Loading...
 
Share this Job

Security Engineering Manager (SPSA Opt 3)

We continually strive for a workforce that reflects the growing diversity within the State of Illinois.  A variety of employee backgrounds, perspectives, ideas and experiences are crucial to our ability to most effectively serve the public.  Bilingual skills welcome

Reasonable Accommodation Statement

Persons with disabilities are provided reasonable accommodations throughout the hiring process and during performance of all job duties.  Please email the Central Management Services Disability Resource Center at CMS.DisabilityResCen@illinois.gov or call (217) 524 - 7514 for further information and to request an accommodation.

Sponsorship for Employment

The State of Illinois does not provide sponsorship for employment visa status (e.g. H-1B visa status).  To be considered for permanent employment with the State of Illinois, applicants must be currently authorized to work in the United States on a full-time basis.

Disclosure of Salary Information

In compliance with the Illinois Equal Pay Act, 820 ILCS 112/1 et seq., the State does not seek, request, or require a job applicant’s wage or salary history.  Employment decisions are not made based on an applicant’s wage or salary history.  To that end, please do not include wage or salary information in your resume or other profile or application materials.

Date:  May 9, 2022
Location: 

Springfield, IL, US, 62702-5170

Job Requisition ID:  13593

Agency: Department of Innovation and Technology

Posting Date: 5/10/22

Closing Date/Time: 05/23/2022

Salary: $9,167-$10,834/monthly ($110,004-$130,008/annually)

Job Type: Salaried Full Time

County: Sangamon

Number of Vacancies: 1

Plan/BU: Term Appointment Gubernatorial (Management Bill) 000

 

The Illinois Department of Innovation and Technology (DoIT) is seeking a talented and energetic person to serve as our Security Engineering Manager. This position is responsible for helping to mature a “Best in Class” Cybersecurity Program for the State of Illinois. The Security Engineering Manager will lead the departmental efforts in progressing and directing security initiatives throughout the enterprise. DoIT security is a NIST based shop and uses a variety of state-of-the-art tools. The successful candidate will have managerial cybersecurity experience, be highly analytical and professional, communicate effectively, and possess excellent organizational skills. We invite qualified candidates to join our professional IT team as we transform technology for the State of Illinois!

 

****A RESUME IS REQUIRED FOR THIS JOB POSTING****


Please attach a DETAILED Resume/Curriculum Vitae (CV), a copy of your transcripts or diploma for all degrees earned, and a copy of any applicable professional licensures to the MY DOCUMENTS section of your application. Please note that the Department of Innovation and Technology must verify proof of higher education for any degree earned (if applicable) before any offer can be extended. You WILL NOT be considered for the position if you attach a CMS100, CMS100b or any other document in lieu of a Resume or CV.

Job Responsibilities

25%  Serves as Manager of Security Engineering for DolT:

  • Ensures security is built into the overall DoIT enterprise technology architecture.
  • Provides technical resources and coordination capabilities related to DolT operational activities in achieving sensitive and highly confidential security and compliance objectives.
  • Provides guidance and leadership to teams architecting systems and applications to ensure security is considered at the inception phase.
  • Develops and implements sensitive and highly confidential standards, protocols and expert guidance related to security.
  • Leads and provides guidance to team of experts assisting and directing legacy agencies in these matters.
  • Develops roadmap for long term projects and existing solutions to ensure security is built in.
  • Develops strategic plans for Security Engineering.
  • Enforces security compliance regulations such as PCI, PHI, HIPAA, and PII in the performance of duties.

 

20%  Serves as technical resource for division and agency initiatives related to security engineering:

  • Develops, guides and directs the implementation and testing of technical, administrative and physical controls.
  • Provides guidance on mitigating the risks within the environment to data and systems to include social engineering identification, prevention and improvement.
  • Ensures proper testing tools are in place in compliance with the State procurement model.
  • Leads communications with agencies to ensure controls are documented, distributed, followed and tested.
  • Ensures controls follow National Institute of Standards and Technology (NIST) framework and meet federal compliance.
  • Coordinates and consults with customers, staff, vendors, etc., regarding sensitive and highly confidential security engineering issues, policies, standards, procedures and responds to calls for emergency situations.
     

(Job Responsibilities continued)

20%  Plans, develops and implements sensitive and highly confidential security standards and policies across multiple platforms:

  • Provides design leadership to define and lead the security architecture objectives, creates and reviews policies, standards and guidelines related to security engineering.
  • Designs and coordinates workflows between a security operations center, and other related teams.
  • Oversees data classification and inventory, data loss prevention, data encryption and other security protocols.
  • Creates a state-wide asset and classification strategy and categories.
  • Ensures that all assets within the purview of the agency's responsibility are properly categorized.
  • Provides consultative guidance in security engineering services activities, plans, programs and develops strategic and budgetary plans for Security Engineering.
  • Guides work efforts with agency leaders to ensure understanding of priority agency data and leads technology used to find data schemas and apply categories.
  • Travels to meet with client agencies, private and federal officials.

 

15% Serves as full-line supervisor to subordinate managers and professional staff:

  • Assigns and reviews work.
  • Provides guidance and training to assigned staff.
  • Counsels staff regarding work performance.
  • Reassigns staff to meet day-to-day operating needs.
  • Establishes annual goals and objectives.
  • Approves lime off.
  • Adjusts first level grievances.
  • Effectively recommends and imposes discipline up to and including discharge.
  • Prepares and signs performance evaluations.
  • Determines staffing needs.
     

15% Supports integration efforts by providing security education, guidance and consulting on application solutions, services and standards:

  • Provides leadership to experts that will support the integration efforts.
  • Creates protocols for secure application development, infrastructure and network configuration and ensures standards are created to support secure protocols.
  • Educates technicians on protocol implementation.
  • Ensures a compliance model is in place to lest against.
  • Provides application development teams with support for the implementation of security protocols and risk strategies as well as maintenance of controls and procedures, remediation of security vulnerabilities throughout the lifecycle including dynamic, static, Infrastructure and database security testing.

 

5% Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

 

Knowledge, Skills, and Abilities

Minimum Qualifications: 
1. Requires knowledge, skill, and mental development equivalent to four years of college.
2. Requires prior experience equivalent to four years of progressively responsible administrative experience in an Information Technology related environment.
3. Requires three years of experience with IT/network security, application development, and/or database technologies.
4. Requires two years of experience working with security compliance regulations (such as PCI, HIPAA, PII), IT risk management framework (such as NIST), and/or security industry best practices.

 

Preferred Qualifications (In Order of Significance):
1.    Two (2) years of experience working in a cyber security environment.
2.    One (1) year of experience working in configuration management.
3.    Two (2) years of supervisory experience.
4.    Two (2) years of experience in vendor management, drafting service level agreements, and communicating service goals.
5.    One (1) year of experience with project management concepts and/or methodologies.
6.    One (1) year of experience in policy development and/or administration.
7.    One or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM).

Employment Conditions

1.    Requires ability to work at various times outside of normal office hours to meet deadlines.
2.    Requires ability to work overtime. 
3.    Requires use of agency-supplied equipment (mobile phone, laptop, etc.).
4.    Requires the ability to successfully complete a fingerprint-based background check as defined in the Department of Justice, Federal Bureau of Investigation Criminal Justice Information Services (CJIS) Security Policy, Internal Revenue Service Publication 1075 and background check done by the Illinois State Police.
5.    Requires the ability to meet all agency vaccine/health-related policies and guidance.
 

Work Hours: 8:30am-5:00pm; Monday-Friday

Work Location: 120 W Jefferson St Springfield, IL 62702-5170

Agency Contact: Melissa Roeder
Email: melissa.roeder@illinois.gov
Job Function: Technology; Administration/Management

 

Revolving Door:
Certain provisions of the revolving door restrictions contained in 5 ILCS 430/5-45 apply to this position. As a result, the employee should be aware that if offered non-State employment during State employment or within one year immediately after ending State employment, the employee shall, prior to accepting any such non-State employment offer, notify the Office of the Executive Inspector General for the Agencies of the Illinois Governor (“OEIG”) or may be subject to a fine.

 

Term Appointment:
Candidates hired into a term position shall be appointed for a term of 4 years and are subject to a probationary period. The term may be renewed for successive four-year terms at the Director of the Department of Innovation and Technology’s discretion.

 

The Department of Innovation & Technology (DolT) is the state's IT agency delivering an enterprise approach to statewide technology, innovation and telecommunication services, as well as policy and standards development, lifecycle investment planning, and cybersecurity services. With over 1,500 employees, DolT delivers IT services and innovative solutions to customer agencies to improve services provided to Illinois residents, DolT offers employees the opportunity to advance their careers, develop new skills and reach their potential, both personally and professionally. DoIT is committed to promoting and preserving a workplace culture that embraces diversity and inclusion. We welcome and value employees with different backgrounds, life experiences and talents. It is the collective sum of our individual differences that provides a broad perspective, leading to greater innovation and achievement. In recruiting for our team, we recognize the unique contributions of each applicant regardless of culture, ethnicity, race, national origin, sex, gender identity and expression, age, religion, disability, and sexual orientation.