POSITION CLASSIFICATION: Deputy Chief Information Security Officer (DCISO)
BUREAU SERVED: Information Security
LOCATION: Chicago
SALARY: Commensurate with experience
SUMMARY OF DUTIES AND RESPONSIBILITIES:
Under the direction of the Chief Information Security Officer (CISO), the Deputy Chief Information Security Officer (DCISO) will be responsible for examining internal IT controls, evaluating the design and operational effectiveness of deployed systems and capabilities, formally documenting risk exposure, and working collaboratively across the organization to prioritize, draw focus, and track risk remediation commitments.
The DCISO will lead the development and maintenance of the IT Risk Register, providing regular updates to leadership on the overall aggregated risk profile, remediation plans and priorities, progress made, and open/closure performance. They will also be responsible for leading the development and publishing the monthly Information Security Key Performance Indicators (KPI) and performance metrics.
The DCISO will oversee the development, implementation, monitoring, and enhancement of the information security framework of policies, procedures, and standards. They will develop strategies to address awareness and training for all stakeholders and oversee cybersecurity training for all employees, vendors, and other third parties. They will provide guidance on identified security risks and facilitate the updates and communication of changes to the organization’s Information Security policies, practices, and standards.
The DCISO will directly participate in the IT Change Management process and will be required to review and approve all Network Firewall rules and configuration changes prior to implementation.
MINIMUM QUALIFICATIONS:
This position requires a minimum of a bachelor’s degree in Computer Science, Information Systems, Information/Cybersecurity or related field. A minimum of 5 years of work experience managing cyber-security and/or information technology security functions is required. Experience as an Information Security Analyst / Engineer or IT Auditor is preferred. A current Certified Information Systems Security Professional (CISSP) certification is required along with at least one additional information security certification such as Security+, GCIA, CCNA, OSCP, CISM, or CISA. Demonstrated experience and knowledge in applying Information Security, Data Classification and Privacy concepts is also required.
This position requires familiarity with information security governance frameworks and experience in performing information security audits or risk assessments. A working knowledge and understanding of computer networking, firewalls, routing and switching, network protocols, VPN, DLP, IDS/IPS, Web-Proxy, Endpoint Security, Office O365 Security, client/server implementation patterns, and cloud computing / “as-a-service” implementations is also necessary. Ability to effectively coordinate, prioritize and collaborate along with outstanding written and verbal communication skills is essential. Attendance and the ability to maintain satisfactory working relationships with OAG employees and the general public is required.
HOURS OF WORK: 9:00 a.m. - 5:00 p.m. (Monday - Friday)
APPLICATION PROCEDURE:
Send resume and cover letter to:
Office of the Illinois Attorney General
Attn: Human Resources
115 S. LaSalle St.
Chicago, IL 60603
or
humanresources@ilag.gov
An Equal Opportunity Employer
Job Type: Full-time
Benefits:
- Dental insurance
- Employee assistance program
- Health insurance
- Life insurance
- Paid time off
- Retirement plan
Schedule:
- 8 hour shift
- Monday to Friday
Work Location: In person
#J-18808-Ljbffr