The Senior IT Security Manager performs core functions for the enterprise. The first is overseeing the operations of the enterprise’s security solutions through management of the organization’s security team. The second is establishing an enterprise security stance through policy, architecture and training processes. Secondary tasks will include identifying, managing, and reporting on the Agency’s compliance regulatory, legislative, and contractual requirements, and the selection of appropriate security solutions, as well as oversight of any vulnerability audits and assessments. Responsibilities will include performing reviews, assessments and audits, conducting research, and facilitating communication to internal and external stakeholders where necessary. The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements. The Senior IT Security Manager is expected to interface with peers in the Application development and Infrastructure areas as well as with the leaders of the business units to both share the agency security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation.
- Provides leadership to managers, supervisors and/or professional staff. Identifies major resource constraints that impact implementation of desired organizational goals.
- Improve existing compliance programs / processes. Develop, review, & modify information security & compliance policies. Establishes IT security audit procedures relevant to MARSe, SSA Pub-1075, NIST 800-23, HIPAA, etc.. Develop materials & tools to effectively communicate compliance & agency requirements.
- Design and execute audit procedures to assess & measure compliance within its security policies & procedures. Manages compliance testing & monitoring of current / future regulatory obligations, & other regulatory matters as required. Conducts internal & third-party security risk assessments and security compliance audits.
- Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. Determine whether a security incident violates a privacy principle or legal standard requiring legal action.
- Collect, analyze, and prepare reports required for senior management, regulators, and other relevant stakeholders. Work with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
- Lead team to document, investigate, and report cybersecurity compliance issues and incidents, where necessary. Understand, develop, and deliver meaningful reports on the program state and adherence to frameworks and standards.
- Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders.
- Liaise with relevant parties to commission activities relating to contingency planning, business continuity management, and IT disaster recovery.
- Oversee the creation and maintenance of the Agency's security architecture design.
- Create, and maintain the Agency's security awareness training program.
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Select and acquire additional security solutions or enhancements to existing security solutions to improve overall Agency security as per the Agency's existing procurement processes.
- Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the Agency's security documents specifically.
- Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through Agency workstations, servers and other systems and in databases and other data repositories.
- Significant knowledge of and experience with legal and regulatory compliance standards such as MARSe, SSA Pub-1075, NIST 800-23, HIPAA, etc.
- Experience with IT governance, risk, and compliance management.
- Knowledge of cyber threats and vulnerabilities.
- Extensive experience in enterprise security architecture design.
- Extensive experience in enterprise security document creation.
- Experience in designing and delivering employee security awareness training.
- Experience in developing Business Continuity Plans and Disaster Recovery Plans.
- Experience in managing technical staff.
- Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
- Knowledge of computer networking concepts and protocols and network security methodologies.
- Broad and generally deep understanding of all facets of management and leadership, as well as a vision for the specific business program/function being managed.
- Thorough working knowledge of most infrastructure technologies and in-house developed applications utilized in the enterprise.
- Thorough working knowledge of the organization’s methodologies and tools.
- Thorough working knowledge of the organization’s policies and procedures.
- Thorough working knowledge of interrelationships among various internal and external organizational functions.
- Strong customer service skills.
- Excellent interpersonal, written and oral communication skills.
- Team-oriented and skilled in working within a collaborative environment.
- Strong problem solving and analytical skills.
- Proven analytical and problem-solving abilities.
- Demonstrated ability to balance, prioritize and organize multiple tasks.
- Demonstrated ability to work collaboratively in teams and across organizations.
- Demonstrated ability to synthesize feedback and adjust plans accordingly.
- Demonstrated ability to build strong relationships inside and outside the organization.
- Demonstrated ability to apply creative solutions to business problems to ensure business needs are most effectively met.
- Demonstrated ability to effectively articulate the relationship of the department to other business units in the organization.
- Demonstrated ability to understand and anticipate needs and priorities of both internal and external customers.
- Demonstrated ability to integrate new concepts, practices, and emerging technologies into strategic planning process.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self motivated and directed.
- Keen attention to detail.
Bachelor’s degree plus 8 or more years of related experience plus 3 or more years of management experience (or equivalent experience)
The ability to secure and maintain a Arizona Fingerprint Clearance Card; and the ability to secure and maintain clearance from the DCS Central Registry.
In-state travel is sometimes required. Requires possession of and ability to retain a current, valid state-issued driver’s license appropriate to the assignment. Employees who drive on state business are subject to driver’s license record checks, must maintain acceptable driving records and must complete any required driver training (see Arizona Administrative Code R2-10-207.12.).
BA/BS in Computer Science or related experience.
As an employee of the Department of Child Safety you will be entitled to a comprehensive benefits package that can become effective as soon as two weeks after starting!
- Paid sick leave.
- Paid vacation that includes ten (10) holidays per year.
- Competitive health and dental insurance plans.
- Life insurance and long-term disability insurance.
We also offer optional employee benefits that include:
- Vision coverage.
- Short-term disability insurance.
- Deferred compensation plans.
- Supplemental life insurance.
- Employee wellness plans
For a complete list of benefits provided by The State of Arizona, please visit our benefits page
Positions in this classification participate in the Arizona State Retirement System (ASRS).
Enrollment eligibility will become effective after 27 weeks of employment.
Persons with a disability may request a reasonable accommodation such as a sign language interpreter or an alternative format by contacting 602-255-2903.
Requests should be made as early as possible to allow time to arrange the accommodation. Arizona State Government is an AA/EOE/ADA Reasonable Accommodation Employer.
ARIZONA MANAGEMENT SYSTEM (AMS)
All Arizona state employees operate within the Arizona Management System (AMS), an intentional, results-driven approach for doing the work of state government whereby every employee reflects on performance, reduces waste, and commits to continuous improvement with sustainable progress. Through AMS, every state employee seeks to understand customer needs, identify problems, improve processes, and measure results.
State employees are highly engaged, collaborative and embrace a culture of public service.
The State of Arizona is an Equal Employment Opportunity Employer.