Employment Opportunity

IT Security & Compliance Manager II

North Carolina State Office of Information Technology Services, Wake County, North Carolina

Salary: $90,734.00 - $139,143.00 Annually

Final Filing Date: March 20, 2018

This position serves as a Senior Cybersecurity Manager for Strategic Initiatives and reports directly to the State Chief Risk Officer (SCRO). Position is designed to support ESRMO functions in the areas of Security Incident Management and Response, Security Threat and Vulnerability Management, Risk Management, Security Administration; Security Education and Training; Security Publications; special security projects and investigations. This position serves as a manager overseeing cybersecurity projects, incident response efforts. The position manages compliance with statewide information security standards, such as National Institute of Standards and Technology (NIST), and requires a strong understanding of risk assessment, risk mitigation and risk management. Additionally, it manages the technical direction of a project through the design, implementation, and testing in accordance with project objectives; and directs and supervises all support resources for successful performance of projects.

This position provides centralized coordination, administration and support for the many elements of a distributed security infrastructure operated by DIT to serve state agencies. This position will use and apply the knowledge of various technologies to help the State meet its business requirements in a secure manner while managing risk. This position is also integral to the management and mentoring of teams of junior resources.

Duties and Requirements Click to read more


  • Provide statewide leadership in the analysis, resolution and maintenance of Information Technology risks, threats, vulnerabilities and protection requirements.
  • Advise the CRO as a subject matter expert on Cybersecurity Incident Response
  • Develop and maintain incident response strategy and the DIT Cybersecurity Incident Response Plan
  • Develop and manage the Cyber Wargaming program, including defining program objectives & roadmap.
  • Work with appropriate organizational authorities to help define a formal security road map or strategy to identify and address statewide information security needs
  • Develop information technology and security policies and procedures
  • Develop and deliver table-top exercises under the SCRO. Table-top exercises assess the effectiveness of cyber incident response capabilities across people, processes, and technology.
  • Managing staff in the completion of engagements on time with limited necessary revision
  • Develop and provide security metrics and reports
  • Drive integration of increased cybersecurity capabilities and acquired tools in support of the Statewide IT and Security Strategic Plan
  • Review, recommend and monitor progress of all security aspects related to agency projects
  • Make recommendations and provide SME consultation to the State's senior IT Managers
  • Implement selected security technology and appropriate supporting policies and procedures
  • Produce statewide policies standards, procedures and documentation in support of the technology implementation
  • Perform testing of security solutions to ensure compliance and produce thorough written reports for technical staff and management
  • Monitor for agency compliance with statewide policies, standards and procedures
  • Research and evaluate security technologies to identify strategic enterprise approaches for the deployment of security technologies that permit the state to benefit from standardization and economies of scale.
  • Prepare reports for the State CIO to meet legislative requirements and other duties as assigned
  • Lead cybersecurity and incident response training exercises


Knowledge, Skills and Abilities / Competencies
  • Knowledge of Risk Management Framework (RMF) requirements
  • Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of incident response and handling methodologies
  • Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • Knowledge of security control requirements for HIPAA, PCI DSS, IRS 1075 and other federal compliance requirements
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Knowledge of system life cycle management principles, including software security and usability.
  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • Extensive understanding of computer and network forensics, system and network security, incident management, intrusion detection, vulnerability and patch management, log analysis, and related technologies
  • Ability to relate business requirements and risks to technology implementation for security-related issues.
  • Strong communications and public-speaking abilities.
  • Excellent communication skills; inter personal; organizational and analytical skills, written and verbal communications, experience with management presentations
  • Strong customer focus and ability to manage customer/agency expectations.
  • Solid project management skills. Confidence and leadership as a member of project teams in a cross-functional environment.
  • Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
  • Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people
  • Required CISSP, GCIA, GCIH, CISM, CEH, or equivalent
  • Optional - Must have or be able to obtain SECRET level clearance
Minimum Education and Experience Requirements
  • Bachelor's degree in Computer Science, Computer Information Systems, Information Management or related degree from an appropriately accredited institution and five years of experience in IT security or closely related area;
  • OR
  • Bachelor's degree from an appropriately accredited institution and six years of experience in IT Security or closely related area;
  • OR
  • An equivalent combination of education and experience.
  • Salary range for this position is $90,734 - $120,000 and will be commensurate with the applicant's competencies, as well as budget, equity and market considerations.
  • Degrees must be from appropriately accredited institutions.

Do you have the Education Required? See available on-line and campus-based degree programs now!

How to apply: Apply online

Posted: March 6, 2018

NOTE: The crime-scene-investigator.net is not responsible for typographical errors or omissions in employment notices on this web site. Often, employers change final filing dates, change duties and/or requirements, or close employment openings without notice. If you are interested in a job posted on this site be sure to contact the employer to see if changes in the filing date or job announcement have been made. Employers can also provide more information about open positions that does not appear in the announcements on these pages.