Domain IT Security Officer - (Nashville)

Posted on: 11/30/17


This position will report directly to the State CISO (Chief Information Security Officer) under the State CIO (Chief Information Officer). Summary: The Strategic Technology Solutions division within the Department of Finance & Administration is implementing a new IT delivery model for its customer agencies in a phased approach. The Enterprise IT Transformation initiative involves building a highly qualified and experienced organization to support our agencies in four business domains through a shared resource delivery model. Several critical resources are being recruited to build this delivery model to improve our IT customer service, improve strategic planning with a focus on enterprise solutions and provide improved solution delivery success rates. The Domain IT Security Officer is responsible for working in conjunction with the Business Domain Directors to support and lead information security oversight and provides direction and assistance to those respective Domains. Functional areas will include but not limited to: access control; telecommunication and network security; information security governance and risk management; software development security; cryptography; security architecture and design; security operations; business continuity and disaster recovery; legal, regulations, investigation and compliance; education and awareness and physical security. This position will work directly with the department compliance and privacy officers as well as the Chief Data Privacy Officer and Compliance Officer at STS. Roles and Experience: •Must possess an advanced understanding of security in multiple areas of IT. •Will be responsible for overseeing all aspects of security for all departments in the Domain. •Responsible for ensuring departments mitigate identified vulnerabilities/risks. •Leads correlation analysis efforts to identify trends and weaknesses in automated systems. •Assists with the development of policies, objectives, and strategies for the domain departments in the area of security utilizing best practice disciplines in solutions architecture and integration, cyber security, risk management, and regulatory and statutory compliance. •Participates in brainstorming sessions to develop divisional, department, and state-wide process streamlining initiatives and improve business practices •Participates with the departments on the review of build book whiteboard sessions with the STS systems architecture team. •Reviews, reports and enforces security governance. •Designs security policies, programs or practices to ensure adequate security relating to issues such as protecting assets. •Involved in the complete lifecycle of IT application deployment and maintenance. Education: •Graduation from an accredited college or university with a bachelor’s degree and experience equivalent to four years of experience in 1) information security program design and implementation related to IT infrastructure, or 2) information security risk analysis and mitigation, or 3) information security policy, standards and procedures creation and implementation. Preferred Experience: •Experience working in the governmental sector (local, state, or federal) Compensation Information: Commensurate with qualifications. EEOC Statement: Pursuant to the State of Tennessee’s Workplace Discrimination and Harassment policy, the State is firmly committed to the principle of fair and equal employment opportunities for its citizens and strives to protect the rights and opportunities of all people to seek, obtain, and hold employment without being subjected to illegal discrimination and harassment in the workplace. It is the State’s policy to provide an environment free of discrimination and harassment of an individual because of that person’s race, color, national origin, age (40 and over), sex, pregnancy, religion, creed, disability, veteran’s status or any other category protected by state and/or federal civil rights laws.

Ad Number: 20962059