Chief Information Security Officer

Important Recruitment Information for this vacancy: Kansas Bureau of Investigation The Kansas Bureau of Investigation is the premier criminal investigative agency in the state of Kansas. The KBI is committed to its critical mission of preventing crime and enhancing public safety in Kansas. We employ individuals who exemplify the highest standards of integrity, service, and dedication. Come feel like you're part of something bigger at the KBI. The KBI provides professional investigative, laboratory, and criminal justice information services to criminal justice agencies to promote public safety and prevent crime in Kansas. With nearly 400 employees, the KBI operates across three branches, including Administration, Investigations, and Criminal Justice Services. E-Verify: The Kansas Bureau of Investigation (KBI) participates in E-Verify and will provide the federal government with your I-9 information to confirm that you are authorized to work in the U.S. For additional information regarding E-Verify, please click here . For additional information regarding Immigrant and Employee Rights (IER) please click here . Kansas Bureau of Investigation About the Position: Who can apply: Anyone Classified/Unclassified Service: Unclassified Full/Part-time: Full-Time Regular/Temporary: Regular Work Schedule: Monday - Friday, 8-5 Eligible to Receive Benefits: Yes Veterans' Preference Eligible: Yes Search Keywords: KBI; IT; CISO; Topeka Compensation: Annual Salary Range: $121,000.00 - $142,000.00 Note: Salary can vary depending upon education, experience, or qualifications. Employment Benefits: Comprehensive medical, mental, dental, vision, and additional coverage Sick & Vacation leave Work-Life Balance programs: parental leave, military leave, jury leave, funeral leave Paid State Holidays Fitness Centers in select locations Employee discounts with the STAR Program Retirement and deferred compensation programs Visit the Employee Benefits page for more information Position Summary & Responsibilities: Position Summary: The KBI Chief Information Security Officer (CISO) is responsible for establishing and maintaining an information security management program to ensure that KBI and KCJIS information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the KBI and KCJIS. The CISO position requires a visionary leader with sound knowledge of business management and a working knowledge of information security technologies. The CISO will proactively work with state business units to implement practices that meet defined policies and standards for information security. While they also oversee a variety of IT-related risk management activities. Job Responsibilities may include but are not limited to the following: Manage the Agency's information security organization, consisting of direct reports in delivery of both assurance, technical security services, cyber collaboration, and cyber preparedness. This includes hiring, training, staff development, performance management and annual performance reviews. Facilitate information security governance through the implementation of a hierarchical governance program established by the Kansas Cybersecurity Act. Provide direction and oversight in the development and maintenance of Agency information security policies, standards, and guidelines. Advise and consult with senior agency and government officials as well as provide testimony to legislative committees regarding cybersecurity and information security. Create and manage role-based and cybersecurity awareness training programs for all employees, contractors, and approved system users. Work directly with KBI Agency leaders to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the agency on identifying acceptable levels of residual risk. Provide regular reporting on the status of the information security programs to Chief Information Officer, senior business leaders, and agency executives as part of a strategic enterprise risk management program. Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls. Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures. Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations. Ensure that security programs follow relevant laws, regulations, and policies to minimize or eliminate risk and audit findings. Manage security incidents and events to protect KBI and KCJIS information assets, including intellectual property, regulated data, and the KBI and KCJIS reputation. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Conduct regular security audits, assessments, and penetration tests to identify vulnerabilities. Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture. Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security. Facilitate and build upon a whole-of-state approach to cybersecurity. Collaborate and build relationships with local government entities and the other two branches of state government. Qualifications: Education Bachelor's degree in computer science, computer engineering, or related field or equivalent experience. Minimum Qualifications Minimum of eight to ten years of experience in a combination of risk management, information security and IT jobs. At least four must be in a senior leadership role. Employment history must demonstrate increasing levels of responsibility. Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences. Expert in application of the NIST and ISO 27001 Risk Management and Cybersecurity Frameworks Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment. Poise and ability to act calmly and competently in high-pressure, high-stress situations. Must be a critical thinker, with strong problem-solving skills. Knowledge and understanding of relevant legal and regulatory requirements, such as the General Data Protection Regulation (GDPR), Criminal Justice Information System (CJIS), Health Insurance Portability and Accountability Act (HIPAA) and, etc. Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. Project management skills: financial/budget management, scheduling, and resource management. Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. Degree in business administration or a technology-related field, or equivalent work- or education-related experience. Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials, is desired. Post-Offer, Pre-employment Requirements As a condition of employment, you will be subject to a pre-employment process to include a polygraph examination, fingerprint based records check, and comprehensive background investigation, including reference check of past and present employers. The pre-employment process will be waived for current KBI personnel who have previously completed the screening requirements Kansas Tax Clearance Certificate required in accordance with Executive Order 2004-03. Each applicant (even non-residents) who is selected for a State of Kansas job vacancy must apply for a Tax Clearance Certificate within 10 days from the date of the offer letter by accessing the Kansas Department of Revenue's (KDOR) website at www.kdor.ks.gov/apps/taxclearance/Default.aspx . If you need assistance with the tax clearance, please contact KDOR at (785) 296-3199 or by email at kdor_specialprojectsks.gov Recruiter Contact Information: Name : Luci Zieman Email : HumanResourceskbi.ks.gov Phone : 785-296-8200 Mailing Address : 1620 SW Tyler; Topeka, KS 66612 Required documents for this application to be complete: On the My Job Applications page, verify these documents are present and valid. Upload or delete and upload new if needed. Inside your Job Application upload these documents: Kansas Tax Clearance Certificate Required: Each applicant (even non-residents) applying for a State of Kansas job vacancy must obtain a valid Kansas Certificate of Tax Clearance by accessing the Kansas Department of Revenue's website. A Tax Clearance is a comprehensive tax account review to determine and ensure that an individual's account is compliant with all primary Kansas Tax Laws. A Tax Clearance expires every 90 days. All applicants, including current state employees, are responsible for submitting a valid certificate with all other application materials to the hiring agency. This is in accordance with Executive Order 2004-03. If you need assistance with the tax clearance, please contact 785-296-3199. Visit the Tax Clearance site for more information and where to obtain this Kansas Department of Revenue document. Job Application Process Sign in to your existing account or Register for a new one to apply. Complete or review your contact information on the My Contact Information page. Upload documents listed in the Required Documents section of the job posting to the appropriate location. Check your email and My Job Notifications for written communications from the Recruiter. To assist in completing your application, please see helpful links below: Instructions: Frequently Asked Questions How to Claim Veterans Preference Veterans' Preference Eligible (VPE): Former military personnel or their spouse that have been verified as a "veteran"; under K.S.A. 73-201 will receive an interview if they meet the minimum competency factors of the position. The veterans' preference laws do not guarantee the veteran a job. Positions are filled with the best qualified candidate as determine by the hiring manager. Learn more about claiming Veteran's Preference How to Claim Disability Hiring Preference Applicants that have physical, cognitive and/or mental disabilities may claim an employment preference when applying for positions. If they are qualified to meet the performance standards of the position, with or without a reasonable accommodation, they will receive an interview for the position. The preference does not guarantee an applicant the job, as positions are filled with the best qualified candidate as determined by the hiring manager. Learn more about claiming Disability Hiring Preference PLEASE NOTE : The documentation verifying a person's eligibility for use of this preference should not be sent along with other application materials to the hiring agency but should be sent directly to OPS. These documents should be sent either by fax to (785)296-7712, scanned and emailed to Gustavo.Victorianoks.gov , or can be mailed/delivered in person to: ATTN: Disability Hiring Preference Coordinator Office of Personnel Services Landon State Office Building 900 SW Jackson, Rm 401 Topeka, KS 66612 Equal Employment Opportunity The State of Kansas is an Equal Opportunity Employer. We value diversity, equity, and inclusion as essential elements that create and foster a welcoming workplace. All qualified persons will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, political affiliation, disability or any other factor unrelated to the essential functions of the job. If you wish to identify yourself as a qualified person with a disability under the Americans with Disabilities Act and would like to request an accommodation, please address the request to the recruiter.