||Monday - Friday (8:30 - 5:00)
|Directs and manages the South Carolina Department of Public Safety (SCDPS) Information Security and Privacy Program for the Office of Strategic Services, Accreditation, Policy and Inspections. Works with executive management, Office of Information Technology, related business line executives, and support service functions to address, mitigate, and remediate any non-compliance, risks, or threats identified through monitoring. Monitors activities related to security assessment methodologies and testing in enterprise security environments including threat models, vulnerability assessments, compliance reviews, infrastructure scans, and audit/transaction log reviews.
Develops, directs and manages planning, designing, implementing, and supporting SCDPS information security plans, policies and procedures based on SCDPS mission and objectives, risk assessment determinations, business and technology security best practices, federal/state laws and regulations, accreditation requirements, and contractual obligations. Works with constituents across SCDPS to effectively and efficiently implement and sustain the security plan, policies, and procedures.
Develops and monitors SCDPS' comprehensive Information Technology and Security Risk Assessment Program to identify risks and threats related to information technology and security. Coordinates with constituents, internal and external to SCDPS in order to effectively implement and sustain the Information Technology and Security Risk Assessment Program.
Advises SCDPS executive management regarding the state of and recommendations for information security and privacy. Advises the Office of Information Technology, business line executive, support service functions, and appropriate SCDPS committees regarding the security components of information systems, recommended internal controls, and emerging technologies.
Develops, directs and manages activities to promote information technology security awareness within SCDPS.
Monitors changes to federal and state legislation and regulations, accreditation standards, and contractual requirements affecting information security obligations, requirements, standards, and best practices. Maintains a high level of expertise and competence in information security and technology through continuous learning via job related training, seminars, professional organizations, and trade related literature.
Participates in preparation and sustainability of SCDPS disaster recovery (DR) and continuity of operations plans (COOP) for information technology, including planning and testing to ensure full recovery in compliance with all applicable information security requirements.
Develops, directs and manages the information technology security incident response plan to address any security incidents/breaches. Works with appropriate constituent groups during incident response activities.
Performs other duties (pertinent to the function, authority and responsibility of the position) as required and assigned.
Minimum and Additional Requirements:
A bachelor's degree from an accredited university or college with major course work in information security, computer science, engineering or other information security or computer related areas and five (5) to eight (8) years of experience in information security, information technology, or a related field. General knowledge of SCDPS mission, programs, objectives, and structure. Knowledge of management and leadership principles with demonstrated managerial skills, including: project management, performance management, issue resolution, risk assessment, planning, and problem solving. Excellent verbal and written communication skills, including preparing reports and presentations, project milestone meetings and status reports. Ability to manage complex issues to closure across departmental boundaries. Ability to interpret and apply rules and regulations. In-depth understanding of security principles and associated technology including access controls, identification/authentication controls, public key infrastructure, network security, systems security, enterprise security architecture, etc. Good analytical, organization and time management skills. Ability to exhibit integrity and maintain confidentiality.
Prior experience in information security and privacy, computer system and data security, risk assessment, vulnerability assessment, threat testing and mitigation, etc., is preferred. Prior security, information security, information privacy certification, such as CISSP, SSCP, CCNP, CAP Comp TIA Security+, CSSLP, CRMP, CISSP-ISSAP, ISSMP, GSEC, GCIA, CISA, MCSE, etc. are preferred. Project management skills and experience are also preferred. Experience in security aspects of Active Directory, firewalls, VPN, wireless network, Internet filter, Spam filter, database, application, technology, and general intrusion detection and prevention solutions and techniques are preferred.
This position deals with highly sensitive information. Ability to exhibit integrity and maintain confidentiality is required. This position plays a major role in development and implementation of an Enterprise Information Security Plan (ESP). The position requires a high degree of organizational, communication, problem solving, and negotiating skills. The employee in this position must be able to work with multiple constituent groups including regulating bodies, employees and vendors in order to effectively manage and execute duties. The employee in this position is expected to be proactive about information security and privacy, not reactive. May require overnight travel.