Deputy, Chief Information Security Officer

Baltimore City Office of Information & Technology... • Baltimore, MD, United States • $200k - $250k / year • 4w ago

The Baltimore City Office of Information and Technology (BCIT) is seeking a Deputy Chief Information Security Officer (DCISO). The Deputy CISO works with and reports to the Chief Information Security Officer (CISO) in leading the Agency's enterprise-wide cybersecurity program and providing security oversight to the agency's information technology (IT) investments. The Deputy CISO develops, evaluates and implements policies and controls for city-wide programs.

As a Leader at BCIT, you will be expected to:

Act with transparency and integrity
Provide strategic and tactical leadership
Demonstrate a commitment to solving the challenges that impact the city in a unified and collaborative manner
Lead highly skilled professionals in a fast-paced environment with an emphasis on timely and quality service delivery
Provide thoughtful and constructive oversight guided by the strategic priorities, mission, vision and values of BCIT
Utilize expertise to continuously improve the city’s information security program to better serve the City of Baltimore community
Consistently work to streamline, increase efficiency and provide frictionless interactions for our customers

DCISO responsibilities may include but are not limited to:

Leads a team of cybersecurity professionals across a broad range of disciplines including risk management, compliance/audits, incident response, security tool implementation and monitoring, analytics, threat hunting/emulation, security engineering, monitoring/detection, governance, and training. Ensure compliance with the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) and other applicable regulations and governing frameworks.
Oversees (designs architecture/integration, procure, configure, manage) a comprehensive suite of security tools and monitoring technologies based on a continuous review of industry best practices, security architecture designs, and gaps in the environment to support system authorization. Continuously monitors threat detection and response, compliance, and related enterprise-level security activities. Recommends enhancements designed to integrate effectively and keep pace with evolving threats.
Develops comprehensive cybersecurity standards that align with the city’s IT policy, integrates with the security architecture, mitigates risk areas, and is based on industry-leading best practices, policy and regulations. Ensures that BCIT has policies that guide the organization, manage compliance and risk, and define key roles and partnerships.
Continuously refines the cybersecurity program by updating the city’s strategy and tactical plans across the cybersecurity program, leveraging the latest industry research, threat analysis, and lessons learned from internal practices.
Conducts internal security audits of all aspects of the IT architecture for compliance and to determine where vulnerabilities exist, translating findings into Plans of Action and Milestones. Coordinates external audits to ensure BCIT has an effective compliance program that supports risk-prioritized remediation efforts.
Develops a professional cadre of cybersecurity experts through mentorship, creating and facilitating professional development opportunities, and quality reviews and feedback of work. Ensures that employees are challenged and provided opportunities to keep pace with continuously evolving cyber threats.
Designs, refines, implements and manages a risk-based, repeatable/consistent system security strategy based on the NIST Cybersecurity Framework which includes: control selection, system authorization, documenting, and remediating vulnerabilities, managing a Governance Risk and Compliance (GRC) tool, partnering with developers and stakeholders to ensure security is a part of the complete system development life cycle, and continuous monitoring. Maintains a thoughtful risk-management framework applied to all systems and applications.
Leads security monitoring of all environments and incident response to cyber-attacks by designing comprehensive plans, managing routine exercises, partnering with threat experts and law enforcement, maintaining an effective security operations center, working with external vendors, as well as building and leveraging threat intelligence, the kill chain and analytics programs.
Creates and oversees threat hunting and emulation ("red/blue") efforts designed to detect and repair vulnerabilities across the enterprise based on a strategy tethered to risk and larger corporate future IT goals. Determines where BCIT's architecture lacks sufficient security controls that could be exploited by an adversary.
Develops and manages an innovative and current cybersecurity training and awareness program that looks both internally at developing professionals and educating employees across BCIT. Ensures employees at all levels receive training to prevent security mishaps and build stronger cyber awareness.

Required Skills, Knowledge and Abilities:

Comprehensive knowledge of cybersecurity, operational, incident response and security tools best practices.
Ability to supervise, plan, monitor and grow the skills of a professional staff.
Ability to lead city-wide initiatives and collaborate across organizational boundaries.
Ability to communicate effectively with senior leaders and external stakeholders.
Experience with business practices, budgeting, monitoring, and support service operations for large government or business organizations.
Ability to perform duties with accuracy and attention to detail. Understands how to build resilience in security operations leveraging the kill chain and intelligence driven defense.
Knowledge of project planning and scheduling; audit and compliance programs; and pertinent regulations.
Ability to analyze and resolve complex business problems.
Ability to collaborate with Subject Matter Experts (SMEs) and resolve complex issues.
Previous experience leading a Cyber Security team is preferred.

Minimum Education and Experience Requirements:

Bachelor of Science degree in Information Technology, Computer Science, Computer Engineering or a related discipline from an accredited college or university.
Seven years of cybersecurity or other related experience.
Three years of supervisory responsibilities evaluating the performance, mentoring, coaching and development of employees.
Strong verbal and written communication skills.

We offer competitive compensation packages including benefits such as health insurance, retirement plans, paid time off, professional development opportunities, and more.

If you are a motivated professional looking for an exciting opportunity to contribute to the success of our agency as an IT Portfolio Manager, we encourage you to apply today!

Job Type: Full-time

Pay: From $127,024.00 per year

Benefits: