State of Maryland

MANAGEMENT SERVICE BARBAINING UNIT: M

A State Retirement Agency (SRA) Director, Cybersecurity Operations I is the managerial level of work directing the overall cybersecurity functions. Employees in this classification manage the Cybersecurity Operation teams that includes Defense, Incident Response, and Engineering. Employees in this classification interact and collaborate with Information Systems executive and subordinate staff, with other Information System unit staff including Systems Development and Cybersecurity Operations, and also with MSRA Internal Audit, Business Operations, Investments, and other business units to assure the cybersecurity posture, maturity and systems adequately support the mission of the Agency in a sustainable, modern, effective, and secure manner. Employees in this classification directly supervise subordinate supervisory level staff and indirectly supervise technical, professional and administrative staff.

Employees receive managerial supervision from the SRA Deputy Chief Technology Officer or other designated administrator.

The SRA Director, Cybersecurity Operations I & II is limited to senior level technical employees in SRA who direct and manage the overall cybersecurity operations teams spanning the areas of Defense, Incident Response, and Engineering to assure the cybersecurity posture, maturity and systems adequately support the mission of the agency. Position allocation within the SRA Director, Cybersecurity Operations series is determined on the basis of relative job evaluations among similarly functioning positions. The job evaluation factors include: qualifications; nature and purpose of personal contacts; nature of recommendations, commitments, decisions, and conclusions; creative thought; responsibility for planning; responsibility for administration; and nature of supervision received.

Plans, directs, and administers all aspects of assigned SRA Cybersecurity programs in the areas of Defense, Incident Response, and Engineering;

Supports the goals, objectives and vision of the overall cybersecurity program within the agency;

Collaborates with the SRA Chief Technology Officer and SRA Deputy Chief Technology Officer in the creation/modification of existing or new data security policies, processes and procedures;

Oversees audits within IS and works to ensure the workflows between auditors and IS staff are productive and efficient (e.g., SaaS compliance manager platforms, artifact gathering, etc.);

Stays current on regulatory standards and changes in the cybersecurity discipline and communicates and integrates new standards, guidelines and recommendations within the cybersecurity program at the agency;

Performs ongoing research, review, and analysis of cybersecurity management and response tools, platforms, techniques, and procedures for the availability of potentially beneficial changes to each, and assurance that existing products and processes are being utilized for maximum value;

Maintains team readiness for current and foreseeable needs, including sufficient staffing levels with appropriate skills (breadth and depth);

Leverages employee and contractor resources appropriately, identifying and filling gaps in levels and skills;

Assures change management procedures, processes, and documentation are in established and followed;

Participates in planning for disaster recovery and business continuity efforts to assure the platform and personnel can support expectations, and to help devise appropriate solutions;

Conducts regular communications sessions with team staff to plan, discuss, troubleshoot, and inform agency staff of cybersecurity issues;

Identifies integration opportunities and initiates and conducts projects that may include system enhancements for performance, maintainability, and/or enhanced architectures to enable automated and streamlined productivity;

Collaborates and communicates capabilities for more effective cybersecurity defense and response and to replace aging, unsupported, and obsolete systems or processes;

Participates in solution and platform requirements, design & architecture sessions to assure non-functional cybersecurity requirements that affect platform expectations are solicited and considered (user roles/permissions, logging, monitoring, performance, availability, recovery, etc.);

Assures solutions delivered are appropriately documented, maintainable, performant, secure (logging, monitoring, alerts, permissions, architecture), scalable, and auditable;

Plans and budgets for desired changes (enhancements and new capability), and maintenance and operations;

Influences architectural design and workflow decisions and protect the integrity of data, network and voice systems;

Performs and presents research results by documenting and communicating logical thought processes that lead to conclusions and recommendations for cybersecurity improvements;

Negotiates complex business and technical issues between the agency and outside vendors where vendors are used to support the agency or division;

Manages vendor relationships, services, and contracts;

Coordinates cybersecurity planning and project activities within the unit, with other State IS units, agency non-IS units, and agency IS units including Infrastructure Operations, Systems Development, and Production Operations, as required;

Performs other related duties.

Class Descriptions are broad descriptions covering groups of positions used by various State departments and agencies. Position descriptions maintained by the using department or agency specifically address the essential job functions of each position.

Class Descriptions provide information about the Nature of Work, Examples of Work, General Requirements and Acknowledgements. The Required Knowledge, Skills, and Abilities; Minimum Education and Experience Requirements; Special Requirements; and recruitment and testing procedures are set by the using agency.

This is a Management Service classification in the State Personnel Management System. All positions in this classification are Management Service positions.

This classification is not assigned to a bargaining unit, as indicated by the designation of S (Supervisor), M (Manager), T (Agency Head), U (Board or Commission Member), W (Student), X (Used by Agency or Excluded by Executive Order), or Z (Confidential). As provided by State Personnel and Pensions Article, Section 3-102, special appointment, temporary, contractual, supervisory, managerial and confidential employees are excluded from collective bargaining. Additionally, certain executive branch agencies are exempt from collective bargaining and all positions in those agencies are excluded from collective bargaining.