Role: Information Security Officer

Location :100 Community Place, Crownsville, MD 21032

In-person/telework, hybrid

Must also be able to travel throughout Maryland

Duties and Responsibilities:

• Develop and maintain metrics to track adoption rates and regularly assess and enhance security controls,
• conducting assessments and evaluations to ensure effectiveness and compliance with established standards.
• Review and implement security policies to ensure compliance with regulatory requirements and organizational standards.
• Conduct thorough reviews of vulnerability data, coordinating with stakeholders to prioritize and address identified vulnerabilities effectively.
• Actively participate in Authorization to Operate (ATO) assessments, contributing expertise to ensure systems meet security requirements for operation.
• Collaborate with cross-functional teams to develop and enhance security protocols and procedures for seamless integration and utilization.
• Regularly report on adoption rates and identify areas for improvement.
• Monitor security systems to detect and respond to potential threats.
• Act as the primary point of contact for ISO agency-related inquiries and engagements.
• Monitor progress against established plans and adjust as necessary.
• Develop strategic plans and roadmaps for service delivery.
• Implement measures to address identified vulnerabilities
• Participate in the design and implementation of secure system architectures.
• Develop and deliver security awareness training programs for employees.
• Ability to Develop and maintain an incident response plan.
• Lead and manage security-related projects, ensuring timely and successful completion.
• Prepare and present security reports to management and stakeholders.
• Maintain accurate and up-to-date security documentation.
• Ensuring efficient allocation of resources.
• Prepare and present security reports to management and stakeholders.
• Maintain accurate and up-to-date security documentation.
• Ensuring efficient allocation of resources.

*Education:

• Bachelor's degree in computer science, information technology, Information Security, Cybersecurity or related field.
• Advanced degrees or certifications such as CISSP, CISM, or CISA, Sec+, CISSO.

*General Experience:

• Minimum of 5 years' experience in information security management, IT administration, or related fields.
• 3 years' experience in implementing cyber assessment and remediation plans, procedures, and cyber defense
• operations.
• Practical experience with security technologies, incident response, risk management, and compliance.
• Analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective
• solutions.

*Specialized Experience:

• Specific experience in implementing ISO plans, procedures, and cyber defense operations.
• Experience tracking adoption rates and implementing centrally managed cyber services.
• Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives

*Preferred Qualifications:

• Graduate degree or certifications such as CISSP, CISM, or CISA
• Strong knowledge of industry standards, regulations, and best practices related to information security, including ISO 27001, and NIST Cybersecurity Framework.
• Excellent communication and collaboration skills, with the ability to effectively communicate technical concepts.
• Strong analytical and problem-solving abilities.
• Meticulous attention to detail to identify and mitigate security risks.
• Understanding of various security protocols, standards, and methodologies. Proven experience in managing
• scalable cybersecurity projects, including planning, execution, monitoring, and closing phases.
• Ability to coordinate cross-functional teams and manage multiple projects simultaneously.
• Project management skills, with experience in planning, scheduling, and monitoring the delivery of cybersecurity services.
• The candidate must be able to travel to the Maryland Department of Information Technology (DoIT) office located in Crownsville, MD, as well as to various agencies within the Baltimore/Annapolis region.
• Familiarity with federal, state, and local regulations related to information security and privacy.
• Experience in implementing ISO plans, procedures, and cyber defense operations.
• Experience tracking adoption rates and implementing centrally managed cyber services.
• Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives.