NY HELP No Agency Information Technology Services, Office of Title Manager Information Technology Services 1 (Infomation Security) Occupational Category I.T. Engineering, Sciences Salary Grade 27 Bargaining Unit PS&T - Professional, Scientific, and Technical (PEF) Salary Range From $106898 to $131665 Annually Employment Type Full-Time Appointment Type Contingent Permanent Jurisdictional Class Non-competitive Class Travel Percentage 0% Workweek Mon-Fri Hours Per Week 37.5 Workday From 8 AM To 5 PM Flextime allowed? No Mandatory overtime? No Compressed workweek allowed? No Telecommuting allowed? Yes County Albany Street Address 50 Wolf Road, Floor 2 City Albany State NY Zip Code 12232 Duties Description The New York State Office of Information Technology Services (ITS) provides operational support 24 hours a day, 7 days a week, 365 days of the year, supporting more than 4,900 applications for 53 New York State Agencies.The New York State Department of Transportation (DOT) Office of Traffic Safety and Mobility (OTSM) and ITS are in year one of five years, implementing a Technology Plan designed to improve both safety and mobility by enhancing, streamlining, and improving resiliency of transportation system management and operations (TSMO) strategies. The portfolio of work includes 29 overall projects that address governance, legacy technology replacement, and installation of proven technology innovations. OTSM and ITS have established a joint Operational Technology Team (OT Team) to design, build, test and implement the portfolio of work and provide ongoing operational support of the portfolio. Under the direction of the Director of IT/OT Convergence within Dedicated Support, Department of Transportation (DOT), the Manager Information Technology Services 1 (Information Security) will be responsible for developing, implementing, and maintaining the organization's information security program, with a specific focus on OT environments within the transportation sector. This includes securing Intelligent Transportation Systems, ensuring transportation safety, and protecting critical infrastructure. The role focuses on protecting the confidentiality, integrity, and availability of OT/IT systems. The OT/IT Security Officer will collaborate with the TSMO Technology team to establish and maintain a robust and effective security posture across the TSMO landscape.Duties include, but are not limited to, the following:OT/IT Security Program Development and Management• Develop, implement, and maintain a comprehensive OT/IT security program aligned with industry best practices (e.g., NIST 800-82, ISA/IEC 62443, Transportation Security Administration (TSA) guidelines), regulatory requirements, and organizational policies.• Conduct risk assessments and vulnerability assessments of OT/IT systems and infrastructure to identify security gaps and prioritize remediation efforts.• Develop and maintain OT/IT security policies, standards, and procedures, specifically addressing transportation safety concerns.• Establish and manage an OT/IT security awareness training program for employees, contractors, and transportation partners.• Perform the full range of supervisory duties.Security Architecture and Implementation • Design and implement secure network architectures for OT/IT environments, including network segmentation, firewalls, intrusion detection/prevention systems (IDS/IPS), and other security controls.• Evaluate and recommend security technologies and solutions for OT/IT systems, considering the unique challenges of transportation environments (e.g., mobile assets, remote locations).• Oversee the implementation and configuration of security controls on OT/IT devices and systems, including those used in vehicles, traffic management centers, and roadside infrastructure.• Ensure proper patching and vulnerability management processes are in place for OT/IT assets, with consideration for the operational impact of downtime.Incident Response and Forensics• Develop and maintain an OT/IT incident response plan, specifically addressing transportation-related incidents (e.g., traffic signal manipulation, vehicle hacking).• Lead and participate in OT/IT security incident investigations.• Conduct forensic analysis of OT/IT systems to identify the root cause of security incidents.• Coordinate with OITS security teams and transportation authorities on cross-functional incident response activities.Transportation Safety and Compliance• Ensure network infrastructure complies with relevant transportation safety regulations and standards (e.g., FRA, FTA, DOT).• Participate in safety audits and risk assessments related to OT network infrastructure.• Implement and maintain network configurations that support failover and redundancy to ensure system availability in critical situations.Compliance and Auditing• Ensure compliance with relevant regulatory requirements and industry standards (e.g., NERC CIP (if applicable), TSA security directives, state DOT regulations).• Conduct regular security audits and assessments of OT/IT systems.• Manage and respond to internal and external audit findings.Collaboration and Communication• Collaborate with relevant teams to ensure a coordinated approach to security.• Communicate security risks and vulnerabilities to stakeholders in a clear and concise manner, emphasizing the impact on transportation safety and efficiency.• Stay up-to-date on the latest OT/IT security threats, vulnerabilities, and trends, including those specific to the transportation sector.• Participate in industry forums and working groups to share knowledge and best practices related to transportation security.Vendor Management• Assess the security posture of OT/IT vendors and service providers.• Review and approve security requirements for OT/IT vendor contracts.• Monitor vendor compliance with security policies and standards. Minimum Qualifications MINIMUM QUALIFICATIONS:Non-competitive: Seven years of information technology, cybersecurity, or information assurance experience*, including one year at the supervisory level.EDUCATION/EXPERIENCE SUBSTITUTIONS*:A bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor’s substitutes for two years of required experience.An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor’s degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience.A master’s degree or higher in computer science or related field substitutes for one year of required experiencePREFERRED QUALIFICATIONS:Certifications• Preference for candidates holding relevant Information Security industry certification, including but not limited to Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC).Skills• Strong understanding of OT/IT systems, including industrial control systems (ICS), SCADA systems, and distributed control systems (DCS).• Knowledge of OT/IT architectures, communication protocols, and security considerations.• Knowledge of OT/IT security standards and frameworks (e.g., NIST 800-82, ISA/IEC 62443).• Experience with network security technologies, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs.• Experience with vulnerability assessment and penetration testing tools.Soft Skills• Strong analytical and problem-solving skills.• Excellent communication and interpersonal skills.• Ability to work independently and as part of a team.• Ability to prioritize tasks and manage time effectively.• Ability to communicate technical information to non-technical audiences.• Strong leadership and mentoring skills.Please Note:• Appointment to this position and continued employment with the agency is contingent upon obtaining and/or maintaining New York State residency within six months of hiring. • Appointment to this position is not final until all agency approvals have been granted. Additional Comments ITS will not offer permanent employment to any candidate unless the candidate provides documentation that they are authorized to accept work in the United States on a permanent basis. It is the policy of ITS not to hire F1 or H1 visa holders for permanent employment or to sponsor non-immigrant aliens for temporary work authorization visas or for permanent residence.Fingerprinting and background check are required for employment with ITS.Details of the position will be described further if you are selected for an interview. Salary Commensurate with experience Benefits of Working for NYS Generous benefits package, worth 65% of salary, including: Holiday & Paid Time Off • Thirteen (13) paid holidays annually • Up to Thirteen (13) days of paid vacation leave annually • Up to Five (5) days of paid personal leave annually • Up to Eight (8) days of paid sick leave annually • Up to three (3) days of professional leave annually to participate in professional development Health Care Benefits • Eligible employees and dependents can pick from a variety of affordable health insurance programs • Family dental and vision benefits at no additional cost Additional Benefits • New York State Employees’ Retirement System (ERS) Membership • NYS Deferred Compensation • Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds • Public Service Loan Forgiveness (PSLF) • And many moreThe Office of Information Technology Services is an equal opportunity employer, and we recognize that diversity in our workforce is critical to fulfilling our mission. We encourage all individuals with disabilities to apply.This position may require critical services to be performed outside of normal work schedule. Some positions may require additional credentials or a background check to verify your identity. Name Michael Penticuff Telephone 518-473-0398 Fax 518-402-4924 Email Address PostingResponses@its.ny.gov Address Street Empire State Plaza Swan Street Building, Core 4, Floor 1 City Albany State NY Zip Code 12220 Notes on Applying To apply, please submit a cover letter and resume. Please indicate that you are applying for the Manager Information Technology Services 1 (Information Security) position and include the Vacancy ID in the subject of your email.Your Social Security number may be required to confirm eligibility.