at Illinois Department of Innovation & Technology in Springfield, Illinois, United States
25% Serves as the Deputy Chief Information Security Officer of Identity & Access Management (IAM) for the Department of Innovation and Technology (DoIT):
Oversees the Identity and Access Management (IAM) division, programs, functions and processes, which includes systems, governance and proofing.
As a policy formulating manager, develops policy for Department Identity and Access Management.
Assists in the development of enterprise policy and in the planning, implementing and administering of the Information Security Office.
Serves as an official agency spokesperson when the Chief Information Security Officer (CISO) is not available on matters that affect the Identity and Access Management division processes and functions.
Assists in the oversight and implementation of Information Technology (IT) security programs for agencies, boards and commission under the jurisdiction of the Governor.
Recommends and assists in developing comprehensive IT security plans and procedures.
Provides oversight and expert direction in the development of security controls and testing of sensitive and confidential IT systems.
Monitors and assists with the direction of independent and confidential IT security reviews by third parties.
Utilizes knowledge of information security controls including the National Institute of Standards & Technology (NIST) Cybersecurity Framework, and/or NIST SP 800-53, NIST SP 800-63, and the Center for Internet Security Critical Controls in performance of duties.
Implements computer networking concepts and protocols, and network security methodologies in performance of duties.
Evaluates programs and personnel performance, develops budgets and determines resource requirements.
Travels to meet with client agencies, private and federal officials, etc.
20% Serves in a leadership role in support of Department and Division initiatives, services, projects and operations:
Provides direction, contributes to development of documentation and deliverables and makes recommendations to enhance security.
Oversees cybersecurity programs including managing information security implications in the areas of Identity and Access Management.
Reviews and recommends enterprise-wide security policies and procedures.
Directs the development of security standards, procedures and guidelines.
Analyzes and diagnoses security/system issues and coordinates efforts to resolve.
Speaks on behalf of the CISO at meetings, conferences, and other situations on identity and access management issues.
Reviews and monitors functions and processes to ensure they meet compliance regulations, security/risk standards and/or control standards such as PCI, HIPAA, PII, FISMA NIST, CISSP, ISC2, NIST, ITIL, CoBiT and COSO.
Commits the Division to specific courses of action relative to IAM in situations requiring interaction with other state agencies.
Travels when meetings, conferences, etc., are held off site.
(Job Responsibilities continued)
15% Recommends and proposes to the CISO, the development of strategic plans, programs and the introduction of initiatives and innovations to improve IAM capabilities:
Makes recommendations to DoIT staff on how to effectively address security weaknesses and issues.
Develops policies and plans and/or advocates for changes in policy that supports organizational cybersecurity initiatives, identity and access management, or required changes/enhancements.
Conducts research into security risks, breaches, threats or vulnerabilities used to circumvent security, and recommends strategies and resourcing to improve the overall information security posture of the state.
Works at various times outside of normal office hours to meet deadlines.
10% Serves as full line supervisor:
Assigns and reviews work.
Provides guidance and training to assigned staff.
Counsels staff regarding work performance.
Reassigns staff to meet day-to-day operating needs.
Establishes annual goals and objectives.
Approves time off.
Adjusts first level grievances.
Effectively recommends and imposes discipline, up to and including discharge.
Prepares and signs performance evaluations.
Determines and recommends staffing needs.
10% Serves as a liaison for agencies on IAM issues:
Reviews risk and assurance documents to confirm that the level of operational risk is within acceptable limits for each software application, system, and product within the identity and access management program.
(Job Responsibilities continued)
5% Serves as senior subject matter expert with customers, support staff, vendors, and other technicians regarding identity and access management, policy, procedures, and other security issues.
Oversees and/or manages projects and changes to existing IT environment to determine security requirements and/or impact of changes on security.
Presents information to others with clarity and precision.
Maintains satisfactory working relationships with others.
5% Keeps abreast of new developments in the Information Technology (IT) field:
Continues education by attending meetings, training sessions, seminars and conferences to increase familiarity with and maintain current on emerging security issues, risks, and vulnerabilities, IT products, vendors, techniques and procedures as well as information security industry best practices.
Stays current on national and international laws, regulations, policies and ethics as they relate to cybersecurity.
Attends demonstrations and exhibitions related to assigned operations.
Travels to events when held off-site.
5% Serves as principal liaison to the Illinois Emergency Management Agency:
Responds to the Statewide Incident Response Center as needed to represent the Department of Innovation & Technology during statewide emergencies.
Attends and participates in meetings.
5% Performs all other duties as required or assigned that are reasonably within the scope of the duties enumerated above.