Develop and implement effective information security policies and procedures to secure sensitive systems and data and oversee the security of systems, data, and activities.
- This position requires a minimum of 12 years of experience in system security.
- At least seven (7) years of highly specialized experience in one or more information, computer, or network security disciplines. These disciplines could include penetration testing, intrusion detection and audit analysis, public key infrastructure, cryptography, strong authentication, risk analysis, and multilevel security
- Must have Certified Information Systems Security Professional (CISSP) or Certified Cyber Forensic Professional (CCFP).
- Develop and implement effective information security policies and procedures to secure sensitive voter and election data and oversee the security of election systems, data, and activities.
- Responsible for strategic leadership of election information systems and security programs.
- Establish short-term (<1 year), midterm (1-3 years), and
- long term (3+ years) security and compliance goals, define security strategies, metric, reporting mechanisms and program services. Create a road map for continual security program improvements.
- Ensure information security and compliance with federal and state laws, regulations, and other requirements.
- Develop, maintain and oversee agency policies, procedures and controls to address applicable information security requirements and standards.
- Provide leadership for all security incidents and act as primary control point during significant information security incidents.
- Liaise with federal, State, and county officials, election support vendors, and other sources of information security data (e.g., MS-ISAC, EI-ISAC) to ensure adequate communication and monitoring protocols are in place to protect election systems and supply chain.
- Recommend information security language for contracts and other legal agreements.
- Design, implement and test agency-wide continuity, disaster recovery, and incident management programs.
- Review and update business impact analysis and risk assessment and management procedures.
- Identifies and makes recommendations regarding critical points of failure.
- Develop and implement information security training program for SBE and the local boards of elections.
- Oversee security testing and validation of all election systems and recommend tools and solutions to enhance the security of election systems.