Director of Local Cybersecurity

The Department of Information Technology (DoIT) provides support to state agencies, the Executive Office of the Governor, the Governor’s coordinating offices, and a variety of independent agencies within the Executive Branch.

Striving to provide the highest level of customer service to its internal and external customers, DoIT supports Maryland’s agencies and commissions through its leadership and strategic direction for Information Technology and Telecommunications, establishing a long range, target technology architecture, encouraging cross agency collaboration and advocating best practices for operations and project management.

**This is a management service position that serves at the pleasure of the appointing authority**

100 Community Place, Crownsville, MD  21038

The Director of Local Cybersecurity leads the planning, execution, and operational management of Maryland’s Local Cybersecurity Program under the Office of Security Management. Reporting to the Senior Director for State and Local Cybersecurity, this position directs initiatives that strengthen the cyber resilience of counties, municipalities, 12 school systems, health departments, and other local entities. The Director ensures alignment with statewide cybersecurity strategy, oversees local risk assessments and remediation planning, and manages coordination with the Maryland Department of Emergency Management (MDEM) and other partners to enhance preparedness, response, and recovery capabilities.

Education:

A bachelor’s degree or a master’s degree in cybersecurity or a cybersecurity-related discipline is required for this position to support succession planning due to a legal requirement for the State CISO position.

Experience:

 Identifying, implementing, or assessing security controls

 Managing highly technical security, security operations centers, and incident response teams in a complex cloud environment supporting multiple sites.

 Working with common information security management frameworks, such as NIST RMF, NIST CSF

 Have extensive knowledge of information technology and cybersecurity field concepts, best practices, and procedures with an understanding of existing enterprise capabilities and limitations to ensure the secure integration and operation of security networks and systems

 Have knowledge of current security regulations 

In addition, the candidate must have experience:

 Working in the context of service-provider telecommunications networks

Desired Qualifications:

1. A high-level cybersecurity certification, such as a CISSP, CISM, CCISO

2. A project management certification, such as a Project+, PMP, or CSM.

3. Experience leading response and recovery activities for large-scale cybersecurity incidents.

4. A strong understanding of, and experience working with Incident Command System in the context of supporting emergency management  response activities, such as large-scale cyber-disruptions