Mgr, IT Security
?? Georgia - Forsyth (https://ga.referrals.selectminds.com/jobs/73946/other-jobs-matching/location-only)
New Hot
??
Information Technology
??
Corrections, Georgia Department of - GDC
?? ? ? ?
3 hours ago Post Date
Apply for Job Share this Job Sign Up for Job Alerts
Job Summary
Manages the development and delivery of IT security standards, best practices, architecture and systems to ensure information system security across the enterprise. Implements processes and methods for auditing and addressing non-compliance to information security standards, facilitates migration of non-compliant environments to compliant environments. Conducts studies within and outside the organization to ensure compliance with standards and currency with industry security norms. Manages and participates in the planning and implementation of security administration for all IT projects. Responsible for evaluation and selection of security applications and systems. Makes recommendations and assists in the implementation of changes to work methods and procedures to make them more effective or to strengthen security measures.
Entry Qualifications
High school diploma/GED and three (3) years in the specific field of IT Security, which includes one (1) year in a managerial role.
Overview of Job
The Georgia Department of Corrections (GDC) protects the public by operating safe and secure facilities through the development of professional staff and effective offender management. GDC is seeking an Information Security Officer (ISO) within the Office of Information Technology.
GDC is seeking a hands-on ISO to maintain, develop, and implement GDC system security policies, plans and procedures, oversee audits, Security assessments and address all security incidents. The ISO ensures that GDC maintains the highest level of security standards, best practices, and system architecture. The position is responsible for the implementation of processes and methods that ensure that data entrusted to GDC is maintained in a safe and secure manner. The position is also responsible for managing and directing all Information Technology audits and addressing non-compliance to security standards and facilitate migration of non-compliance to compliance. The ISO conducts research to ensure the agency maintains compliance with standards and current industry security best practices. The ISO manages and participates in the planning and implementation of security administration for all IT Projects and is responsible for the evaluation of security applications and systems. The ISO is responsible for making recommendations and assisting in the implementation of changes to work processes and procedures to make them more effective to strengthen security.
Job Functions
-Design and develop the charter and road map for Security best practices, standards, principles and functions.
-Manage Information Security strategic, operational projects and key initiatives.
-Define and maintain Security policies and procedures and drive continuous improvement.
-Track and provide reporting on Security key performance indicators and operational metrics.
-Manage and continue to build identified skills to enhance security posture.
-Develop, manage and enhance IT Security and Risk programs to protect GDC systems, data and customers.
-Oversee and direct internal and external security audits as necessary. These areas include PCI, Social Security Administration, HIPPA, Pen test and various other annual audits conducted within GDC operations.
-Ensure information security controls, capabilities and best practices are integrated with GDC systems.
-Provide information security capabilities, oversight and consulting for all GDC business units such as eGRC, security scanning, pen testing and information security consultations.
-Perform information security risk assessments including security architecture assessment and thread modeling of applications and IT systems throughout the SDLC/Agile/Iterative lifecycle.
-Manage and maintain the current IT security team and responsibilities. Lead teams responsible for information security governance, executing security initiatives, risk, and compliance; cybersecurity operations; information security technology; managed security services; and incident response and recovery.
-Ensure compliance with relevant regulations and standards. Ensure all technologies and processes meet minimum security practices based on NIST, ISO, and other security standards as required
-Develop and publish security awareness notices for staff awareness and continued education
-Maintain and distribute risk based KPIs
-Regulate and review user access; and develops and recommends plans to safeguard computer data files against accidental and unauthorized modification, destruction, and disclosure of information.
-Participate in the development of information technology disaster recovery and business continuity planning; and confers with users regarding computer data access needs, security violations, and programming changes.
Experience/Skills
-Three years of experience supporting security architectures and applying security best practices
-Excellent analytical, organizational and documentation skills
-Influential leader who can serve as an effective member of the management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff
-Practical experience with penetration and vulnerability scanning and auditing tools
-Experience with cloud security best practices.
-Knowledge of NIST 800-53, PCI and HIPPA
-Expert understanding of state and federal information security and privacy regulations, requirements, and best practices.
-Broad understanding of information security tools and technologies and their applications.
-Experience defining vendor requirements, vendor evaluation and selection, and vendor management.
-Experience managing and reporting on strategic technology initiatives.
-Experience managing operational performance and driving continuous improvement.
-Must possess excellent communications, analytical, managerial, and organization skills.
Minimum Qualifications
High school diploma/GED and three (3) years in the specific field of IT Security, which includes one (1) year in a managerial role.
Preferred Qualifications
Bachelor's degree in Cybersecurity, Information Security or Computer Science
CISSP Certification
CISM Certification
CRISC Certification
High school diploma/GED and three (3) years in the specific field of IT Security, which includes one (1) year in a managerial role.
Additional Information
Agency Logo:
Requisition ID: INF02S2
Number of Openings: 1
Advertised Salary: 69,134.16
Shift: Day Job
Internal Contact Name: Kalee A Hall
Internal Contact Email: kalee.rider@gdc.ga.gov
