Job Description
Job Description
Client-Suffolk County Department of Information Technology (DoIT)
Title-Virtual Chief Information Security Officer
Duration- 2 years
Role Overview:
As the vCISO for Suffolk County, you will be tasked with developing and managing a comprehensive cybersecurity program. This involves setting policies, conducting risk assessments, and providing strategic guidance on cybersecurity matters.
Key Responsibilities:
- Align the cybersecurity program with the NIST Cybersecurity Framework.
- Develop policies, procedures, and guidelines to ensure adherence to cybersecurity standards.
- Perform cybersecurity gap analyses and develop strategic plans to mitigate risks.
- Establish and maintain an Enterprise IT Security Strategic Plan.
- Review and develop IT security policies and procedures, including incident management and escalation protocols.
- Establish configuration standards and monitor compliance.
- Lead the development of a Cyber Incident Response Plan.
- Oversee Disaster Recovery/Continuity of Operations Planning (DR/COOP).
- Evaluate third-party vendors for security compliance.
- Ensure vendor risk management practices are robust and effective.
- Develop a roadmap for implementing security controls and initiatives.
- Design and deliver security awareness training programs for County employees.
Technical Security Evaluations:
Oversee vulnerability assessments, penetration testing, and enterprise application security evaluations.
Prepare and present regular reports on the County's cybersecurity posture.
Ensure compliance with risk management frameworks and audit requirements.
Qualifications:
Experience: Minimum 15 years in information security, with project management experience.
Certifications: CISSP (Certified Information Systems Security Professional) and CISA (Certified Information Systems Auditor) certifications are required.
Experience in municipal or state government cybersecurity programs is preferred.
Skills: Strong leadership and communication skills to engage with executive stakeholders and technical teams effectively.
Employment: Must be US-based, a US citizen, and a full-time employee of the vendor.
This role demands a seasoned cybersecurity professional capable of not only technical leadership but also strategic oversight and compliance management within the unique context of public sector cybersecurity.