Cybersecurity Policy & Risk Analyst

Introduction

The Department of Information Technology (DoIT) provides support to state agencies, the Executive Office of the Governor, the Governor’s coordinating offices, and a variety of independent agencies within the Executive Branch.

Striving to provide the highest level of customer service to its internal and external customers, DoIT supports Maryland’s agencies and commissions through its leadership and strategic direction for Information Technology and Telecommunications, establishing a long range, target technology architecture, encouraging cross agency collaboration and advocating best practices for operations and project management.

GRADE

STD 0023

LOCATION OF POSITION

100 Community Place, Crownsville, MD 21032

Main Purpose of Job

The Cybersecurity Policy & Risk Analyst will support the development and implementation of a comprehensive cybersecurity policy and risk management program. This role is pivotal in maintaining the State’s cybersecurity policy suite and establishing a cyber risk profile for executive branch agencies and ensuring robust cybersecurity practices across the state government.

POSITION DUTIES

· Monitors policy portfolio requirements for changes and implementation;

· Establishes and maintains communication channels with stakeholders;

· Review risks and recommendations and new policy requirements with

· stakeholders;

· Adjudicates, and publishes cyber policy;

· Seeks consensus on proposed risk management resources and timelines from stakeholders;

· Provides risk management and policy requirements guidance to cyber management, staff, and users;

· Reviews, conducts, or participates in audits of projects, systems, and networks;

· Develop and implement an end-to-end risk management program and lifecycle;

· Develop third-party and vendor risk management programs;

· Create a cyber risk profile for executive branch agencies, identifying key risk areas and mitigation strategies;

· Align cybersecurity risk management strategies with state business goals and objectives to enable risk-based decision-making;

· Collaborate with stakeholders to communicate risk management strategies and initiatives;

· Drive the adoption of advanced security frameworks and standards (e.g., NIST CSF, NIST RMF, NIST 800-53, HIPAA, PCI-DSS, FedRAMP) through risk management.

MINIMUM QUALIFICATIONS

Experience: Four years of experience in Information security as it relates to policy creation regarding compliance, legislation, governance programs and/or supporting internal audits.

Notes:

1. Candidates may substitute a bachelor’s degree in IT security management, IT management, information security, political science, business management, communications, or public administration with cybersecurity experience or a related field for up to two years of the required experience.

DESIRED OR PREFERRED QUALIFICATIONS

Preferred Qualifications:

Preference will be given to those who have three (3) years experience in each of the following:

-Maintaining a risk register

-Identifying and analyzing cybersecurity requirements (local, state, federal, best practices) that influence the risk profile of an organization.

SPECIAL REQUIREMENTS

1. Employees in this classification may be subject to call-in 24 hours a day and, therefore, may be required to provide the employing agency with a telephone number where the employee can be reached. Employees may be furnished with a pager or cell phone.

2. Applicants for this classification may handle sensitive data. This will require a full-scope background investigation before the appointment. A criminal conviction may be grounds for rejection of the applicant.

3. Employees may occasionally be required to travel to field locations and must have access to an automobile in the event a state vehicle cannot be provided. A standard mileage allowance will be paid for the use of a privately owned vehicle.

SELECTION PROCESS

Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date.

EXAMINATION PROCESS

The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.

BENEFITS

STATE OF MARYLAND BENEFITS

FURTHER INSTRUCTIONS

Online applications are highly recommended. However, if you are unable to apply online, the paper application and supplemental questionnaire may be submitted to: Department of Budget and Management, Recruitment and Examination Division, 301 W. Preston St., Baltimore, MD 21201. Paper application materials must be received in our office by the closing date for the recruitment. No postmarks will be accepted.

For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at or, MD TTY Relay Service .

We thank our Veterans for their service to our country.

People with disabilities and bilingual candidates are encouraged to apply.

As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.