Associate Chief Information Security Officer - 72004195

Requisition No: 842597 

Agency: Management Services

Working Title: ASSOCIATE CHIEF INFORMATION SECURITY OFFICER - 72004195

 Pay Plan: SES

Position Number: 72004195 

Salary:  $110,000.00 - $135,000.00 

Posting Closing Date: 02/06/2025 

Total Compensation Estimator Tool

Associate Chief Information Security Officer (CISO)

Florida Digital Service

State of Florida Department of Management Services

This position is located in multiple strategic locations across the state

Position Overview and Responsibilities:

The Florida Digital Service was established to propose innovative solutions that securely modernize state government, including technology and information services, to achieve value through digital transformation and interoperability, and to fully support the state’s cloud-first policy. It is also the lead entity responsible for enterprise cybersecurity.

The Associate Chief Information Security Officer (CISO) serves as a member of the CSOC leadership team in coordination with the CISO and Deputy CISO. The Associate CISO oversees and manages satellite Cybersecurity Operations Center (CSOC) operations including coordinating with the CSOC on augmenting the day-to-day work of the CSOC, security incident response operations, policy, processes, and procedures. On-site satellite operations are conducted primarily from a fully equipped physical CSOC facility in strategic location(s) throughout the State. Additionally, the Associate CISO is responsible for developing and implementing agency and enterprise-wide cybersecurity policies and procedures.

Specific Responsibilities:

• Coordinate with the cybersecurity team, particularly with the Incident Response and Threat Intelligence professionals under the CISO. In alignment with the CSOC, respond to cybersecurity incidents, especially as an escalation point for high-priority or highly complex incidents, or as an alternate-network asset. Drive development and continuous updating of cybersecurity policies, standard operating procedures and documentation for operational domains, including the use of automation and integrations where possible. Develop and maintain partnerships with relevant partners of the CSOC, including the University network for subject matter expertise, cutting-edge research, and possible internship educational opportunities. Ensure complete and accurate documentation of all activities and processes is maintained for all activities and tools to ensure an operating environment that is sound, sustainable, and compliant with policies and requirements, and seamlessly integrates with the CSOC. Participate in the design and execution of vulnerability assessments, red team /penetration tests, security audits, and cybersecurity exercises. Support the recruitment, development, and performance of personnel. Train, mentor, and guide other team members on cyber incident response practices, tooling, and capabilities. While working directly under the Deputy CISO, maintain a professional relationship and an effective partnership with the Incident Response Manager.
• Provides timely and relevant operational and procedural updates. Develops and provides daily operations and intelligence updates to the Incident Response Manager and Deputy CISO.
• In instances where the CSOC is not able to provide direct response, where multiple events require separate lines of effort, or as assigned by the CSOC, this position will lead incident response with full authority and autonomy.
• Provide after business hours support in response to security alerts and investigations.
• Research and lead cybersecurity policy initiatives; revise and implement policies and procedures to stay abreast of potential cybersecurity incidents.
• Other duties as needed.

Knowledge, Skills, and Abilities:

• Demonstrated experience and leadership running cybersecurity operations and incident response at a large private, public, defense, or government organization.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of physical security best-practices and intersection with cyber defense.
• Strong organization skills necessary to manage and coordinate across multiple teams with varying levels of technical and non-technical understanding of incident response activities.
• Develop and publish security incident analysis reports.
• Deep and wide knowledge of cybersecurity concepts, operations, and cybersecurity tools.
• Expert knowledge of industry best practices and frameworks (e.g. NIST, MITRE ATT&CK).

Desired Qualifications:

• Desirable education: Undergraduate degree in engineering, computer science, or information technology.
• Desirable certifications: GCIH, Security+, ECIH, CSIH, or equivalent certifications.
• Highly desirable certifications: CISSP, GSLC, or equivalent certifications.

Our Organization and Mission:
Under the direction of Governor Ron DeSantis, Secretary Pedro Allende and DMS’ Executive Leadership Team, the Florida Department of Management Services (DMS) is a customer-oriented agency with a broad portfolio that includes the efficient use and management of real estate, procurement, human resources, group insurance, retirement, telecommunications, fleet, and federal property assistance programs used throughout Florida’s state government. It is against this backdrop that DMS strives to demonstrate its motto, “We serve those who serve Florida.”

Special Notes:
DMS is committed to successfully recruiting and onboarding talented and skilled individuals into its workforce. We recognize the extensive training, experience, and transferrable skills that veterans and individuals with disabilities bring to the workforce.  Veterans and individuals with disabilities are encouraged to contact our recruiter for guidance and answers to questions through the following provided email addresses:
DMS.Ability@dms.fl.gov
DMS.Veterans@dms.fl.gov
An individual with a disability is qualified if he or she satisfies the skills, experience, and other job related requirements for a position and can perform the essential functions of the position with or without reasonable accommodation. Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must contact the DMS Human Resources (HR) Office at (850) 488-2707. DMS requests applicants notify HR in advance to allow sufficient time to provide the accommodation.
Successful completion of background screening will be required for this position. A second level CJIS criminal background screening may be required.

The State of Florida is an Equal Opportunity Employer/Affirmative Action Employer, and does not tolerate discrimination or violence in the workplace.

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.

The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.