to top

Deputy Chief Information Security Officer

South Dakota State Government

Sioux Falls, SD

Posted/Updated: 9 days ago

Job Description
PLEASE ATTACH THE ADDITIONAL REQUIREMENTS LISTED AT THE BOTTOM OF THIS PAGE

Job ID: 26979
Agency: Bureau of Information and Telecommunication
Location: Sioux Falls
Salary: $101,894.40 - $110,105.00 annually, depending on experience.
Pay Grade: IT11
Closing Date: 5/22/24

This is a full-time position with the Bureau of Information and Telecommunication's Cyber Security Division. For more information on the Bureau of Information and Telecommunication please visit https://www.sd.gov/bit .

The South Dakota State Deputy Chief Information Security Officer (DCISO) will serve as a trusted advisor and strategic security partner for development and implementation of the information security program. Primary responsibilities will be over operations and improvement of the State Cybersecurity Operations Center (SOC) and related functions. Additional responsibilities require leadership, as well as expertise to ensure effective state-wide security analysis; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines. The DCISO will partner with state technology leadership to maintain and enforce the state's information security framework and the associated policies and standards to reduce risk to the State's information systems. Requires the ability to communicate with non-technical executives to keep stakeholders aware of the status of cyber operations.

This position reports to the State Chief Information Security Officer (CISO) and supervises multiple staff within the state SOC. Additionally, works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.

Responsibilities of the role include:
  • Leads SOC operations including monitoring of all environments and incident response to cyber-attacks by designing comprehensive plans, managing routine exercises, partnering with threat experts and law enforcement, working with external vendors, as well as building and leveraging threat intelligence, the kill chain and analytics programs.
  • Continuously refines the state's cybersecurity program by updating strategy and tactical plans, leveraging the latest industry research, threat analysis, and lessons learned from industry and internal practices.
  • Partner with CISO to ensure state leadership and stakeholders are informed of security strategy, operations, and events. Including documentation of monthly and annual reports, and in face-to-face discussions as occasion requires.
  • Assist the CISO in the development and execution of the state Information security strategy and managing the information security program, focusing on security risk assessments; risk management (including risk prioritization and mitigation); education and awareness.
  • Partners with the State CISO and State technology leadership to conducts internal security audits of all aspects of the IT architecture for compliance and to determine where vulnerabilities exist, translating findings into Plans of Action and Milestones.
  • Partners with state technology teams on vulnerability management program to ensure software, systems and infrastructure vulnerabilities are remediated in accordance with state policy.
  • Creates and oversees threat hunting and emulation ("red/blue") efforts designed to detect and repair vulnerabilities across the enterprise based on a strategy tethered to risk and larger state future technology goals. Determines where the State's architecture lacks sufficient security controls that could be exploited by an adversary.
  • Develops a professional team of cybersecurity experts through mentorship, creating and facilitating professional development opportunities, and quality reviews and feedback of work. Ensures that employees are challenged and provided opportunities to keep pace with continuously evolving cyber threats.
  • Work with the CISO and Security teams to plan, and administer budgets as allocated. Understanding of chargeback and cyber funding methodologies in public entities. Ensure appropriated funds are expended as allocated and in accordance to state laws. Assist as well on planning and allocation of federal cyber security grants.
  • Assist in the development and continued evaluation of metrics to measure the efficiency and effectiveness of the security program.

The Ideal Candidate Will Have:
A BA/BS from a recognized college or university preferably with a major in a related field or related/equivalent demonstrated experience in industry. Industry certifications not required but preferred. Five (5)+ years of leadership experience managing security operations within complex technical environment, five (5)+ years of architecture experience designing technical solutions; Cybersecurity or Infrastructure preferred; and, two (2)+ years' experience managing security for cloud vendors directly and security integration into SaaS applications.
  • working knowledge of Incident Response, BC/DR (CooP) planning;
  • working knowledge of industry best practices and cybersecurity frameworks (NIST CSF, CIS Critical Security Controls, MITRE ATT&CK and D3FEND, etc.) and system hardening methodologies;
  • working knowledge of/experience with: Networking, application systems, IDS/IPS, Server/Endpoint systems and architecture, EDR/XDR, xAAS systems, Cloud security testing/configurations. Additionally, Cloud computing/Elastic computing across virtualized environments. Encryption technologies, software, and applications. Access control systems and methodology.

Knowledge, Skills, and Abilities:
  • decision quality;
  • effective problem solving;
  • customer focus;
  • innovation management;
  • effective priority setting;
  • drive for results;
  • ability to build effective teams ;
  • conflict management skills;
  • ability to delegate.

Additional Requirements: To be considered, please attach your resume.

This position is exempt from the Civil Service Act.

This position is eligible for Veterans' Preference per ARSD 55:10:02:08.

Successful applicant(s) will be required to undergo a background investigation. An arrest/conviction record will not necessarily bar employment.

The State of South Dakota does not sponsor work visas for new or existing employees. All persons hired will be required to verify identity and eligibility to work in the United States and complete an Employment Eligibility Verification, Form I-9. The State of South Dakota as an employer will be using E-Verify to complete employment eligibility verification upon hire.

The State of South Dakota offers employer paid health insurance plus eleven paid holidays, generous vacation and sick leave accrual, dental, vision, and other insurance options, and retirement benefits. You can view our benefits information at https://bhr.sd.gov/job-seekers/work-for-state-government/ . This position is a member of Class A retirement under SDRS.

Must apply online: https://sodakprod-lm01.cloud.infor.com:1443/lmghr/xmlhttp/shorturl.do?key=PQC
You must apply online, emailed resumes or submissions will not be accepted.
South Dakota Bureau of Human Resources
Telephone: 605.773.3148 Email: careers@state.sd.us
http://bhr.sd.gov/workforus
"An Equal Opportunity Employer"
Share with a friend
South Dakota State Government
500 East Capitol Avenue
Pierre, SD 57501