Job Title: Chief Information Security Officer (CISO) – WMS 2
Opening Date/Time: Tue. 09/12/17 12:00 AM Pacific Time
Closing Date/Time: Sat. 09/23/17 11:59 PM Pacific Time
Salary: $85,000.00 – $101,604.00 Annually
Job Type: Full Time – Permanent
Location: Thurston County – Olympia, Washington
Department: Dept. of Fish and Wildlife

 


Chief Information Security Officer (CISO)
Permanent, Full-Time
The Department of Fish and Wildlife has some of the most talented people in the natural resource field.  We celebrate and value diversity, appreciating that a workforce composed of those from different backgrounds and experiences creates an inclusive environment, strengthens positive relationships with the local community, and brings new perspectives and approaches to fulfilling the agency’s mission.

The Washington Department of Fish and Wildlife (WDFW) is dedicated to preserving, protecting and perpetuating fish,  wildlife and ecosystems, while providing sustainable  recreational and commercial opportunities dependent on viable fish and wildlife populations.  Each day, WDFW employees facilitate fishing, hunting and wildlife viewing opportunities for millions of residents and visitors.  WDFW’s employees–field and laboratory biologists, geneticists, research scientists, hatchery professionals, policy experts, fully commissioned law enforcement officers, land stewards, lab technicians, property acquisition specialists, customer service representatives and others work throughout the state.  WDFW employees protect and restore critical habitat, strive to facilitate species recovery when necessary, and manage hundreds of fish and wildlife species.  WDFW employees maintain nearly a million acres of public wildlife lands. They interpret, apply and enforce state and federal laws and collaborate with stakeholders to protect fish and wildlife resources.  Find out more about us and the important work we are a part of at www.wdfw.wa.gov.

The Information Technology Services Division (ITS) improves business and science with enterprise-class information technology (IT). The staff fosters the most and best-possible secure, connected, and efficient information systems to maximize program-specific and/or organizational outcomes by implementing and supporting legacy and state-of-the-art technology infrastructure, hardware, and software. It administers enterprise-level technology services and support. Business and science operations are enhanced or newly-created via effective internal systems development activity or by assisting and selecting best-qualified external-developer partners and effecting necessary integrations with DFW or State technology resources.

The Chief Information Security Officer (CISO) is assigned to the Washington Department of Fish and Wildlife’s (DFW) Information Technology Services (ITS) Division and reports to the DFW Chief Information Officer (CIO). The ITS Division provides DFW’s IT products and services, that are both responsive to DFW’s business needs and that aligns with overarching Agency, State Information Security and Washington Administrative Code. The CISO is responsible for aligning DFW’s strategic vision, business needs, and cyber security with information technology.

 Duties:
The CISO oversees the Department’s Information Technology section that provides monitoring, remediation, and compliance services critical to the agency. Using an in-depth understanding of industry trends and available technologies, the CISO partners with peers, internal and external stakeholders to recommend and develop solutions to support the agency mission. The role will provide leadership, direction and oversight to implement and maintain a comprehensive agency-wide IT plan that aligns with business strategy. Responsible for advancing shared information systems and compliant enterprise architecture throughout the agency, including internally developed and externally provided business solutions.

The CISO is able to effectively articulate to staff the vision and direction of IT and how that fits in with the agency’s overall goals and objectives. Through the demonstration of effective leadership and supervisory skills the CISO fosters an environment of performance and accountability where employees feel valued and respected, and are empowered to achieve success.

The CISO represents the Department on several inter-agency policy groups such as the Office of the Chief Information Officer Roundtable, Consolidated Technology Services Advisory Committees, and other statewide committees that formulate recommendations for statewide IT policy. The CISO is required to travel to field offices and institutions that are out of the area.

Security Program: The CISO develops and maintains the framework for the organization’s IT information security. Evaluates and recommends new information security technologies and counter-measures against threats to information or privacy. Identifies information technology security initiatives and standards for the enterprise. Manages the development, implementation, and maintenance of the WDFW information security policy, standards, guidelines and procedures. Sets the access and authorization controls for everyday operations as well as emergency procedures for data. Sets the standards for access controls, audit trails, event reporting, encryption and integrity controls. Keeps abreast of latest security and legislation, regulations, advisories, alerts and vulnerabilities pertaining to WDFWs IT investments.

Security Risk and Prevention: Develops and implements an ongoing risk management program targeting information security and privacy matters; determines the methods for vulnerability detection and remediation, and oversees ongoing vulnerability testing. Leads the information technology security assessments to identify agency risk due to changes or modifications to the WDFW computing environment. Directs the agency security assessments/audits to identify vulnerabilities in security program and policies. Controls testing of security procedures, mechanisms and measures. Collaborates with federal and state auditors, agency managers, and subject matter experts for satisfactory completion of compliance and program audits of the WDFW information security program.

Security Incident and Authoritative Contact: Agency designated manager of security incident reporting and official responses to security incidents (breaches), responds to potential policy violations, or complaints from external parties. Leads the oversight and activities for intrusion detection and response. Ensures the internal control systems are monitored and that appropriate access levels are maintained. Investigates agency security breaches and develop agency after-action reports for CIO. Acts as the CIO’s designee representing WDFW on information security matters. Serves as the contact point for external auditors and agencies, survey requests, etc. and on department security/privacy matters. Initiates, facilitates, and promotes activities to create information security awareness and training throughout the organization.

 Qualifications:
Required Education, Experience, and Competencies.
  • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Information Systems or a related Technology field of study, or eight (8) years of equivalent experience
  • Eight (8) years’ experience in at least two IT disciplines (such as information security, technical audit, infrastructure, system analysis and design, application development/architecture, data management) in a business office environment.
  • Certified Information Systems Security Professional (CISSP), or formal security certifications from (ISC)2, GIAC, CompTIA, ISACA.
  • Working knowledge of prevailing industry security standards and Common Body of Knowledge gained via a CISSP, SANS, and/or CISA Certification(s).
  • Information security principles and practices, including any of the following: security risk assessment standards, risk assessment methodologies, and vulnerability assessments
  • Deep understanding of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts
  • Expert level knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security software
  • Exceptional interpersonal skills, including teamwork, facilitation and negotiation
  • Excellent written and verbal communication skills
  • Excellent planning and organizational skills
  • Ability to rapidly comprehend the functions and capabilities of new technologies.
Preferred Qualifications:
  • Masters of Business Administration or Masters of Information System Management
  • Successful and reference-verified experience with Cyber Security and Information Privacy compliance
  • Demonstrated experience with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) or other NIST standards.
  • Working knowledge of Washington State Security Standards and Office of the Chief Information Office policies
Leadership Competencies:
To perform the job successfully, the incumbent should demonstrate the following competencies:

Leading Change

  • Creativity and Innovation: Develops new insights into situations; questions conventional approaches; encourages new ideas and innovations; designs and implements new or cutting edge programs and processes.
  • External Awareness: Understands and keeps up-to-date on local, national, and international policies and trends that affect the organization and shape stakeholders’ views; is aware of the organization’s impact on the external environment.
  • Flexibility: Is open to change and new information; rapidly adapts to new information, changing conditions, or unexpected obstacles.
  • Resilience: Deals effectively with pressure; remains optimistic and persistent, even under adversity. Recovers quickly from setbacks.
  • Strategic Thinking: Formulates objectives and priorities, and implements plans consistent with long-term interests of the organization in a global environment. Capitalizes on opportunities and manages risks.
  • Vision: Takes a long-term view and builds a shared vision with others; acts as a catalyst for organizational change. Influences others to translate vision into action.
Leading People
  • Human Capital Management: Builds and manages a diverse, talented workforce based on organizational goals, budget considerations, and staffing needs. Ensures that employees are appropriately recruited, selected, appraised, and rewarded.
  • Performance Management: Gives clear direction, sets performance expectations, and holds staff accountable for accomplishing assignments. Takes timely corrective action to improve staff performance issues. Writes effective performance evaluations.
  • Conflict Management: Encourages creative tension and differences of opinions. Anticipates and takes steps to prevent counter-productive confrontations. Manages and resolves conflicts and disagreements in a constructive manner.
  • Leverage Diversity: Fosters an inclusive workplace where diversity and individual differences are valued and leveraged to achieve the vision and mission of the organization.
  • Developing Others: Develops the ability of others to perform and contribute to the organization by providing ongoing feedback and by providing opportunities to learn through formal and informal methods.
  • Team Building: Inspires and fosters team commitment, spirit, pride, and trust. Facilitates cooperation and motivates team members to accomplish group goals.
Results Driven
  • Accountability: Holds self and others accountable for measurable high-quality, timely, and cost effective results. Determines objectives, sets priorities, and delegates work. Accepts responsibility for mistakes. Complies with established control systems and rules.
  • Customer Service: Anticipates and meets the needs of both internal and external customers. Delivers high-quality products and services; is committed to continuous improvement.
  • Decisiveness: Makes well-informed, effective, and timely decisions, even when data are limited or solutions produce unpleasant consequences; perceives the impact and implications of decisions.
  • Problem solving: Identifies and analyzes problems; weighs relevance and accuracy of information; generates and evaluates alternative solutions; makes recommendations.
  • Technical Credibility: Understands and appropriately applies principles, procedures, requirements, regulations, and policies related to specialized expertise.
Business Acumen
  • Financial Management: Understands the organization’s financial processes. Prepares, justifies, and administers the program budget. Oversees procurement and contracting to achieve desired results. Monitors expenditures and uses cost-benefit thinking to set priorities.
  • Technology Management: Keeps up-to-date on technological developments. Makes effective use of technology to achieve results. Ensures access to and security of technology systems.
Building Coalitions
  • Partnering: Develops networks and builds alliances, collaborates across boundaries to build strategic relationships and achieve common goals.
  • Political Savvy: Identifies the internal and external politics that impact the work of the organization. Perceives organizational and political reality and acts accordingly.
  • Influencing/Negotiating: Persuades others; builds consensus through give and take; gains cooperation from others to obtain information and accomplish goals.
 Supplemental Information:
Working Conditions
Working environment is a busy office setting. Varying degrees of activity occur in the common areas during working hours; most tasks will involve sitting at a desk and working on a computer. Incumbent must be able to work amid distraction. Standard business hours are Monday-Friday, 8:00 a.m. to 5:00 p.m., but may be required to work more than 40 hours per week or on weekends to meet deadlines during peak periods and/or to meet business needs.

How to Apply
To apply, you MUST complete your profile at www.careers.wa.gov including a chronological employment history and attach only the following to your profile before applying for this position:

  • A letter of interest describing how you meet the qualifications of this position
  • A current resume, chronological preferred
  • Three professional references
Note: Failure to follow the above application instructions will lead to disqualification.  E-mailed documents will not be accepted in lieu of attaching your documents to the online profile.

Upon submission of your online application, you will immediately receive a confirming e-mail.  You will then be notified via e-mail of your status during the process.  In addition to the e-mail notifications, you can check the status of your application at any time by visiting your online profile at www.careers.wa.gov.  Due to the high volume of applications that we receive, we ask your understanding and encourage you to use the online process and avoid calling for information.

Please note that initial screening will be solely based on the completeness of application materials submitted and the contents and completeness of the “work experience” section of your application in NeoGov. A resume will not substitute for the “work experience” section of the application. The information provided in your application must support your selected answers in the supplemental questions. Responses not supported in your application may disqualify you from consideration for employment in this position. All information will be verified and documentation may be required.

The Department of Fish and Wildlife is an equal opportunity employer.  We strive to create a working environment that includes and respects cultural, racial, ethnic, sexual orientation and gender identity diversity.  Women, racial and ethnic minorities, persons of disability, persons over 40 years of age, disabled and Vietnam era veterans and people of all sexual orientations and gender identities are encouraged to apply.  Persons needing accommodation in the application process or this announcement in an alternative format may call (360) 902-2276 or the Telecommunications Device for the Deaf (TDD) at (800) 833-6388.