State of Maryland

A State Retirement Agency (SRA) Cybersecurity Operations Manager is the supervisory level of work in the Office of Cybersecurity Operations Management (CSOM) and is tasked with the management of designing, managing, planning and vision casting for SRA’s cybersecurity operations. Employees in this classification supervise lower-level SRA cybersecurity positions.

Employees in this classification receive managerial supervision from an SRA Director, Cybersecurity Operations or other designated administrator.

Position placement in this classification is determined by the Classification Job Evaluation Methodology. The use of this method involves comparing the assigned duties and responsibilities of a position to the job criteria found in the Nature of Work and Examples of Work sections of a classification specification.

The SRA Cybersecurity Operations Manager supervises lower-level SRA cybersecurity positions.

Supervises lower-level SRA Cybersecurity Systems Engineers, SRA Cybersecurity Defense Analysts and the SRA Cyber Defense Incident Responders, and/or SRA Cybersecurity Defense Compliance Specialists;

Oversees Cybersecurity operations and recommends improvements and enhancements in both technical, operational and managerial arenas to maintain acceptable levels of risk in the network and applications development environments;

Assists in the development of technical documentation such as policies, procedures, and knowledge base articles;

Assists in responding to and organizing various audits from both internal and external sources;

Oversees the operation and management of SRA vulnerability management program to include: outside vendor (3rd party) PEN tests (internal/external), static and dynamic application security assessments, in-house vulnerability assessments of the internal network, reporting on risk analytics/trending, etc.;

Oversees SRA’s risk register to ensure exposure areas are identified and process/procedures are in place to mitigate risks to acceptable levels;

Oversees Cybersecurity staff to ensure quality and quantity of work is at a level of competence, professionalism, and effectiveness that meets expected benchmarks set at SRA to maintain a robust cybersecurity program;

Serves as the principle lead in proof-of-concept (POC) efforts when investigating new security products and/or technologies;

Provides managerial and operational guidance for cybersecurity staff for both on-prem and cloud-based security devices, platforms and services;

Develops, designs, and assists in the formation of an effective and functional incident response program to confront cyber threats and insider threat risks (e.g., malware intrusion/ransomware, employee abuse of PII, etc.);

Manages and organizes the planning, designing, implementing and deployment/onboarding of both on-prem and cloud-based new data security platforms and/or services to reduce risk exposure and provide effective protections over SRA’s core business processes and services;

Performs other related duties.

Employees in this classification may be subject to call-in 24 hours a day and, therefore, may be required to provide the employing agency with a telephone number where the employee can be reached. Employees may be furnished with an Agency-issued cell phone.

Applicants for this classification handle sensitive data. This will require a full scope background investigation prior to appointment. A criminal conviction may be grounds for rejection of the applicant.

Employees may occasionally be required to travel to field locations (i.e., disaster recovery site) and must have access to an automobile in the event a state vehicle cannot be provided. Standard mileage allowance will be paid for use of a privately owned vehicle.

Class Descriptions are broad descriptions covering groups of positions used by various State departments and agencies. Position descriptions maintained by the using department or agency specifically address the essential job functions of each position.

Class Descriptions provide information about the Nature of Work, Examples of Work, General Requirements and Acknowledgements. The Required Knowledge, Skills, and Abilities; Minimum Education and Experience Requirements; Special Requirements; and recruitment and testing procedures are set by the using agency.

This is a Management Service classification in the State Personnel Management System. All positions in this classification are Management Service positions.

This classification is not assigned to a bargaining unit, as indicated by the designation of S (Supervisor), M (Manager), T (Agency Head), U (Board or Commission Member), W (Student), X (Used by Agency or Excluded by Executive Order), or Z (Confidential). As provided by State Personnel and Pensions Article, Section 3-102, special appointment, temporary, contractual, supervisory, managerial and confidential employees are excluded collective bargaining. Additionally, certain executive branch agencies are exempt from collective bargaining and all positions in those agencies are excluded from collective bargaining.