INFO TECH BUSINESS CONSULTANT MGR -SES - 40060006

Requisition No: 838491 

Agency: Commerce

Working Title: INFO TECH BUSINESS CONSULTANT MGR -SES - 40060006

 Pay Plan: SES

Position Number: 40060006 

Salary:  $85,000-$130,000 

Posting Closing Date: 10/15/2024 

Total Compensation Estimator Tool

Our Organization and Mission:

FloridaCommerce works across the state to support Florida’s economy, robust and talented workforce, and our local communities. We are dedicated to making a stronger and more resilient Florida, so our businesses, communities and workforce are better prepared to withstand future economic slowdowns and natural disasters.

FloridaCommerce is an Equal Opportunity Employer/Program. Auxiliary aids and services are available upon request to individuals with disabilities.  (TTY/TDD 1-800-955-8771 or the Florida Relay Service – 711.)

Let FloridaCommerce’s mission become yours. To find out more about us, click on the link: http://www.floridajobs.org/

The Work You Will Do:

The Chief Information Security Officer (CISO) is responsible for establishing, maintaining, and directing an information security risk management program, information security governance, and cybersecurity operations for the Florida Department of Commerce. The CISO works closely with the Chief Information Officer (CIO), other IT leadership and staff, as well as agency staff and partners of all levels to bolster assurance that the confidentiality, integrity, and availability objectives of all information and data generated, stored, or processed by, or on behalf of, the agency are addressed in a manner congruent with the FloridaCommerce mission. 

The Difference You Will Make:

FloridaCommerce is a fast-paced work environment in which critical thinking and commitment to serving the citizens of Florida is a vital to the Agency’s vision. As a member of the Division of Information Technology, you will help to support the Agency goals through providing affordable, reliable, effective, and secure technology services.

How You Will Grow:

FloridaCommerce encourages its employees to constantly innovate and seek efficiencies.  Trainings are made available throughout the year and on request with our Office of HR Training and with our Division of Workforce Training Unit. In accordance FloridaCommerce Vision and Mission, the employee:

• Furthers Florida’s economic vision by providing support that enhances the economy and develops, safe, and healthy communities.
• Meets customer/client expectations with an emphasis on responsiveness, quality, quantity, and timeliness of work.
• Provides information clearly, accurately, and succinctly, and also exhibits good listening skills.
• Works collaboratively to optimize the effectiveness of FloridaCommerce available resources and tools.
• Uses knowledge acquired through education, training, or experience to complete tasks.

The Division of Information Technology provides its staff with access to resources and trainings provided by the following:

• Pluralsight
• CBT Nuggets
• Gartner
• Microsoft

These expectations are for all our employees, and you will be expected to model these as a leader.  We believe in supporting and encouraging you as you take on important and often complex projects while offering you the opportunity to gain valuable experience. We make available other career growth opportunities such as CPM “Certified public Manager,” Certified PMP “Project Management Professional,” and Gartner GTP access.

Where You Will Work:   

Tallahassee is Florida’s capital city and continues to grow attracting development and new business. Tallahassee is a mid-sized city in the heart of Florida’s Big Bend.  Commerce is in downtown Tallahassee, the political epicenter that draws in visitors each year to visit the Capitol. Each spring, the legislative session opens and people pour in to see the State perform its business. So regardless of what brought you here, being here will guarantee you an experience vibrant with entertainment, culture and delight. Tallahassee is:

• Known for its beautiful parks, rolling hills and oak trees, canopied roads, hotels, dining, museums, arts, music, and natural resources (https://talgov.com/)
• Home to major college campuses, Florida State University(FSU), Florida A & M University (FAMU) and Tallahassee Community College (TCC).
• Approximately 22 miles from the nearest beach ( https://choosetallahassee.com/beaches-near-tallahassee/ )
• Within a state having no state income tax for residents of Florida

WORKING FOR THE STATE OF FLORIDA IS MORE THAN A PAYCHECK!!

* State Group Insurance coverage options+                                               * Retirement plan options, including employer

   (health, life, dental, vision, and other supplemental options)                    contributions (FYI, please click www.myfrs.com)

* Nine paid holidays and a Personal Holiday each year                              * Annual and Sick Leave Benefits

* Student Loan Forgiveness Program (Eligibility required)                          * Flexible Spending Accounts          

* Tuition Fee Waivers (Accepted by major Florida colleges/universities)    * Ongoing comprehensive training provided             

* Career Growth                                                                                           * Highly skilled, professional environment                 

+For a more complete list of benefits, visit www.mybenefits.myflorida.com.

• We care about the success of our employees.
• We care about the success of our clients.
• We are always improving our technology, our tools, our customer’s experiences and ourselves.
• A rewarding experience for reliable, compassionate and professional employees.

Pay

• $85,000 – $130,000 Annually           

Your Specific Responsibilities:

The Chief Information Security Officer (CISO) is responsible for establishing, maintaining, and directing an information security risk management program, information security governance, and cybersecurity operations for the Florida Department of Commerce. The CISO works closely with the Chief Information Officer (CIO), other IT leadership and staff, as well as agency staff and partners of all levels to bolster assurance that the confidentiality, integrity, and availability objectives of all information and data generated, stored, or processed by, or on behalf of, the agency are addressed in a manner congruent with the FloridaCommerce mission. 

“Supervisory employees” are those who spend the majority of their time communicating with, motivating, training, and evaluating employees, and planning and directing employees’ work, and who have the authority to hire, transfer, suspend, lay off, recall, promote, discharge, assign, reward, or discipline subordinate employees or effectively recommend such action, including all employees serving as supervisors, administrators, and directors. 

The CISO is responsible and/or accountable for the following: 

• Managing and improving the agency’s Information Security Program and associated programs and processes (Risk Management, Vulnerability Management, Cyber Security Awareness, Disaster Preparedness and Recovery, Threat Monitoring, Incident Response, etc.). 
• Owning the Information Technology Service Management (ITSM) Information Security Management process and developing, tracking, and reporting process performance metrics. 
• Development and continuous update of the agency’s strategic and operational security plans through a risk-based, business-driven approach. 
• Development and continuous update of other Information Security plans, policies, procedures, standards, and guidelines. 
• Facilitating the development of guidelines and processes pertaining to the security of information resource supply chains, including the assessment of third-party IT and non-IT services and their impact upon information security. 
• Coordinating, in conjunction with the Bureau Chief of IT Operations, common security operations center (SOC) functions, including threat prevention, monitoring, and response. (Technologies and controls include, but are not limited to: encryption tools, log management, application control, DLP, cloud security, SIEM, EDR/XDR, NGFWs, etc.) 
• Maintaining the Incident Response Plan (IRP) and coordinating enterprise incident response activities. 
• Working with agency enterprise architects to develop and coordinate the implementation of secure, compliant, affordable, reliable, and effective security controls for technology systems, data, workflows, and business processes. 
• Assisting in the development and testing of information technology disaster recovery (DR) plans, agency Continuity of Operations Plan (COOP), and IT contingency plans. 
• Sponsoring and championing projects and other efforts that advance security program maturity and providing information security and risk management subject matter expertise to programs, projects, and governance processes. 
• Assisting System Owners and Information Owners in the creation and maintenance of security documents (SSPs, Continuous Monitoring Plans, DR Plans, Gap Analyses, Risk Assessments, POA&Ms, etc.). 
• Facilitating the development, maintenance, and execution of appropriate administrative and technical controls for Identity and Access Management. 
• Management of the IT Compliance Officer in their duties, including responses to inquiries from the Florida Auditor General, Office of the Inspector General, relevant governmental and industry compliance bodies, and partners with which the agency maintains information security agreements. 
• Generating operational security spend plans and timely budget and procurement estimates based on strategic and operational plans and emergency response activities. 
• Supporting application development best practices, including secure application design and architecture and continuous vulnerability assessment as part of secure CI/CD practices, secure software development life cycles and DevSecOps.                                              
• Supervising and directing information security team staff, managing schedules, fostering a healthy and positive work environment, and working with the Office of Human Resources during hiring and disciplinary actions. 
• Supporting the ongoing development of information security staff by mentoring current and prospective team members, maintaining and coordinating staff professional development plans, identifying and procuring continuing education resources and training, and maintaining team member performance and progress standards. 
• Participating in Information Technology Leadership activities, such as administrative planning and policy development, staff communications and coordination, staff and management guidelines, emergency response, etc. 
•  

In accordance with Section 447.203(5), F.S., the incumbent of this position assists the CIO or his/her designee in a confidential capacity by performing duties relative to internal information security and internal information security audits. 

In accordance with Section 282.318(4)(a), F.S, the CISO is annually appointed by the agency head as “Information Security Manager” (ISM), for the purposes of administering the agency information security program and coordinating with partners within the State. 

Required Knowledge, Skills, and Abilities:

• Ability to work with cross-functional teams and communicate effectively with staff of varying levels, including executive leadership, business staff, and technical teams. 
• Knowledge of common cybersecurity strategy, governance, risk, and compliance approaches for mid-size to large organizations. 
• Knowledge of team management and leadership best practices. 
• Knowledge of high-level business analysis, project management, and project governance best practices. 
• Knowledge of advanced information security and cybersecurity concepts. 
• Knowledge of infrastructure security fundamentals. 
• Knowledge of cloud security fundamentals, including shared responsibility models across all common cloud service paradigms. 
• Knowledge of fundamental threat management and threat modeling techniques and practices. 
• Knowledge of operational technology and internet-of-things (IoT) security fundamentals 
• Knowledge of risk management processes/governance. 
• Knowledge of the Center for Internet Security (CIS) Controls. 
• Knowledge of the Open Web Application Security Project (OWASP) Top 10. 
• Knowledge of relevant cybersecurity standards, frameworks, and certifications such as the NIST Cybersecurity Framework, NICE, and FedRAMP. 
• Knowledge of Federal and State information security laws and statutes, such as PCI-DSS, IRS Publication 1075, and CJIS Policy. 
• Knowledge of National Institute of Standards and Technology (NIST) Special Publication (SP) 800 Series guidelines. 
• Knowledge of common offensive security tactics, techniques, and procedures (TTPs). 
• Knowledge of common IT network protocols, database technologies, and network, system, and application management methodologies. 
• Knowledge of security auditing methodologies and corrective action management. 
• Knowledge of vulnerability assessments and reporting for systems, processes, and applications. 
• Knowledge of identity and access management best practices. 
• Knowledge of vulnerability management best practices. 
• Knowledge of legal and regulatory best practices regarding information security and Data Protection. 
• Knowledge of best practice digital forensics techniques and tools. 
• Knowledge of best practice security awareness methods. 
• Knowledge of disaster recovery (DR) best practices. 
• Knowledge of common methodologies for assuring information security within common cloud paradigms and environments. 
• Knowledge of best practice network monitoring techniques, including Intrusion Prevention Systems (IPS), Security Information and Event Monitoring (SIEM), next generation firewalls (NGFWs), and endpoint protection. 
• Knowledge of high-level business analysis, project management, and project governance best practices. 
• Knowledge of fundamental budgeting and spend planning. 
• Skills in process automation and improvement, including experience with technical automation. 
• Skills in information security governance, including risk management best practices, business alignment, framework development, and strategic planning. 
• Ability to assess security needs and make recommendations regarding enablement of the business programs (e.g., mobile security, cloud security, Internet of Things (IoT), artificial intelligence (AI), and emerging technologies). 
• Ability to work with minimum supervision. 
• Ability to balance multiple priorities and quickly adjust to changing priorities. 
• Ability to lead and work closely with other leaders. 
• Ability to both teach and learn. 

Qualifications:

As a condition of pre-employment eligibility, a Level 2 security background screening is required, which consists of fingerprinting and a check of local, state and national law enforcement records.  

Minimum:

• Five plus years of professional experience in information security, cybersecurity, IT auditing, network engineering, computer systems analysis, and/or IT management, with demonstrated security-related responsibilities.
• One or more of the following are required:
• A bachelor’s, master’s, or higher degree in Information Security, Cybersecurity, Computer Science, or a closely related discipline 
• CISSP (Certified Information Systems Security Professional) or Associate 
• CCISO (Certified Chief Information Security Officer) 
• CISM (Certified Information Security Manager) or 
• Similar Information Security Certification. 

Other job-related requirements for this position:  

Three or more years of professional experience working directly in an information security or cybersecurity role in a large enterprise environment.   

The State of Florida is an Equal Opportunity Employer/Affirmative Action Employer, and does not tolerate discrimination or violence in the workplace.

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.

The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.