Deputy Chief Information Security Officer | Compliance and Attestation jobs in United States
cer-icon
Apply on Employer Site
company-logo

State of Washington · 5 days ago

Deputy Chief Information Security Officer | Compliance and Attestation

positionWalla Walla, WA
timeFull-time
remoteHybrid
senioritySenior Level
money$102K/yr - $138K/yr
date5+ years exp

The State of Washington is seeking a strategic, tech-savvy leader to join their Department of Corrections as the Deputy Chief Information Security Officer for Compliance and Attestation. This influential role involves setting the direction for security architecture, IT compliance, and technology risk management, while leading the Cybersecurity Assessment and Compliance team to enhance the resilience of the DOC’s network and systems.

AssociationCommunitiesEducationEmploymentEventsGovernmentInformation TechnologyNewsNon Profit

Responsibilities

Analyzing and assessing vulnerability risks identified during scans to support system changes and leading IT architecture or design changes required to address IT architecture, functionality and configuration which could include: Developing Minimum Security Baseline configurations for new technologies, Developing and maintaining infrastructure architecture diagrams to facilitate engineering material builds, Leading and facilitating architecture presentations to project teams, working groups, design authorities, and leadership, Developing and enhancing target architectures as well as target operate models for new/existing architectures and services, Developing Minimum Security Baseline configurations for new technologies
Maintaining a coordinated enterprise-level vulnerability management program that effectively reviews, analyzes, communicates, and guides remediation of IT vulnerabilities which could look like: Validating and confirming accuracy and scope of scanning infrastructure with IT teams through both manual and automated processes, Detecting and remediating vulnerabilities within established timelines, Ensuring regular security scans are scheduled and completed to reduce exposure time, Determining and maintaining the scope of systems to include in the vulnerability scanning, Ensuring IT Architectural Standards are consistent across the enterprise
Analyzing and assessing the criticality from internal and external vulnerability scans to understand the impact, potential mitigation and delivers and implements remediation plans
Identifying and executing attack surface reduction opportunities via vulnerability data analysis, trends, and log reviews
Responding to cyber security incidents and assists with threat hunting and data analysis to protect and maintaining the overall IT security of DOC
Other tasks

Qualification

Enterprise architecture servicesInformation Security conceptsVulnerability managementPowerShellAzure ATPVulnerability scanning toolsRisk managementCloud systems AWSCloud systems AzureProject managementSoft skills

Required

A Bachelor's degree in business administration, computer science, or related field
Five (5) years of information technology experience providing enterprise architecture services
High school diploma
Four years of a combination of IT related training and experience
Five (5) years of information technology experience providing enterprise architecture services
Five (5) years' experience in working in a complex/enterprise IT environment across multiple disciplines (IT Security, network engineering, application security, database, risk management, project management, etc.)
Two (2) years' experience using PowerShell
Two (2) years utilizing either Azure Advanced Threat Protection (ATP), Microsoft Defender for Endpoint (Microsoft Defender ATP) or Office 365 ATP
Two (2) years' experience articulate business risks of technical issues to non-technical personnel
Knowledge of core Information Security concepts related to Threat and Vulnerability Management
Experience with performing complex network vulnerability scans in both on-prem and cloud environments using common vulnerability assessment tools
Understanding of governing security principals (PCI, ISO 27000 series, FFIEC, NYSDFS, NIST)
Prior experience with vulnerability scanning technology (Risk Sense, Nessus, Tenable, etc.)
Experience in analyzing, identifying, and developing remediation plans for vulnerabilities

Preferred

Training, experience, or certification in Information security certifications: (SANS, CISSP, CompTIA, ISC2, etc)
Two years (2) of hands-on experience with production Cloud systems (AWS, Azure)

Benefits

Remote/telework/flexible schedules (depending on position)
Up to 25 paid vacations days a year
8 hours of paid sick leave per month
12 paid holidays a year
Generous retirement plan
Flex Spending Accounts
Dependent Care Assistance
Deferred Compensation and so much more!

Company

State of Washington

twittertwitter
Glassdoor3.7
company-logo
Washington state public employees help to create a working Washington built on education and innovation, where all Washingtonians thrive.
dateFounded in 1889
location
Olympia, Washington, USA
people-size10001+ employees
web-link
http://access.wa.gov/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Matt Manweller
State Representative
linkedin
Company data provided by crunchbase