/or damages. The security and integrity of the applications, operation systems and data of DHR's Automated Systems relies on the careful execution of such policies and procedures. This position reports directly to the Chief Information Officer (CIO) and works at various locations as required.

This position also provides direction for several units including: (1). The Data Security Unit is responsible for granting access to DHR Information Systems for case workers, developers and contractors. Some applications include: Cottage Applications, CHESSIE, CARES, CSES, SAIL and EBT. (2). The System Software Support Unit is responsible for upgrading mainframe applications; disaster recovery testing and application regression testing of system at the Annapolis Data Center (ADC); providing system and security support for RMDS and Datawatch on the DHR mainframe; and ensuring Labor Cost Distribution Reports are generated and maintained for Grants Management. (3). The IT Security Compliance Unit is responsible for participating in all project plans relating to security enhancements for all DHR applications and reviewing system security logs or critical applications and their associated operating systems. This unit documents and creates new reports as required, creates action plans to fix audit findings, creates and maintains a database of all security logs and creates documentation that explains how the environment is properly reviewed and maintained. (4). The Network Security Unit is responsible for managing the Intrusion Detection System, Data Leak Prevention (DLP) System, Computrace Laptop Anti-theft system, Winmagic Enterprise Laptop Encryption, and Symantec Anti-virus. This unit monitors Physical Security Access controls and assists OTHS with policies and guidance on operation and maintenance of Information Systems.

• Directs and coordinates all aspects of data processing security standards, policies, procedures, and activities for DHR in accordance with applicable laws, rules, regulations, Executive Orders, policies, and procedures of the State of Maryland and standards of the data processing industry.
• Establishes information technology policies and procedures, oversees their implementation and approves major deviations and revisions.  This includes enforcing security policies enterprise-wide and assuring that those policies are integrated in the System Development Life Cycle (SDLC) for all DHR systems.
• Functions as the primary contact for audits concerning security of information with the Internal Revenue Service, SSA, Office of Child Support Enforcement and the Department of Legislative Services, Office of Legislative Audits.  
• Identifies problem areas related to system security, determines appropriate intervention strategies and coordinates problem resolution among affected parties, both internal and external. 
• Prioritizes data processing security projects, determines staffing requirements, develops work plans and timelines, monitors the progress of projects and approves for accuracy, completeness and adherence to established policies, procedures and standards. 
• Advises DHR Executive staff and OTHS staff on data processing security standards, practices, policies, and procedures in order to ensure that DHR is compliant with Federal and State requirements. 
• Determines, establishs and supports the necessary organizational structure for Security in order to accomplish its mission and participate in the daily management of that organization. 
• Schedules staff to provide onsite support in the location(s) identified to meet emergency/disaster requests. 
• Acts as a technology liaison to the Legal and Procurement departments, as well as DHR administrations, in the preparation and negotiation of contracts. Assists with the development of the department’s operating budget, tracks expenditures, and performs IT equipment tasks as assigned. Assists in the preparation and evaluation of “Requests for Proposals” (RFP’s) and other procurement related documentation for DHR. 
• Prepares cost justification and/or cost/benefit analysis documentation for new projects that require additional funding. 
• Meets with DHR Executive and Management staff, vendors, system users, auditors and other staff to resolve security issues, including utilization and limitations. 
• Represents DHR before Federal, State, local officials to provide information on projects, audit compliance, federal requirements and compliance with legal mandates.

EDUCATION:  A bachelor’s degree from an accredited college or university in Business, Business Administration, Public Policy, Public Administration, Technology, Computer Science or related field.   

EXPERIENCE:  Seven (7) years of experience in IT Security. Three (3) years of experience implementing, monitoring, and managing IT compliance in accordance with regulatory standards and industry best practices such as NIST, IRS, OLA, FNS, etc.   Five (5) years of experience leading large teams of 15 or more in overseeing and coordinating the general operations of a unit, applying rules and regulations, and/or exercising responsibility for the development of policies or procedures.  

Please describe in detail any job duties relating to the minimum qualifications and include any computer software coding and testing experience used in each of the positions you held.

The ideal candidate will possess:  

• Certification(s) and or designation(s), including CISSP, IISP, CRISC, CISA, or CISM.
• Three (3) years experience working as part of a mature information security function in a large enterprise preferably in a regulated industry.
• Experience planning, organizing, staffing, leading or directing, and controlling an organization.  
• Experience in IT project management and business processes (e.g. Prince2, ITIL) and legal/regulatory aspects of security.    
• Experience identifying and implementing identity/access management; security policies and procedures; security best practices and standards; and various supporting security technologies. 
• Exceptional oral and written communication skills.
• Ability to work effectively under pressure to meet time frames without direct supervision.
• Excellent initiative, planning and organizing, analytical problem solving, interpersonal and influencing skills required.
• Experience with Cisco routers, Cisco switches, protocol analyzers, firewalls, Intrusion Detection Systems (IDS), UPS, hubs, CSU/DSU, servers and other peripheral devices.

This is a Management Service position and serves at the pleasure of the Appointing Authority.

Please make sure that you provide sufficient information on your application to show that you meet the minimum qualifications for this recruitment.  All information concerning your qualifications must be submitted by the closing date.  We will not consider information submitted after this date.  Successful candidates will be placed on the employment (eligible) list for at least one year.

If you are in State service and are a promotional candidate, your salary will be determined in accordance with the State of Maryland Salary Guidelines.

STATE OF MARYLAND BENEFITS

Applicants who meet the minimum qualifications will be evaluated.  This office, with your approval, will verify your prior applicable work experience.  In order to receive full consideration for time worked, please complete dates of employment in its entirety and identify number of hours worked for each entry.

College transcripts are not required for review of your application and do not need to be forwarded.  Please clearly indicate your college degree and majors on your application.  If selected for an interview, you will be required to bring an official transcript with you.  For all foreign education obtained outside of the U.S., you will be required to provide proof of equivalent American education as determined by a foreign credential evaluation service if selected for an interview.

Online applications are STRONGLY preferred; however, the paper application may be submitted to: DHR/Employment Services Division, attn: Jocelyn Maschal, 311 W. Saratoga Street, Baltimore MD  21201.  The paper application must be received by 5 p.m. close of business on the closing date of the recruitment.  No postmarks will be accepted.  The previous Maryland State application (MS-100) will not be accepted.

TTY Users: call via Maryland Relay

We thank our Veterans for their service to our country, and encourage them to apply.

As an equal opportunity employer Maryland is committed to recruiting, retaining and promoting employees who are reflective of the State’s diversity.