Office of the
Illinois Attorney General
Kwame Raoul

SUMMARY OF DUTIES AND RESPONSIBILITIES:

Under the direction of the Chief Information Security Officer (CISO), the Deputy Chief Information Security Officer (DCISO) will be responsible for examining internal IT controls, evaluating the design and operational effectiveness of deployed systems and capabilities, formally documenting risk exposure, and working collaboratively across the organization to prioritize, draw focus, and track risk remediation commitments.

The Deputy Chief Information Security Officer will lead the development and maintenance of the IT Risk Register, providing regular updates to leadership on the overall aggregated risk profile, remediation plans and priorities, progress made, and open/closure performance. They will also be responsible for leading the development and publishing the monthly Information Security Key Performance Indicators (KPI) and performance metrics.

The Deputy Chief Information Security Officer will oversee the development, implementation, monitoring, and enhancement of the information security framework of policies, procedures, and standards. They will also develop strategies to address awareness and training for all stakeholders and oversee cybersecurity training for all employees, vendors, and other third parties. They will also provide guidance on identified security risks and will facilitate the updates and communication of changes to the organizations Information Security policies, practices, and standards

The Deputy Chief Information Security Officer will directly participate in the IT Change Management process and will be required to review and approve all Network Firewall rules and configuration changes prior to implementation.

MINIMUM QUALIFICATIONS:

This position requires a minimum of a bachelor’s degree in Computer Science, Information Systems, Information/Cybersecurity or related field. A minimum of 5 years of work experience managing cyber-security and/or information technology security functions is required. Experience as an Information Security Analyst / Engineer or IT Auditor is preferred. A current Certified Information Systems Security Professional (CISSP) certification is required along with at least one additional information security certification such as Security+, GCIA, CCNA, OSCP, CISM, or CISA. Demonstrated experience and knowledge in applying Information Security, Data Classification and Privacy concepts is also required.

This position requires familiarity with information security governance frameworks and experience in performing information security audits or risk assessments. Also, a working knowledge and understanding of computer networking, firewalls, routing and switching, network protocols, VPN, DLP, IDS/IPS, Web-Proxy, Endpoint Security, Office O365 Security, client / server implementation patterns, and cloud computing / “as-a-service” implementations. Ability to effectively coordinate, prioritize and collaborate along with outstanding written verbal communication skills. Attendance and the ability to maintain satisfactory working relationships with OAG employees and the general public is required.

HOURS OF WORK:        9:00 a.m. - 5:00 p.m.  (Monday - Friday)