Security Operations Center Manager (SPSA Opt. 3)

Essential Functions

• Subject to management approval, serves as the Security Operations Center Manager for the Department of Innovation & Technology (DoIT) and as a technical leader for divisional and agency initiatives possessing independent authority to commit and allocate resources and planning and implementing the modifications needed for Security Information Systems and Event Monitoring (SIEM) Systems.
• Formulates and implements policies, standards, procedures and playbooks for the Security Operation Center, manages all aspects of forensics and chain of custody, and assists in e-discovery processes.
• Creates mitigating procedures for addressing threat vectors including Advanced Persistent Threat (APT), Distributed Denial of Service (DDOS), Phishing, Malicious Payloads and malware and develops documentation for management, including policies and procedures and implementing policies per agency and industry standards.
• Serves as full line supervisor:
• Coordinates and consults with customers, staff, vendors, etc., regarding SOC issues, policies, standards and procedures and develops rolling SOC program related documents and incorporates security technology plans and priorities.
• Keeps abreast of new developments, industry best practices, standards, approaches, tools and techniques as propagated by International Standards Organization, Information Technology Infrastructures Library, National Institute of Standards and Technology and other governing and certification bodies such as ISC2, Information Systems Audit and Control Association by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
• Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

Minimum Qualifications

• Requires knowledge, skill, and mental development equivalent to completion of four (4) years of college with coursework in management information systems, data processing, telecommunications or directly related Information Technology field. 
• Requires prior experience equivalent to four (4) years of progressively responsible administrative experience in a public or private business Information Technology organization. 
• Requires three (3) years of professional experience supervising a team of Information Technology professionals in a large and highly complex public or private IT organization. 

Preferred Qualifications (In Order of Significance)

• Four (4) years of professional experience leading enterprise-level incident response programs, including the development and execution of incident response plans, coordination of breech response activities, and facilitation of red/blue team exercises to simulate and improve organizational readiness.
• Four (4) years of professional experience managing vulnerability lifecycle processes, including the identification, analysis, and remediation of known vulnerabilities using alerts, advisories, errata, and bulletins with a focus on mitigating current and emerging cyber threat vectors.
• Four (4) years of professional experience in advanced cybersecurity operations, including incident handling, penetration testing, digital forensics, and malware reverse engineering, with ability to lead technical investigators and threat analysis.
• Four (4) years of professional experience operating in regulated environments, ensuing compliance with standards and frameworks related to Personally Identifiable Information (PII), Payment Card Industry (PCI), Sarbanes-Oxley (SOX), and the Health Insurance Portability and Accountability Act (HIPPA), with a focus on secure data handling and audit readiness.
• Four (4) years of professional experience supervising a team of IT professionals, including assigning and reviewing work, mentoring staff, conducting performance evaluations, and aligning team performance with organizational goals.  
• Four (4) years of professional experience designing, implementing, and testing disaster recovery and continuity of operations plans (COOP), including the development of strategic recovery frameworks and participation in continuity exercises to ensure organizational resilience.
• Four (4) years of professional experience applying the NIST Risk Management Framework (RMF) to assess, manage, and mitigate cybersecurity risks, including the development of documentation and controls aligned with federal and state standards.
• Extensive experience with network security architecture, including the design and implementation of secure network topologies, protocols, and components, with a strong understanding of defense-in-depth strategies and layered security principles.
• Demonstrated ability to administer and secure server and client operating systems, including configuration management, patching, and hardening practices across diverse IT environments.
• Certifications in one or more of the following: Certified Information Security Manager (CISM), Certified Information System Security Professional (CISSP), or equivalent security certification. 

Conditions of Employment

NOTE: Applicants must possess the ability to meet ALL of the following conditions of employment, with or without reasonable accommodation, to be considered for this position.  

• Requires the ability to verify identity. 
• Requires employment authorization to accept permanent full-time position with State of Illinois. 
• Requires the ability to pass a position specific, agency required background check and requires self-disclosure of criminal history. 
• Requires a valid driver’s license and the ability to travel.
• Requires the ability to work outside of normal hours to meet deadlines. 
• Requires the ability to use agency supplied equipment such as laptop, personal computer, work cell phone, etc. 
• Requires the ability to attend seminars, conferences, and training to remain current on methods, tools, ideologies, or other industry related topics relevant to job duties. 
• Requires adherence to the revolving door restrictions outlined in 5 ILCS 430/5-45. Consequently, employees should be aware that in the event of receiving a non-State employment offer during state employment or within one year immediately following the termination of State employment, they are required to inform the Office of the Executive Inspector General for the Agencies (OEIG) of the Illinois Governor before accepting such non-State employment. Failure to notify the OEIG may result in the imposition of a fine. 
• Requires compliance with the provisions outlined in section 4A-101 of the Illinois Governmental Ethics Act, necessitating the occupant of this position to file of a Statement of Economic Interest. Pursuant to the Illinois Governmental Ethics Act (5 ILCS 420/4A et seq.), specific state officials and employees are required to annually submit Statements of Economic Interest to the Office of the Secretary of State, which will be accessible to the public for examination and copying. Employees subject to this requirement must also file a Supplemental Statement of Economic Interest with the Executive Ethics Commission, as specified in Executive Order 15-09. Failure to submit these statements in a timely manner may result in fines and penalties.
• The conditions of employment listed are incorporated and/or related to any duties included in the position description.