- Hourly / - BiWeekly /
- Monthly / $89,727.00-$150,415.00 Yearly
SKILLED
SERVICE BARGAINING UNIT:
G NCP
A Department of Information Technology (DoIT) Cyber Policy
and Strategy Planner I is the intermediate performance level of work in the
Office of Security Management (OSM) and is tasked with the development and
documentation of plans, policies, and procedures, and oversight and guidance of
certain subprograms, such as Security Awareness and Training. Employees in this
classification do not supervise lower-level positions. This
position may require work outside of regular business hours, and work in an
on-call capacity.
Employees in this classification receive moderate
supervision from an Executive Cyber Leadership Director or other higher level
IT Director.
Position placement in this classification is determined by the
Classification Job Evaluation Methodology. The use of this method involves
comparing the assigned duties and responsibilities of a position to the job
criteria found in the Nature of Work and Examples of Work sections of a
classification specification.
The DoIT Cyber Policy and Strategy Planner I and DoIT Cyber Policy
and Strategy Planner II and are differentiated on the basis of degree of
supervisory control exercised by the supervisor over these employees. The DoIT Cyber
Policy and Strategy Planner I performs duties under close supervision at times
and under general supervision at other times depending on the complexity of the
specific duty being performed, and the DoIT Cyber Policy and Strategy Planner
II performs the full range of duties under general supervision.
Develops policy, programs, and guidelines for
implementation;
Establishes and maintain communication channels with
stakeholders;
Reviews existing and proposed policies with stakeholders;
Serves on agency and interagency policy boards;
Advocates for adequate funding for cyber training
resources, to include both internal and industry-provided courses, instructors,
and related materials;
Ensures that cyber workforce management policies and processes
comply with legal and organizational requirements regarding equal opportunity,
diversity, and fair hiring/employment practices;
Promotes awareness of cyber policy and strategy as
appropriate among management and ensure sound principles are reflected in the
organization's mission, vision, and goals;
Reviews/Assesses cyber workforce effectiveness to adjust
skill and/or qualification standards;
Interprets and applies applicable laws, statutes, and
regulatory documents and integrate into policy;
Analyzes organizational cyber policy;
Assesses policy needs and collaborate with stakeholders to
develop policies to govern cyber activities;
Defines and integrates current and future mission
environments;
Designs/integrates a cyber strategy that outlines the vision,
mission, and goals that align with the organization's strategic plan;
Drafts, staffs, and publishes cyber policy;
Monitors the rigorous application of cyber policies,
principles, and practices in the delivery of planning and management services;
Seeks consensus on proposed policy changes from
stakeholders;
Provides policy guidance to cyber management, staff, and
users;
Reviews, conducts, or participates in audits of cyber
programs and projects;
Supports the CIO in the formulation of cyber-related policies;
Performs other related duties.
Knowledge of computer
networking concepts and protocols, and network security methodologies; Knowledge
of risk management processes (e.g., methods for assessing and mitigating risk);
Knowledge of laws, regulations, policies, and ethics as they relate to
cybersecurity and privacy; Knowledge of cybersecurity and privacy principles; Knowledge
of cyber threats and vulnerabilities; Knowledge of specific operational impacts
of cybersecurity lapses; Knowledge of system and application security threats
and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting,
Procedural Language/Structured Query Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-oriented attacks, malicious code); Knowledge
of the nature and function of the relevant information structure (e.g.,
National Information Infrastructure); Knowledge of the organization's core
business/mission processes; Knowledge of applicable laws, statutes (e.g., in
Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch
guidelines, and/or administrative/criminal legal guidelines and procedures; Knowledge
of full spectrum cyber capabilities (e.g., defense, attack, exploitation);
Knowledge of strategic theory and practice; Knowledge of emerging technologies
that have potential for exploitation; Knowledge of industry indicators useful
for identifying technology trends; Knowledge of external organizations and
academic institutions with cyber focus (e.g., cyber curriculum/training and
Research & Development); Knowledge of current and emerging cyber
technologies; Knowledge of Application Security Risks (e.g. Open Web
Application Security Project Top 10 list).
Skill in administrative
planning activities, to include preparation of functional and specific support
plans, preparing and managing correspondence, and staffing procedures; Skill in
preparing plans and related correspondence.
Ability to determine the
validity of technology trend data; Ability to develop policy, plans, and
strategy in compliance with laws, regulations, policies, and standards in
support of organizational cyber activities; Ability to leverage best practices
and lessons learned of external organizations and academic institutions dealing
with cyber issues.
Experience: Eight years of experience in Information security policy creation and compliance, legislation and governance programs and supporting internal audits.
Notes:
1. Candidates may substitute a bachelor’s degree in IT security management, IT management, information security, political science, business management, communications, public administration with cybersecurity experience or related field for up to four years of the required experience.
2. Candidates may substitute the “Education” requirement listed above, for a High School Diploma or possession of a High School Equivalency certificate and two additional years of experience as described above.
3. Candidates may substitute up to two
years of the “Experience” requirement listed above for a graduate level degree in
computer science, cybersecurity, information technology, software engineering,
information systems, computer engineering or related field from an accredited
college or university.
1. Employees in this classification may be subject to call-in 24
hours a day and, therefore, may be required to provide the employing agency
with a telephone number where the employee can be reached. Employees may be
furnished with a pager or cell phone.
2. Applicants for this classification may handle
sensitive data. This will require a full
scope background investigation prior to appointment. A criminal conviction may be grounds for
rejection of the applicant.
3. Employees
may occasionally be required to travel to field locations and must have access
to an automobile in the event a state vehicle cannot be provided. Standard
mileage allowance will be paid for use of a privately owned vehicle.
Class
Descriptions are broad descriptions covering groups of positions used by
various State departments and agencies. Position descriptions maintained
by the using department or agency specifically address the essential job
functions of each position.
This is a Skilled Service
classification in the State Personnel Management System. All positions in this
classification are Skilled Service positions. Some positions in Skilled Service
classifications may be designated Special Appointment in accordance with the
State Personnel and Pensions Article, Section 6-405, Annotated Code of
Maryland.
This classification is assigned to Bargaining Unit G, Engineering, Scientific
and Administrative Professionals classes. As provided by the State Personnel
and Pensions Article, Section 3-102, special appointment, temporary,
contractual, supervisory, managerial and confidential employees are excluded
from collective bargaining. Additionally, certain executive branch agencies are
exempt from collective bargaining and all positions in those agencies are
excluded from collective bargaining.
This classification is one
level in a Non-Competitive Promotion (NCP) series. NCP promotions are
promotions by which employees may advance in grade and class level from trainee
to full performance level in a classification series. In order to be
non-competitively promoted to the next level in a NCP series, an employee must:
1) perform the main purpose of the class, as defined by the Nature of Work
section of the class specification; 2) receive the type of supervision defined
in the class specification and 3) meet the minimum qualifications of the
classification.
July 1, 2021
Director, Division of
Classification and Salary