"Alerted.org

Why live in Helena, Montana? Helena is surrounded by rolling hills and lofty mountains and is tucked below the Continental Divide. It is arelatively quietplace to call home where small-townlivingcollides with outdoor adventure. Helena has a rich history and was originally founded as a gold camp during the Montana gold rush. Learn more about moving to and/orlivingHelena, Montanahere. This position affords the opportunity to telework from a remote location within the state of Montana.  Specific conditions will be outlined as part of the job offerandmust adhere tostatepolicy. Why should you keep reading and consider working here? The State Information Technology Services Division - Office of the Chief Information SecurityOfficerdeliversworld classsecurity services to all state government agencies.  Ouremployeesutilizetheir subject matterexpertise,best practice standards and frameworks, andsophisticated technologytoprotectourcitizen’s datafrom global threats.  We value collaboration, teamwork, and respect; and we promote a culture of diversity, equity, and inclusion to provide a safe environment for our employees to grow their skills.  We invest in our employees byprovidingprofessional development opportunities that lead to career advancement and fulfillment.  We use exciting technologies and solve complex issues.  Our team has visibility into the State’s network and systems, and our actions have a direct impact on the State’s cybersecurity posture.  Security Services is a fun place to do serious work.  What is this career opportunity? We are looking for aRisk ManagementBureau Chief with a background inrisk management, compliance,business, customer relationship management,and peoplemanagementseekingto advance their career and protect citizen’s data.  This position is primarily responsible for managing therisk managementbureau and its staff; partnering with business and technology leaders across state government; and leadingrisk management framework activities.  Success in this role will require the incumbent topossessadvancedsoft skills and toprovide subject matterexpertiseon a variety ofinformation securitytopics in a dynamic information technology environment facing sophisticated and persistent threats from global cyber threat actors.  Someadditionalresponsibilities include, but are not limited to: * Facilitatesincident response planning for stateagencies; * Collaborates withagencybusiness leaders to understand operational needs and translates them into risk-informed security requirements. * Leads cross-agency workgroups to promote security best practices and support the development andmanagementof policies and standards. * Leads change initiatives that enhance the State’s risk posture and cybersecurity maturity. * Provides leadership, guidance, and coachingto risk management staff. * Aligns staff and work to drive Security Strategy and IT Strategy. * Sets clear expectations and priorities for team members aligned with agency goals and statewide IT security strategy. * Tracks and reports on bureau performance metrics todemonstratevalue and drive data-informed decisions. What are we looking for? This position isfirst and foremosta management position.  Candidatesare required tohave at least two years of experience managing people. The Bureau Chief role is a senior managementpositionthat requires the ability to bridge strategic and tactical thinking, to condense complex topics into simple terms, and to prioritize competing tasks. Education; Experience, and Certifications: Required for the first day of work, including alternatives: * Bachelorsdegree inInformation Security,Technology, or Business; AND * 4yearsofexperience ininformation security or technology; AND * 2yearsofexperience in a people management role * Industry certificationssuch as CISSP, CISM, CISA, and GSTRTare highly desired * Alternate combinations of education, experience, and certifications will be considered on a case-by-case basis. * Itwouldpiqueour interest if you have other security certifications such as CISSP or CISM and experience with information security policy development, vulnerability management, business continuity or disaster recovery. Competencies: This position is classified by the NICE Framework as Cybersecurity Management: Oversees the cybersecurity program of an information system or network, including managing information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources. Knowledge of:  * Risk Management Framework (RMF)requirements; * Information security program management and project management principles andtechniques; * NIST 800-53 control families and CIS Control Implementation Groups (IG) * Supply Chain Risk Management Practices (NIST SP 800-161); * The organization's risk tolerance and/or risk managementapproach; * Supply chain security and supply chain risk management policies, requirements, andprocedures; * Personally Identifiable Information (PII) data securitystandards; * Personal Health Information (PHI) data securitystandards; * Federal Tax Information (FTI) data securitystandards; * Controls related to the use, processing, storage, and transmission of data; and * Application Security Risks (e.g.Open Web Application Security Project Top 10 list). Skill in:  * Creating policies that reflect system securityobjectives; * Operationalizing strategy * Determininghow a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affectthese outcomes; and * Evaluating the trustworthiness of the supplier and/or product. Ability to:  * Apply critical reading/thinkingskills; * Exercise judgment when policies are notwell-defined; * Interpret and apply laws, regulations, policies, and guidance relevant to organization cyberobjectives; * Tailor technical and planning information to a customer’s level ofunderstanding; * Prioritize andallocateinformationsecurity resources efficientlyandeffectively; * Relate strategy, business, and technology in the context of organizationaldynamics; * Understand technology, management, and leadership issues related to organization processes and problemsolving; * Ensure information security management processes are integrated with strategic and operational planningprocesses; * Integrate information security requirements intocontract and procurementprocesses; and * Identifycritical infrastructure systems with information communication technology that were designed without system security considerations. Does this sound like you? Please tell us how and why bysubmittingyourresumeandcover letter. (Please Note: You do not need to complete the “work experience” or the “education & certifications”portionof the application process in our recruiting system. You only need to upload the requested documentation.) What can you expect from us in return for your hard work? * Lookhereto see theadditionalbenefits!  They include: o Work/life Balance o Health Coverage o Retirement plans o Paid Vacation and Sick Leave and Holidays o And more… **Title:** *Enterprise Risk Management Bureau Chief - Hybrid (66471)* **Location:** *Helena* **Requisition ID:** *25141202*