Deputy Director, Cyber Security Services

General Summary

This is a non-merit system, employment-at-will, long-term contract position.The Deputy Director, Cyber Security Services establishes and implements strategic initiatives for WSSC Water’s information security program (cyber security), compliance (e.g. information management, cyber security, software licenses, change/configuration management), and WSSC Water’s disaster recovery and incident response processes.

Essential Functions

Develops, implements, and maintains enterprise Risk Management Information Management, and Change/Configuration Management Programs

Develops, implements, and maintains an enterprise software licenses, hardware/software maintenance compliance program

Performs periodic Information Security audits to identify compliance issues

Leads the development and governance of the Commission-wide ECM strategy

Conducts and/or supports investigations of data breaches; supports investigations initiated by Human Resources, General Councils Office, Emergency Management & Security, and/or General Manager

Manages IT audits, IT risk reduction recommendations, and general IT control reviews

Works with business owners to identify statutory and regulatory requirements that impact the business to ensure compliance

Performs application planning and pre-implementation risk assessments and validation; reviews in conjunction with Information Security policies, standards, and procedures to ensure compliance and consistency

Provides subject matter expertise on IT and business-related initiatives regarding risk and cyber security

Participates in testing and evaluation of IT internal controls on corporate security risks, internal and external audits and reports, and sensitive data exposures

Provides project management oversight and guidance for IT initiatives including development and maintenance of project plans, status reports, and budgets

Manages the security department staff including career development, performance appraisals, task prioritization, and assignments

Develops security processes to apply best practices and ensure compliance with relevant regulations

Collaborates with the management team to develop the strategic direction of the team and take actions necessary to move toward the strategy

Implements enterprise-wide disaster recovery/business continuity plan

Routinely reviews plans for accuracy and relevance

Develops and uses effective mechanisms to report compliance-related actions

Manages external vendor relationships with contract administrators to review / negotiate/revise relevant contracts

Oversees the management of service-level agreements with vendors and service providers

Supervises employees including selecting or recommending selection, training, assigning and evaluating work, counseling, disciplining, and/or termination or recommending termination

Other Functions

Reports key metrics on information security and compliance as well as program updates

Reviews Information Security policies, standards, and procedures on an annual basis; updates as required

Maintains knowledge of existing and proposed regulations pertaining to information system security and privacy

Manages semi-annual tests of the Commission’s preparedness plans, evaluates effectiveness, and modifies plans as required

Ensures all IT business processes are documented, monitored, and audited

Represents the Commission on Prince George’s County and Montgomery County Information Security Committees

Performs related duties as assigned

Work Environment And Physical Demands Business casual office setting Required Knowledge, Skills, And Abilities

In-depth knowledge of Information Security and experience in implementing an information security program

Knowledge of Information Security issues related to Industrial Control systems

Knowledge of IT governance protocols and current trends

Knowledge of Information Management assurance and security

Ability to assess risks and implement appropriate controls to mitigate risks

Familiarity with external/internal Attack and Penetration Assessments, Information Security Risk Assessments, Security Vulnerability Assessments, IT Audit Assessments, Network Server and Application Security Assessments, and Security Policy Standards & Procedure Development

Understanding of LAN/WAN technologies and protocols, FTP, Active Directory, VPN (MPLS, IPSEC, etc.) IIS

Extensive knowledge and experience with network topologies, file/application servers, encryption technologies, and network operating hardware and software

Knowledge of industry-standard risk, governance, and security best practices associated with Local, Wireless and Wide Area Networking, internet security, applications security architectures, as well as secure email and file transfer protocols (HTTPS, SMIME, etc.)

In-depth knowledge of ISO-20001 and ISO-27002 security frameworks

Strong process facilitation, project management, and organization skills

Excellent written and verbal communication skills

Strong analytical and problem-solving abilities and strong customer service orientation

Ability to work with highly confidential and sensitive internal employee matters

Minimum Education, Experience Requirements

Bachelor’s degree in Computer Science, Business Administration, or related discipline

8+ years of Information Technology experience that includes:
5+ years’ experience managing and supporting Information Security (Cyber Security) Program and Compliance (information management, cyber security, software licenses, change/configuration management) activities, and Disaster Recovery and Incident Response Planning control methods for enterprise-scale systems
3+ years managing information security teams
Experience in the concurrent management of multiple development projects, multiple development managers, and a team of developers/analysts/technical staff
Experience with forensic software such as Encase, chain-of-custody procedures for evidence collection and preservation

Additional Requirements

This position is responsible for managing a staff that is on stand-by and on-call

Completion of the WSSC Water Financial Disclosure statement within 30 days of employment and annually thereafter

Preferences

CGEIT or equivalent governance certification

CISSP, CISM, CISA, or equivalent security certification

ITIL and/or Project Management certifications

Understanding of water/wastewater utility operational systems

Salary $188,516 - $320,988