State of Missouri
Jefferson City, Missouri, United States
Job Location: Harry S. Truman State Office Building; 301 W. High St., Jefferson City, MO 65101 Why you’ll love this position: The Chief Information Security Officer is a key member of the State of Missouri IT leadership team and is responsible for the development, implementation, and maintenance of the State's information security program, facilitating information security compliance, and establishing and implementing appropriate policies to manage information security risk. We are seeking a strong, knowledgeable leader to provide vision, strategy, and broad-based planning in the area of information security. Provides regular reporting on the current status of the information security program to enterprise risk teams, senior leaders as part of a strategic enterprise risk management program, thus supporting business outcomes for all executive departments. Develops, socializes, and coordinates approval and implementation of security policies. Works with the Division of Purchasing to ensure that information security requirements are included in contracts. Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management. Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls. Leads the information security function across the State of Missouri to ensure consistent and high-quality information security management in support of the business goals. Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas. Manages the budget for the information security function, monitoring and reporting discrepancies. Manages the cost-efficient information security organization, consisting of direct reports. This includes hiring, training, staff development, performance management and quarterly performance reviews. Develops, implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization. Works effectively with executive departments to facilitate information security risk assessment and risk management processes. Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels. Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies. Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines. Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action. Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals. Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas. Minimum Qualifications Degree in business administration or a technology-related field, or equivalent work- or education-related experience Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Chief Information Security Officer (CCISO) or other similar credentials Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security. Preferred Qualifications Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment. Experience with contract and vendor negotiations Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists. Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization. Ability to lead and motivate the information security team to achieve tactical and strategic goals. Excellent stakeholder management skills Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. Project management skills: financial/budget management, scheduling and resource management. A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital. Training, certification, and/or education in continuous process improvement programs such as Lean Six Sigma as well as completion of Missouri Way, Leadership Academy, and similar programs is preferred. Lack of post-secondary education will not be used as the sole basis denying consideration to any applicant. The State of Missouri offers an excellent benefits package that includes a defined pension plan, generous amounts of leave and holiday time, and eligibility for health insurance coverage. Your total compensation is more than the dollars you receive in your paycheck. To help demonstrate the value of working for the State of Missouri, we have created an interactive Total Compensation Calculator. This tool provides a comprehensive view of benefits and more that are offered to prospective employees. The Total Compensation Calculator and other applicant resources can be found here . If you have questions about this position please contact: Recruiter@oa.mo.gov
Job Location: Harry S. Truman State Office Building; 301 W. High St., Jefferson City, MO 65101 Why you’ll love this position: The Chief Information Security Officer is a key member of the State of Missouri IT leadership team and is responsible for the development, implementation, and maintenance of the State's information security program, facilitating information security compliance, and establishing and implementing appropriate policies to manage information security risk. We are seeking a strong, knowledgeable leader to provide vision, strategy, and broad-based planning in the area of information security. Provides regular reporting on the current status of the information security program to enterprise risk teams, senior leaders as part of a strategic enterprise risk management program, thus supporting business outcomes for all executive departments. Develops, socializes, and coordinates approval and implementation of security policies. Works with the Division of Purchasing to ensure that information security requirements are included in contracts. Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management. Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls. Leads the information security function across the State of Missouri to ensure consistent and high-quality information security management in support of the business goals. Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas. Manages the budget for the information security function, monitoring and reporting discrepancies. Manages the cost-efficient information security organization, consisting of direct reports. This includes hiring, training, staff development, performance management and quarterly performance reviews. Develops, implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization. Works effectively with executive departments to facilitate information security risk assessment and risk management processes. Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels. Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies. Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines. Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action. Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals. Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas. Minimum Qualifications Degree in business administration or a technology-related field, or equivalent work- or education-related experience Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Chief Information Security Officer (CCISO) or other similar credentials Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security. Preferred Qualifications Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment. Experience with contract and vendor negotiations Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists. Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization. Ability to lead and motivate the information security team to achieve tactical and strategic goals. Excellent stakeholder management skills Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. Project management skills: financial/budget management, scheduling and resource management. A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital. Training, certification, and/or education in continuous process improvement programs such as Lean Six Sigma as well as completion of Missouri Way, Leadership Academy, and similar programs is preferred. Lack of post-secondary education will not be used as the sole basis denying consideration to any applicant. The State of Missouri offers an excellent benefits package that includes a defined pension plan, generous amounts of leave and holiday time, and eligibility for health insurance coverage. Your total compensation is more than the dollars you receive in your paycheck. To help demonstrate the value of working for the State of Missouri, we have created an interactive Total Compensation Calculator. This tool provides a comprehensive view of benefits and more that are offered to prospective employees. The Total Compensation Calculator and other applicant resources can be found here . If you have questions about this position please contact: Recruiter@oa.mo.gov
CalTrain
San Carlos, CA, USA
The Cybersecurity Analyst reports to the Manager, Network Engineering, and is responsible for the oversight and implementation of the Districts rail network infrastructure and provides technical and engineering design support for complex cross-functional network and cybersecurity projects within the District. Manages and develops connectivity solutions utilizing the district’s fiber optic infrastructure; develops and implements standards and procedures for the District’s PTC, PCEP, and other rail network systems; develops security policy, compliance and design strategy for the security of the District’s enterprise network and systems; works to improve the security posture of district owned sites & facilities, as well as develop threat modeling, coordination of application security requirements, and strategic application security remediation using a wide variety of hardware and software tools.
ESSENTIAL FUNCTIONS&DUTY
Lead the security compliance efforts and conduct periodic audits, regular penetration testing, and remediation in accordance with TSA, DHS, and CISA requirements. Take charge ensuring data security, mitigating cyber security risks, and safeguarding SMCTD's computer networks, Operations (Train) Network and related systems against security intrusions. Responsible for coordinating and managing SMCTD's cyber security activities, upgrade cyber security measures and controls and actively combat security intrusions.
Plans, analyzes, and implements system security measures and controls related to SMCTD's computer networks and other technology systems. Aligns information security activities with business risk priorities through prioritization of security risk and mitigation activities.
Research and resolve sensitive and confidential data security issues and provide leadership or technical assistance in projects involving protection of confidential data against unauthorized access.
Provide hands-on support for a broad spectrum of technologies, including security software running on Windows and Linux systems, network devices, virtual machines, Cloud Infrastructure as well as software-as-service (SaaS) services.
Collaborate with internal and external stakeholders in implementing and supporting technical projects, and for operational support of production platforms. Researches and evaluates new technologies and cybersecurity management tools; develop and deliver training materials such as online OT cybersecurity awareness training and provide accurate and prompt status reports as required
EXAMPLES OF DUTIES
Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or/and processed by the organization.
Identifies, evaluates, and reports on cybersecurity risk related to assets. Performs an inventory of information assets, maintains the asset repository; manages the data classification project.
Ensures organizational compliance in accordance with agency information security policies, standards, and procedures; responsible for the exception process, authorizes and documents all exceptions, and maintains a repository of all exceptions.
Manages systems and network security and remote access methodologies such as Firewalls, IDS/IPS, VPN, and MFA. Perform packet analysis using tools such as NMAP, Ethereal a Wireshark; review device logs, provide event correlation, and forensic analysis; conducts regular vulnerability scanning and recommends remediation steps
Reviews annually and coordinates any changes to the Incident Response Plan and the overall IT Security Policies/Standards. Responsible for oversight compliance with PCI Compliance and regulations. (Includes conduct annual PCI compliance exercise, security patching process and validation). Acts as a Focal point for all information security related audit work (internal & external). Coordinates with auditors in the execution of audits. Develops a strategy for handling audits and external assessment processes for relevant regulations.
Maintain relationships with local, state, and federal law enforcement and other related government agencies to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
Provides support and consulting to the Executive Officer, IT while staying current on relevant security regulations, laws, and technologies. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Perform all job duties and responsibilities in a safe manner to protect oneself, fellow employees, and the public from injury or harm. Promote safety awareness and follow safety procedures to reduce or eliminate accidents.
Provide 24/7 on-call construction and maintenance support.
Perform all job duties and responsibilities in a safe manner to protect one’s self, fellow employees and the public from injury or harm. Promote safety awareness and follow safety procedures in an effort to reduce or eliminate accidents.
Perform other duties as assigned.
The Cybersecurity Analyst reports to the Manager, Network Engineering, and is responsible for the oversight and implementation of the Districts rail network infrastructure and provides technical and engineering design support for complex cross-functional network and cybersecurity projects within the District. Manages and develops connectivity solutions utilizing the district’s fiber optic infrastructure; develops and implements standards and procedures for the District’s PTC, PCEP, and other rail network systems; develops security policy, compliance and design strategy for the security of the District’s enterprise network and systems; works to improve the security posture of district owned sites & facilities, as well as develop threat modeling, coordination of application security requirements, and strategic application security remediation using a wide variety of hardware and software tools.
ESSENTIAL FUNCTIONS&DUTY
Lead the security compliance efforts and conduct periodic audits, regular penetration testing, and remediation in accordance with TSA, DHS, and CISA requirements. Take charge ensuring data security, mitigating cyber security risks, and safeguarding SMCTD's computer networks, Operations (Train) Network and related systems against security intrusions. Responsible for coordinating and managing SMCTD's cyber security activities, upgrade cyber security measures and controls and actively combat security intrusions.
Plans, analyzes, and implements system security measures and controls related to SMCTD's computer networks and other technology systems. Aligns information security activities with business risk priorities through prioritization of security risk and mitigation activities.
Research and resolve sensitive and confidential data security issues and provide leadership or technical assistance in projects involving protection of confidential data against unauthorized access.
Provide hands-on support for a broad spectrum of technologies, including security software running on Windows and Linux systems, network devices, virtual machines, Cloud Infrastructure as well as software-as-service (SaaS) services.
Collaborate with internal and external stakeholders in implementing and supporting technical projects, and for operational support of production platforms. Researches and evaluates new technologies and cybersecurity management tools; develop and deliver training materials such as online OT cybersecurity awareness training and provide accurate and prompt status reports as required
EXAMPLES OF DUTIES
Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or/and processed by the organization.
Identifies, evaluates, and reports on cybersecurity risk related to assets. Performs an inventory of information assets, maintains the asset repository; manages the data classification project.
Ensures organizational compliance in accordance with agency information security policies, standards, and procedures; responsible for the exception process, authorizes and documents all exceptions, and maintains a repository of all exceptions.
Manages systems and network security and remote access methodologies such as Firewalls, IDS/IPS, VPN, and MFA. Perform packet analysis using tools such as NMAP, Ethereal a Wireshark; review device logs, provide event correlation, and forensic analysis; conducts regular vulnerability scanning and recommends remediation steps
Reviews annually and coordinates any changes to the Incident Response Plan and the overall IT Security Policies/Standards. Responsible for oversight compliance with PCI Compliance and regulations. (Includes conduct annual PCI compliance exercise, security patching process and validation). Acts as a Focal point for all information security related audit work (internal & external). Coordinates with auditors in the execution of audits. Develops a strategy for handling audits and external assessment processes for relevant regulations.
Maintain relationships with local, state, and federal law enforcement and other related government agencies to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
Provides support and consulting to the Executive Officer, IT while staying current on relevant security regulations, laws, and technologies. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Perform all job duties and responsibilities in a safe manner to protect oneself, fellow employees, and the public from injury or harm. Promote safety awareness and follow safety procedures to reduce or eliminate accidents.
Provide 24/7 on-call construction and maintenance support.
Perform all job duties and responsibilities in a safe manner to protect one’s self, fellow employees and the public from injury or harm. Promote safety awareness and follow safety procedures in an effort to reduce or eliminate accidents.
Perform other duties as assigned.