Information Security Officer
Job Description, Responsibilities, Standards, and Qualifications
Job Description:
Plans, directs, and coordinates agency activities specific to the field of Information Security for the State Road & Tollway Authority (SRTA). Administers and manages operations and the prime mission of the agency cybersecurity program to include protection of information and agency assets. Develops and enforces the organization’s security policies and procedures, security awareness program, the information security portion of the business continuity and disaster recovery plans, and all industry and government compliances issues. Designs and develops security procedures to manage and control user specific security policies on a diverse range of internal hardware platforms supporting various software operating systems and applications. May supervise or be the lead for lower-level information security positions and/or the IT security function for SRTA. The Information Security Officer reports directly to the Chief Information Officer (CIO).
Job Responsibilities and Performance Standards:
· Serves under the CIO as the agency’s chief point-of-contact for information security.
· Oversees or conducts risk assessments to identify areas of risk and to develop security measures and controls for mitigation.
· Develops and implements IT system security policies, plans, projects, and initiatives.
· Creates and manages corporate security policy and controls in compliance with NIST 800-53.
· Implements strategies for the protection of data, data storage, and transmission paths.
· Reviews and approves security policies, controls, and cyber incident response planning, including testing the cyber incident plan at least annually.
· Monitors the use of data files and regulates access to safeguard data and information in computer files and systems.
· Manages the installation, maintenance, and support of information security products/services.
· Works with business owners, IT managers, staff, and vendors to provide timely and efficient IT coordination of security services to meet agency needs.
· Serves as Subject Matter Expert (SME) representing the agency on all issues relating to agency information security.
· Understands the IT threat landscape for the industry.
· Ensures continued compliance with laws and applicable regulations.
· Creates reports on status of agency information security programs and projects.
· Communicates to senior executives through oral or written reports and presentations.
· Manages all teams, employees, vendors, and third parties involved in IT/cyber security.
· Takes the lead in representing the agency in the yearly IT audit.
· Performs other duties as assigned by Management.
Skills and Competencies:
· Knowledge of State and Federal regulatory laws and standards for the safeguarding of sensitive information and data.
· Knowledge of the Federal risk management framework.
· Knowledge of current information security technology and software tools.
· Knowledge of IT project management methods and techniques.
· Ability to supervise staff as assigned.
· Ability to design/develop information security procedures, policy, governance, security architecture, incident and risk plans, incident response plans and procedures to include procedures for the preservation of electronic evidence to legal standards.
· Ability to design/develop information security disaster recovery and information security continuity plans.
· Ability to develop information security performance metrics to measure effectiveness and maturity.
· Work with Georgia Technology Authority cyber security and IT staff to detect and respond to threats.
· Ability to produce technical writing in the area of information security.
· Experience in building a comprehensive cyber security program with the minimal components:
o Cyber Governance
o Cyber Strategic Planning
o Cyber Policy and Compliance Management
o Cyber and IT Risk Management
o Cyber Incident Management
o Security Awareness, Training, and Workforce Development
o Continuity of Operations Planning (COOP)
SRTA Minimum Qualifications:
Bachelor’s degree in Computer Science/Information Technology/Information Security or Cybersecurity from an accredited college or university AND must hold or be able to qualify for a U.S. Department of Homeland Security (DHS) clearance OR related field or have equivalent experience AND minimum six (6) years of proven experience and demonstrated success in technology leadership with emphasis on information security and data governance AND currently hold an advanced level cyber certification per State guidelines or achieves within 12 months of start date: (CISA, CISM, CISSP, GSLC, CCSP, CISSO or Cisco Certified Security Professional) AND must hold or be able to qualify for a US Department of Homeland Security (DHS) clearance. Supervisory experience. Excellent interpersonal, communication, and problem-solving skills are essential. Applicants must possess SRTA’s core values of Integrity, Collaboration, Innovation, Customer Focus, and Diversity.
Have at least one of the following industry certifications:
- Certified Information Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Officer (CISSO)
- Certified Cloud Security Professional (CCSP)
- Cisco Certified Security Professional or equivalent technical certification
- GIAC Security Leadership (GSLC)
SRTA Preferred Qualifications:
Master’s degree from an accredited college or university in information technology, computer science, information assurance or a related IT field AND more than eight (8) years of information technology experience, four (4) years of which were in information and/or information assurance. Knowledge of State and Federal regulatory laws and standards for the safeguarding of sensitive information and data. Work experience in the public sector is a plus, specifically in the toll, transit, or transportation industry.