Director of Information Security

SPECIAL NOTIFICATION: This position is exempt from classified state service and the rules of the Division of Human Resources and the Idaho Personnel Commission.

The Office of the Governor is seeking a business/technology executive with exceptional leadership and communication skills to advise in statewide strategic security planning critical to business operations and protecting the security and integrity of State data.

The selected applicant must successfully pass the appropriate background checks and obtain/maintain a Department of Homeland Security or FBI secret security clearance. Travel in and out of state on a regular basis is required.

Responsibilities Include :
Define and champion enterprise policy, global controls, and monitoring of control performance

Coordinate with agency Directors and their IT support providers to understand the needs of the agency and assist in prioritizing security enhancements, weighing risk and reward, assisting to reduce vulnerabilities

Develop and maintain annual budget and make requests for funding necessary to meet the cyber protection needs of the state

Develop, administer, and refine the state cyber incident response process

Create, implement and monitor statewide information security protocols, standards and policies and make recommendations to the Governor’s Office for amendments to state law

Assist state agencies in adopting and implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Center for Internet Security Critical Security Controls (CIS controls)

Review reports of annual penetration tests and annual vulnerability scans on state technology systems and identify steps to mitigate identified risks; coordinate audits and regulatory inquiries

In coordination with Division of Human Resources, ensure executive branch agencies require all state employees complete annual cybersecurity training commensurate with their highest level of information access and core work responsibilities; oversee statewide cybersecurity website; and develop a public outreach program for local government, private businesses, and Idaho citizens to share best practices and current information regarding cybersecurity

Minimum Qualifications :
Ability to successfully pass the appropriate background checks and obtain/maintain a Department of Homeland Security or FBI secret security clearance within a reasonable time from the date of hire

Bachelor’s Degree in computer science, management information systems, business administration, public administration or related field

Good knowledge of management, including experience in strategic planning, budgeting and leading/facilitating diverse work groups

Experience successfully leading an information security function such as cyber operations development, cybersecurity program management, cyber intelligence analysis, and/or vulnerability management

Experience managing large-scale projects with multiple complexities

Experience working with national or international regulatory compliance frameworks (i.e. ISO, SOX, EU DPD, HIPAA, and PCI) Desirable Qualifications/Certifications :

Good knowledge of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and/or the Internet Security Critical Security Controls (CIS controls)

CISSP – Certified Information Systems Security Professional

CISA – Certified Information System Auditor

CISM – Certified Information Security Manager