• Deputy Director, Cyber Security Services

    Washington Suburban Sanitary Commission (WSSC) (Laurel, MD)


    Position Information

    Functional TitleDeputy Director, Cyber Security Services

     

    Recruitment Category TypeStandard

     

    Functional CategoryInformation Technology

     

    GradeIT.20

     

    FLSA StatusExempt

     

    Requisition Number26-0067

     

    Number of Vacancies1

     

    Job LevelManagement

     

    Job CodeN/A

    Job Description Summary

    Organization NameDepartment Office

     

    Reports toChief Information Officer

     

    Full or Part TimeFull Time

     

    If Part Time how many hours per week

     

    Regular or TemporaryRegular

     

    Position End Date (if temporary)

     

    Work Schedule

     

    Monday – Friday

     

    8:30 AM – 4:30 PM

     

    (Position is on-call)

    Position LocationLaurel

    Position Summary Information

    General Summary

    This is a non-merit system, employment-at-will, long-term contract position.

     

    TheDeputy Director, Cyber Security Servicesestablishes and implements strategic initiatives for WSSC Water’s information security program (cyber security), compliance (e.g. information management, cyber security, software licenses, change/configuration management), and WSSC Water’s disaster recovery and incident response processes.

    Essential Functions

    + Develops, implements, and maintains enterprise Risk Management Information Management, and Change/Configuration Management Programs

    + Develops, implements, and maintains an enterprise software licenses, hardware/software maintenance compliance program

    + Performs periodic Information Security audits to identify compliance issues

    + Leads the development and governance of the Commission-wide ECM strategy

    + Conducts and/or supports investigations of data breaches; supports investigations initiated by Human Resources, General Councils Office, Emergency Management & Security, and/or General Manager

    + Manages IT audits, IT risk reduction recommendations, and general IT control reviews

    + Works with business owners to identify statutory and regulatory requirements that impact the business to ensure compliance

    + Performs application planning and pre-implementation risk assessments and validation; reviews in conjunction with Information Security policies, standards, and procedures to ensure compliance and consistency

    + Provides subject matter expertise on IT and business-related initiatives regarding risk and cyber security

    + Participates in testing and evaluation of IT internal controls on corporate security risks, internal and external audits and reports, and sensitive data exposures

    + Provides project management oversight and guidance for IT initiatives including development and maintenance of project plans, status reports, and budgets

    + Manages the security department staff including career development, performance appraisals, task prioritization, and assignments

    + Develops security processes to apply best practices and ensure compliance with relevant regulations

    + Collaborates with the management team to develop the strategic direction of the team and take actions necessary to move toward the strategy

    + Implements enterprise-wide disaster recovery/business continuity plan

    + Routinely reviews plans for accuracy and relevance

    + Develops and uses effective mechanisms to report compliance-related actions

    + Manages external vendor relationships with contract administrators to review / negotiate/revise relevant contracts

    + Oversees the management of service-level agreements with vendors and service providers

    + Supervises employees including selecting or recommending selection, training, assigning and evaluating work, counseling, disciplining, and/or termination or recommending termination

    Other Functions

    + Reports key metrics on information security and compliance as well as program updates

    + Reviews Information Security policies, standards, and procedures on an annual basis; updates as required

    + Maintains knowledge of existing and proposed regulations pertaining to information system security and privacy

    + Manages semi-annual tests of the Commission’s preparedness plans, evaluates effectiveness, and modifies plans as required

    + Ensures all IT business processes are documented, monitored, and audited

    + Represents the Commission on Prince George’s County and Montgomery County Information Security Committees

    + Performs related duties as assigned

     

    Work Environment And Physical Demands

     

    Business casual office setting

    Required Knowledge, Skills, And Abilities

    + In-depth knowledge of Information Security and experience in implementing an information security program

    + Knowledge of Information Security issues related to Industrial Control systems

    + Knowledge of IT governance protocols and current trends

    + Knowledge of Information Management assurance and security

    + Ability to assess risks and implement appropriate controls to mitigate risks

    + Familiarity with external/internal Attack and Penetration Assessments, Information Security Risk Assessments, Security Vulnerability Assessments, IT Audit Assessments, Network Server and Application Security Assessments, and Security Policy Standards & Procedure Development

    + Understanding of LAN / WAN technologies and protocols, FTP , Active Directory, VPN ( MPLS , IPSEC , etc.) IIS

    + Extensive knowledge and experience with network topologies, file/application servers, encryption technologies, and network operating hardware and software

    + Knowledge of industry-standard risk, governance, and security best practices associated with Local, Wireless and Wide Area Networking, internet security, applications security architectures, as well as secure email and file transfer protocols ( HTTPS , SMIME , etc.)

    + In-depth knowledge of ISO -20001 and ISO -27002 security frameworks

    + Strong process facilitation, project management, and organization skills

    + Excellent written and verbal communication skills

    + Strong analytical and problem-solving abilities and strong customer service orientation

    + Ability to work with highly confidential and sensitive internal employee matters

    Minimum Education, Experience Requirements

    + Bachelor’s degree in Computer Science, Business Administration, or related discipline

    + 8+ years of Information Technology experience that includes:

    + 5+ years’ experience managing and supporting Information Security (Cyber Security) Program and Compliance (information management, cyber security, software licenses, change/configuration management) activities, and Disaster Recovery and Incident Response Planning control methods for enterprise-scale systems

    + 3+ years managing information security teams

    + Experience in the concurrent management of multiple development projects, multiple development managers, and a team of developers/analysts/technical staff

    + Experience with forensic software such as Encase, chain-of-custody procedures for evidence collection and preservation

    Additional Requirements

    + This position is responsible for managing a staff that is on stand-by and on-call

    + Completion of the WSSC Water Financial Disclosure statement within 30 days of employment and annually thereafter

    Preferences

    + CGEIT or equivalent governance certification

    + CISSP , CISM , CISA , or equivalent security certification

    + ITIL and/or Project Management certifications

    + Understanding of water/wastewater utility operational systems

     

    Salary$188,516 - $320,988

     

    Posting Detail Information

     

    EEO Statement

    AN EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER

    It is the policy of the Commission to select new employees and to promote current employees without regard to race, sexual orientation, sex, religion, national origin, marital status, or handicap. The Commission does not discriminate against qualified individuals with a disability and will make reasonable accommodation for any disability that does not result in undue hardship for the Commission.

     

    Close Date10/24/2025

     

    Open Until FilledNo

     

    Special Instructions to Applicants

     

    Additional Information

     

    All applicants selected will be subject to drug screening and a background check/verification.

     

    Supplemental Questions

     

    Required fields are indicated with an asterisk (*).

     

    + * Will you, now or in the future, require sponsorship for employment visa status?

    + Yes

    + No

    + Are you an eligible veteran of any branch of the armed forces who has received an honorable discharge or Certificate of Satisfactory Completion of Military Service, the spouse of an eligible veteran who has a service-connected disability or the surviving spouse of a deceased eligible veteran?

    + Yes

    + No

     

    Applicant Documents

    Required Documents

    + Resume

    Optional Documents

    + Cover Letter/Letter of Application