Chief Information Security Officer

The State of Connecticut Department of Administrative Services (DAS) Bureau of Enterprise Systems and Technology's (BEST) Office of the Chief Information Officer is seeking a Chief Information Security Officer (Durational Project Manager). This role reports directly to the CIO, and is a senior level executive responsible for development, execution and monitoring of cybersecurity policies that support State of Connecticut citizens, businesses and internal State agency partners.

The selected individual will be a member of the IT Executive Leadership Team holding a critical and influential role; making investment and priority trade-off decisions, establishing statewide policies, identifying areas of risk and investment required to reduce cybersecurity risks, negotiating and managing vendor contracts, and recruiting and developing high performing teams. This leader will also be primarily responsible for leading an annual review of the state’s electricity, natural gas and water public utility providers to ensure citizens of Connecticut continue to receive reliable infrastructure services.

The individual selected to fill the role of Chief Information Security Officer must be a leader who has experience successfully championing and delivering positive cultural change. The Chief Information Security Officer will be instrumental in establishing a modern, statewide security capability and growing a culture of innovation and engagement; leveraging our current and emerging resources toward the goal of strengthening the State of Connecticut as the IT employer of choice.

Therefore, it is imperative that the individual selected to fill this role is an intelligent, articulate, consensus building, and persuasive leader who can serve as an effective member of the Information Technology Services team and communicate information security-related concepts to a broad range of technical and non-technical staff.

If this sounds like something you would love to be a part of, we encourage you to apply. 

Please note, this position will be posted "until filled".  Applicants who have previously applied area not required to submit another application.

All applicants must include a resume within the "Resume Tab" of their application. (Note: At any point during the recruitment process, applicants may be required to submit additional documentation which support their qualification(s) for this position. These documents may include: a cover letter, performance reviews, attendance records, supervisory references, college transcripts, licensure, etc., at the discretion of the hiring agency. Applicants must meet the minimum qualifications as indicated to apply for this position. State employees currently holding the above title or those who have previously attained permanent status in this class may apply for a lateral transfer. Questions about these required documents or any other phase of this recruitment should be directed to the hiring agency's human resources office: Theresa Judge at Theresa.judge@ct.gov. 

In a state agency makes or conducts a special inquiry, investigation, examination or installation pursuant to Section 5-198(n) of the Connecticut General Statutes.

In this role, you will be responsible for:

• Managing the central security team, which supports multiple security capabilities including Incident Monitoring and Response, Security Threat Detection, Security Policy and Audit;
• Working collaboratively with the Public Utilities Regulatory Authority (PURA) and public utility providers in the state to conduct reviews of cybersecurity controls and publish findings that reduce risk of cybersecurity intrusion into the state’s critical utility sector;
• Assisting PURA during periodic utility rate case reviews that encompass cybersecurity expenditures, including advising the PURA Chairperson on the prudency of the proposed or expended industry investment in cybersecurity-related measures;
• Overseeing policy development, measurement and improvement with a focus on being proactive, not reactive;
• Engaging agency partners, building critical relationships by listening, learning and understanding their business challenges;
• Communicating technological solutions that will improve security while maintain operations based on research, capability, integration ability and cost;
• Working with agency partners developing training and deployment plans aimed at maximizing both user adoption and realization of business benefits;
• Initiating, planning, scheduling and managing multiple high priority projects and programs utilizing a variety of methodologies;
• Creating and maintaining program roadmaps for capital funded projects and programs in support of enterprise functions;
• Leveraging technology trends to increase efficiency, reduce costs, and drive value;
• Developing, implementing and monitoring security policies and controls to ensure data accuracy, security, legal and regulatory compliance;
• Preparing cybersecurity risk tracking status reports that describe the state’s risk position and how efforts are working to reduce overall risk position;
• Managing vendor relationships and negotiating contracts to procure resources and technology solutions to meet the company's strategic objectives;
• Recruitment, development and retention of highly skilled cybersecurity talent, especially for key leadership positions for succession planning;
• Implementing and championing a robust professional development program, to continuously upskill team members to keep them current in this difficult to staff fields;
• Evaluating team member performance, providing candid feedback and high impact coaching that enables and motivates individuals to develop themselves and achieve departmental as well as enterprise goals.

• Information security program development and management to include: risk identification and mitigation, security governance, audit management, and compliance.     
• Implementation experience with commonly accepted industry standards and best practices, including but not limited to National Institute of Standards and Technology (NIST) 800-53 and the NIST Cybersecurity Framework.         
• Experience with current legal and regulatory requirements around information security and privacy, including but not limited to federal regulations for payment card, health data and other protected information. 
• Experience in the areas of security architecture and standards, secure network design, security event and incident management and vulnerability management. 
• Experience with secure software development techniques and strategies.

• Information security program development and management to include: risk identification and mitigation, security governance, audit management, and compliance.
• Implementation experience with commonly accepted industry standards and best practices, including but not limited to National Institute of Standards and Technology (NIST) 800-53 and the NIST Cybersecurity Framework.     
• Experience with current legal and regulatory requirements around information security and privacy, including but not limited to federal regulations for payment card, health data and other protected information.
• Experience in the areas of security architecture and standards, secure network design, security event and incident management and vulnerability management.
• Experience with secure software development techniques and strategies.

The successful candidate will:

• Possess CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or other comparable security certification/accreditation.
• Knowledge of the electric, natural gas, water, or telecommunications utility industry, particularly related to advanced metering infrastructure and other grid modernization technologies and data management platforms.
• Higher education, governmental agency or corporate/industry information security experience.
• Previous experience as an information security officer.
• Experience with disaster recovery planning and testing;
• Experience with auditing, risk analysis, and business continuity planning.

Preferred Education:

• An advanced degree in Information Management, Computer Science or related field.

AN AFFIRMATIVE ACTION/EQUAL OPPORTUNITY EMPLOYER

The State of Connecticut is an equal opportunity/affirmative action employer and strongly encourages the applications of women, minorities, and persons with disabilities.