Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

Transcription

1 Thomas K. Lee, Executive Director/CIO Human Resources Department (518) Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) The New York State Teachers Retirement System (NYSTRS) is the second-largest public retirement system in the state and one of the 10 largest public systems in the nation. The System administers a defined benefit plan that provides retirement, disability and death benefits to eligible New York State public school teachers and administrators. Our active and retired membership exceeds 426,000 and annual pension payments are in excess of $6.0 billion. NYSTRS is not part of the Executive Branch of the State and, therefore, does not come under the State Budget. However, the majority of our positions are classified by the New York State Civil Service Department, thereby requiring appointments to be made in accordance with the Civil Service Law and providing NYSTRS employees the ability to transfer to State Agencies and to take State promotional exams. Summary of Duties The job duties include, but are not limited to the following: Under the direction of the Director of Risk Management, directs and manages NYSTRS' information security and compliance program; manages and coordinates the resolution of security threats to NYSTRS' information systems; serves as an information security expert; confirms systems and contract alignment with NYSTRS' information security policies; and monitors information security industry trends, tools and techniques. Works cooperatively with NYSTRS' information security administration and operations teams. Bachelor's degree Minimum Qualifications Five years of information technology experience, including three years of information security or information assurance experience to qualify at the SG-25 level. Six years of information technology experience, including four years of information security or information assurance experience to qualify at the SG-27 level. Must have a diverse security background including knowledge in at least three of the following areas: developing and implementing layered security architecture; internet protocols; firewalls; VPN technologies, anti-virus and spam technologies; risk and vulnerability assessments, compliance.

2 Page 2 * The grade level assigned to the position is dependent upon the candidate's qualifications. The complexity of tasks assigned will be tailored to the grade level. Education: Preferred Skills/Expertise Bachelor's Degree: BA or BS degree in Computer Science, Electrical Engineering, Computer Engineering, Information Systems, or related fields. Master's Degree: (MA or MS) in the same fields of study to include Business Administration and Finance, or 30 + hours of graduate work. Certification: Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC Experience: 3-5 years experience: Developing incident response plans and leading information security response teams. Conducting and/or coordinating technical security scanning, penetration testing including social engineering testing, application security testing, mobile device security analysis, and similar monitoring and validation techniques. Implementing and managing information security technologies and measures such as firewalls, IDS/IPS, endpoint protection, encryption, access controls, network security, security architecture and design, secure software application design, etc. Hands-on infrastructure experience, networking, risk

3 Page 3 management, and information security experience, as well as demonstrated understanding of Cyber security. Conducting risk assessments and implementing appropriate prevention, detection, and response mechanisms. Computer Skills: Ability to adapt to rapidly changing technology and apply it to business needs. Knowledge in the use and configuration of commonly used protocols. Experience with hacker techniques and exploits. Extensive training and experience in computer technology and networking with experience in enterprise networking infrastructure. Some web experience including backend server, security, and SSL/TLS. Expertise in IT development, integration, delivery and maintenance Applied knowledge in one or more of the following areas: Platform Security, Data Security, Data Center and Cloud Computing Security, Network Security, Perimeter Security, Physical Security, Security Assessment Tools, Security Monitoring Tools, and Managed Security Services. Applied knowledge in one or more of the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits. Advanced knowledge/proficiency with personal computers: MS Office

4 Page 4 Knowledge of Information Security Management Frameworks: 3-5 years security assessment experience, including: ISO/IEC family of standards for managing the security of information assets NIST SP rev 1 (September 2012) Guide for Conducting Risk Assessments Information Security. Regulatory Knowledge: Knowledge of data privacy laws. Other Skills & Abilities: Excellent organizational, written and verbal communication skills Strong leadership/team building skills Strong project and people management skills Ability to handle confidential and sensitive matters. High degree of initiative and dependability Willingness and ability to meet goals and deadlines Commitment to providing exceptional customer service Excellent interpersonal skills Our Vision To be the model for pension fund excellence and exceptional customer service. How to Apply You will find a link to the employment application on the NYSTRS website (NYSTRS.org > About Us > Employment Opportunities). Please note that resumes will not be accepted as a substitute, in whole or part, for a completed application. Inquiries regarding vacancy postings, minimum qualifications, or application procedures may be made by to strsrecruitment@nystrs.org. You can reach us by phone at (518)

5 Page 5 Our Commitment to Diversity NYSTRS is committed to fostering an inclusive environment where diversity is valued and recognized as a source of strength and enrichment. We seek to attract talented people from a diverse range of backgrounds and cultures. NYSTRS is an equal opportunity employer.