Manager: Information Security

Title Code:

Manager: Information Security

JOB SUMMARY
Plans and coordinates the installation, testing, operation, troubleshooting, maintenance and sustainability of information security hardware and software tools, systems, and services. Leads confidential security investigations and audits, develop reports for management, and refines current information security processes and procedures. Ensures that all sensitive information transmitted and stored are properly protected. Ensures the quality, reliability, and accuracy of all deliverables. May work nights and weekends, as required, to monitor, support, maintain, implement and upgrade supported systems and related components.

Additional Work Days/Hours
Based on the assignment, the following additional work days and/or hours may be required as needed:

Ability to work flexible schedules
Emergencies
Evenings/Nights
Extended hours
Holidays
Inclement weather conditions
On call
Outside of normal business hours
Overtime as needed
Peak season
Weekends
ESSENTIAL DUTIES/RESPONSIBILITIES Develops and executes the organization's cybersecurity strategy, aligning it with business goals and risk tolerance; collaborates with executive leadership to define cybersecurity policies, standards, and procedures; leads cross-functional teams to implement security initiatives and drives continuous improvement; provides leadership to ensure industrial and cyber security compliance per contract requirements; familiarity with frameworks such as the Risk Management Framework (RMF) and NIST is essential; oversees the implementation of security controls, risk assessments, and vulnerability management.
Oversees day-to-day security operations, including incident response, threat detection, and vulnerability management; coordinate with security analysts, engineers, and administrators to maintain a secure environment; ensure compliance with industry standards (e.g., ISO 27001, NIST, CIS) and regulatory requirements.
Leads incident response efforts during security breaches or incidents; coordinate with external partners, law enforcement, and forensics teams; develop and test incident response plans to minimize impact and recovery time.
Sets up the security project work and delegate targets to the project team; ensures effective communication with all stakeholders across all levels, including detailed engineering and operational communications; identifies and manages project dependencies; undertakes requirements elicitation and definition to determine project scope; coordinates with larger program teams to ensure project compatibility and deliverable schedules.
Identifies, assesses, and prioritizes cybersecurity risks; develops risk mitigation strategies and ensures their effective implementation; monitors threat landscapes, vulnerabilities, and emerging trends to adapt security measures accordingly.
Collaborates with business units, legal, compliance, and IT teams to integrate security into project lifecycles and business best practices; communicates security risks and requirements to senior management and board members; fosters a security-aware culture through training, awareness programs, and communication channels.
Develops and implements security procedures and tools based on industry best practices; Conducts training sessions on proposed security solutions and emerging technologies.
Performs other related duties as assigned within the same classification or lower.
MINIMUM QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skills, and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education Bachelor's Degree in Computer Science or related field of education from a regionally accredited college or university required.
Master's Degree in related field of education from a regionally accredited college or university preferred.
Experience Five (5) years professional experience in cybersecurity required; and
Three (3) years experience in a supervisory or management role required.
Knowledge, Skills, Abilities and Other Characteristics Proven track record of successfully leading security programs and projects.
Experience with regulatory compliance and audit processes.
Familiarity with cybersecurity tools and NIST special publication documentation.
Experience with cloud technology, database security, and cybersecurity principles.
Previous experience supporting transition/handover of data gathering, enrichment, storage, and usage.
Collaboration with cybersecurity teams and existing application development teams.
Budget preparation and oversight.
Demonstrated experience performing confidential IT security-related investigations and audits.
Demonstrated ability to work effectively within a team environment.
Demonstrated project management experience.
Ability to organize and manage multiple assignments with concurrent time sensitive deadlines.
Ability to maintain confidentiality in all security-related matters.
Strong knowledge of network security, encryption, and access controls.
Excellent oral and written communication skills.
Experience with regulatory compliance and audit processes.
Proficiency in risk assessment, threat modeling, and security frameworks.
Demonstrated ability to effectively work and communicate with diverse populations
Demonstrated proficiency with business technology applications (e.g. Video/Web Conferencing, Microsoft Office Suite -Word, Excel, Outlook, and/or PowerPoint preferred).
Licenses and Certifications
Employee must retain active licenses, certifications, and enrollment as a condition of employment. Hold or be eligible for Certified Ethical Hacker (CEH) issued by EC-Council preferred.
Hold or be eligible for Project Management Professional (PMP) Certification issued by Project Management Institute (PMI) preferred.
Hold or be eligible for Certified Information System Security Professional (CISSP) issued by (ISC)² preferred.
Hold or be eligible for RIMS-Certified Risk Management Professional (CRMP) issued by Risk Management Society (RIMS) preferred.
Hold or be eligible for Driver's License (DL) Class C Non-Commercial issued by Maryland or State of Legal Residence (MVA/DMV) required; and
Daily access to reliable transportation.
Driving Requirements Driving is required to conduct bona fide Board business that is within the scope of employment in this position.
Personal Vehicle
LEADERSHIP ROLE First level supervisor
People Management This position acts as the manager for 1 to 5 direct staff.
This position acts as the manager for indirect staff.
This position manages 1 to 2 departments.
Management Duties/Responsibilities Interviews, selects, and trains employees.
Sets/adjusts pay rate and work hours.
Directs the work of employees.
Maintains records for use in supervision.
Assess employees' performance (productivity/efficiency) to make promotional recommendation/other status changes.
Handles employee complaints/grievances.
Disciplines employees.
Plans the work.
Determines the techniques to use.
Apportions the work among the employees.
Determines the type of materials, supplies, machinery, equipment or tools to be used of materials or merchandise to be brought, stocked and sold.
Controls the flow and distribution of materials or merchandise and supplies.
Provides for the safety and security of the employees or the property.
Plans and controls the budget.
Monitors and implements legal compliance measures.
PHYSICAL DEMANDS/WORKING CONDITIONS
The physical demands and working conditions described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Physical Demands Standing: over 2/3 percent of the time
Walking: over 2/3 percent of the time
Sitting: under 1/3 percent of the time
Using hands to handle or feel: between 1/3 and 2/3 percent of the time
Pinching (fine motor skills): under 1/3 percent of the time
Wrist deviation: between 1/3 and 2/3 percent of the time
Keyboarding: under 1/3 percent of the time
Pushing: under 1/3 percent of the time
Pulling: under 1/3 percent of the time
Reaching (with hands and/or arms): between 1/3 and 2/3 percent of the time
Climbing (Ascend/Descend): between 1/3 and 2/3 percent of the time
Balancing: between 1/3 and 2/3 percent of the time
Stooping: between 1/3 and 2/3 percent of the time
Kneeling: under 1/3 percent of the time
Crouching: under 1/3 percent of the time
Crawling: under 1/3 percent of the time
Bending: between 1/3 and 2/3 percent of the time
Twisting: between 1/3 and 2/3 percent of the time
Squatting: under 1/3 percent of the time
Talking: under 1/3 percent of the time
Hearing: under 1/3 percent of the time
Smelling: under 1/3 percent of the time
Repetitive Motions: between 1/3 and 2/3 percent of the time
Eye/Hand/Foot Coordination: between 1/3 and 2/3 percent of the time
As required by the duties and responsibilities of the position.
Vision
The vision demands with correction described here are representative of those that must be met to successfully perform the essential functions of this job. No special vision requirements
Work Environment
Location Office, school or similar indoor environment: over 2/3 percent of the time
Outdoor environment: under 1/3 percent of the time
Street environment (near moving traffic): under 1/3 percent of the time
Confined space: under 1/3 percent of the time
Exposure Outdoor weather conditions: under 1/3 percent of the time
Extreme cold (below 32 degrees): under 1/3 percent of the time
Work near moving mechanical parts: between 1/3 and 2/3 percent of the time
Work in high, precarious places: between 1/3 and 2/3 percent of the time up to 40 feet on vertical ladder/scaffolding
Fumes or airborne particles: between 1/3 and 2/3 percent of the time
Toxic or caustic chemicals, substances, or waste: under 1/3 percent of the time
Risk of electrical shock: under 1/3 percent of the time
Vibration: under 1/3 percent of the time
Noise Level Moderate: between 1/3 and 2/3 percent of the time
Weight & Force
Lifting and carrying requirements Up to 50 pounds: under 1/3 percent of the time
Travel Requirements N/A

JOB INFORMATION

Approved Date: 7/1/2024 Established Date: 11/25/2019 Title Code: B05809 Title: MANAGER: INFORMATION SECURITY Alternate Title: Manager: Information Security Reports to Generic: Senior Manager Reports to Specific: MANAGER SENIOR: INFORMATION SECURITY

ORGANIZATION

Division: Technology Business Unit: Information Security Department: Negotiated Agreement: N/A

HR JOB INFORMATION

Unit: V Days Worked: 260 FLSA Exemption Status: Exempt Grade:
PG14

Click HERE to view salary scale. Scroll down to locate (Unit 5 - Professional Staff).
Essential Job: Months Worked: 12 Hours Worked: 8 Job Family: Information Technology Sub-Function: Information Security

VR# 23369