IT Security & Compliance Manager II - DPS CISO (DPS #10114489)
Apply NowCompany: State of New Mexico
Location: Santa Fe, NM 87507
Description:
$51.60 - $82.56 Hourly
$107,324 - $171,718 Annually
This position is a Pay Band II
Posting Details
The New Mexico Department of Public Safety (DPS) is looking for a proven leader and cybersecurity expert to serve as Chief Information Security Officer (CISO) and lead our Cybersecurity and Compliance Bureau (CCB). The CCB is a key strategic bureau within DPS and the Information Technology Division (ITD). DPS houses the New Mexico State Police (NMSP) and provides many services to the entire law enforcement community throughout New Mexico. DPS is the FBI designated Criminal Justice Information Services (CJIS) Systems Agency (CSA) for the State of New Mexico. As such, DPS is the exclusive entity in New Mexico that provides access to CJIS for all federal, state, local and tribal law enforcement agencies. The DPS CISO also serves as the FBI designated CSA Information Security Officer (ISO) for the State of New Mexico.
The DPS ITD provides a portfolio of services to the entire law enforcement community in New Mexico in addition to being the key technology partner of NMSP and the other statewide law enforcement support divisions of DPS. The ITD Leadership Team is committed to helping everyone on our team grow professionally and personally through training, mentorship, and challenging work assignments.
DPS has one of the most complex networks in the State of New Mexico consisting of over 50 physical offices including the DPS headquarters, the NM Law Enforcement Academy, three forensic labs, three 911 communications / dispatch centers, 12 NMSP district offices, and a significant number of permanent and transitory sub-stations in key locations throughout the state including the Governor's Mansion. In addition to these physical locations, the network consists of 650 NMSP patrol units, the NMSP helicopter and several mobile command centers. The network is accessed 24 hours per day, 7 days per week with no tolerance for downtime by DPS civilian staff, NMSP, and all federal, state, local and tribal law enforcement agencies (LEAs) to receive mission-critical CJIS and to access many other systems. These systems are essential to law enforcement statewide.
DPS ITD provides the time, resources and encouragement for its staff to participate in ongoing training and mentorship. We are looking for employees who want to grow their skills, develop as individuals, be reliable teammates and enjoy challenging work assignments. The significant number of our employees who have been promoted into higher positions is evidence of our success. ITD enjoys a close working relationship with the NMSP, law enforcement agencies across New Mexico and our federal partners such as the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). ITD and its employees are valued by the leadership of DPS as an essential part of the public safety services in New Mexico. If you become a member of the DPS ITD family, you will quickly become integrated into the law enforcement community statewide.
Why does the job exist?
The DPS CISO (IT Security & Compliance Manager II) leads the Cybersecurity and Compliance Bureau (CCB) at DPS. The CCB is responsible for various cybersecurity efforts including strategic planning, policy development and implementation, network scans, log consolidation, alert monitoring, threat hunting, implementing security tools, and expanding adoption of technologies and best practices such as Multi Factor Authentication (MFA). The CCB also is responsible for various oversite and compliance efforts at DPS such as Payment Card Industry Data Security Standard (PCI DSS) and CJIS including audits, surveys, training, documentation, etc. The CCB works closely with the other teams in ITD including networking, servers, applications, end user support, and project management to ensure that all solutions delivered and maintained by DPS meet the highest security standards possible.
DPS is looking for a CISO with strong leadership and interpersonal skills, who is organized, mission-oriented and will passionately support the mission of DPS. The DPS CISO must possess a strong technical understanding of cybersecurity and a wide array of IT such as networking, datacenters, applications, end-user devices and cloud. The CISO will need to quickly learn about the mission and operations at DPS, State Police and law enforcement statewide. As the CSA ISO, this position will be one of the key experts in New Mexico on the FBI CJIS Security Policy. CSA ISO duties include reviewing and approval of network / system changes for all CJIS agencies in the State including law enforcement, courts, corrections and non-criminal agencies that perform FBI background checks on individuals. As the CSA ISO, strong relationship building and the ability to ensure policy and compliance is adhered to by the law enforcement community and vendors while being flexible enough to maintain critical access to systems and support services for public safety is necessary. Some travel to training and conferences is required.
The CCB was created three years ago. The accomplishments of the CCB over that period are substantial, including thwarting ongoing cybersecurity threats and significantly enhancing the cybersecurity posture of the agency. The incoming CISO will have the opportunity to further build out the capabilities and staff of the CCB, forging a truly best of class cybersecurity and compliance team.
The CISO reports directly to the DPS Chief Information Officer (CIO) at the DPS Headquarters complex in Santa Fe and leads a four-person team that is expected to grow. The CISO is a member of the ITD Leadership Team. As such, the CISO provides leadership to ITD as well as the entire DPS. The CISO works closely with the Department of Information Technology (DoIT) and the New Mexico Office of Cybersecurity on state government cybersecurity efforts.
One of the key duties of the CISO is being a partner and advisor to the CIO. The CISO works closely with the DPS CIO and other members of the ITD Leadership Team on strategic initiatives and budgets for the agency. The CISO is expected to build strong relationships with key stakeholders within and outside DPS. This includes the DPS Executive Team, State Police Command Staff, Directors and Bureau Chiefs throughout DPS and key partner agencies of DPS. DPS leadership understands the value and importance of cybersecurity which will allow the incoming CISO to quickly earn the trust of the entire department through outreach, networking, hard work, integrity and results.
How does it get done?
The CISO oversees the day-to-day operations of the DPS Cybersecurity and Compliance Bureau (CCB). The CISO works closely with the DPS CIO and other members of the ITD Leadership Team in providing direction to a growing staff of dedicated professionals who are dedicated to the mission of DPS. The CISO also serves as the FBI designated New Mexico CSA ISO. The following are the primary duties of the CISO:
* Oversee the recruitment and development of employees and contractors under direct supervision of the CISO. Provide mentorship to these employees and perform performance evaluations.
* Develop metrics to ensure that all DPS cybersecurity projects remain on schedule, on budget, and within scope. Develop systems to capture, track and report on metrics about cybersecurity projects in a manner that enables process improvement.
* Build strong relationships with DPS Leadership, NMSP commissioned officers, DPS non-commissioned personnel, and key stakeholders outside of DPS. Leverage these relationships to learn about the needs of ITD's customers and ensure that the services offered by ITD remain aligned with these needs.
* Ensure that ITD personnel remain customer-centric and aligned with the mission of keeping the public and officers throughout New Mexico safe.
* Rotate week-long on-call management duties for nights and weekends with the rest of the 7-person ITD Leadership team (CIO, Deputy CIO and 5 bureau chiefs.) Most weeks involve responding to a few calls and coordinating responses to occasional incidents.
* Working closely with the CIO and other members of the ITD Leadership Team, develop strategic initiatives and direction for ITD.
* Take personal responsibility for the success of ITD and DPS as a whole.
* Provide strategic leadership of the CJIS information security programs.
* Provide guidance and counsel to the state CJIS Systems Office (CSO) and executive management at DPS to define objectives for information security.
* Work with Law Enforcement Agency (LEA) agency Local Agency Security Officers (LASOs) and LEA leaders (Chiefs, Sheriffs, etc.) to oversee the formation and operations of an integrated statewide CJIS security infrastructure that is organized toward a common goal and standards in information security.
* Coordinate information security efforts with the FBI CJIS Division ISO, Cybersecurity and Infrastructure Security Agency (CISA), the New Mexico Office of Cybersecurity and the New Mexico CSO.
* Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire state criminal justice community in support of all agencies and services.
* Establish annual and long-range security and compliance standards and goals, define security strategies, metrics, reporting mechanisms and program services; create maturity models and a roadmap for continual program improvements.
* Lead the development and implementation of effective policies and practices to secure protected and sensitive data; ensure information security and compliance with relevant legislation and legal interpretation.
* Provide leadership philosophy for the CJIS Systems Agency (CSA) to create a strong bridge between criminal justice organizations; bring groups together to share information and resources to create better decisions, policies and practices for the state in conjunction with the FBI CJIS Division.
* Develop, maintain and oversee policies, processes and control techniques to address all applicable information security requirements.
* Provide leadership for all security incidents and act as primary control point during significant information security incidents as mandated by the CJIS Security Policy.
* Manage statewide information security governance processes for all agencies in the state receiving CJIS.
* Provide leadership in the communication of state CJIS security standards for information technology across all state criminal justice agencies.
Who are the customers?
DPS including NMSP and all Law Enforcement and criminal justice agencies within the state of New Mexico.
Ideal Candidate
* Technical experience using cybersecurity tools.
* Technical experience with networks, firewalls and virtual private networks (VPNs).
* Experience setting cybersecurity policy and governance.
* Experience managing a team (including hiring, training, mentoring and progressive discipline).
* Experience developing and implementing incident response plans.
* Experience developing end-user cybersecurity awareness programs and training.
* Experience conducting cybersecurity investigations and root cause analysis.
* Excellent verbal and written communication skills.
* Comfort working in and with law enforcement.
* Comfort in a leadership role within a large organization.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering, or similar technical degree and ten (10) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Any combination of education from an accredited college or university in a related field and/or direct experience in this occupation totaling fourteen (14) years may substitute for the required education and experience. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one (1) year of experience. At least four (4) years of supervising a security/compliance team.
Substitution Table
These combinations of education and experience qualify you for the position:
Education Experience Education Experience 1 High School Diploma or Equivalent AND 14 years of experience OR High School Diploma or Equivalent AND 14 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 12 years of experience Associate's degree or higher in any field AND 14 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification AND 10 years of experience 4 Master's degree in the field(s) specified in the minimum qualification AND 8 years of experience 5 PhD degree in the field(s) specified in the minimum qualification AND 6 years of experience
Education and years of experience must be related to the purpose of the position.
If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Employment is subject to a pre-employment background investigation and fingerprinting in accordance with all terms and conditions of federal and state law, rules and regulations; and is conditional pending results. Continued employment is contingent upon remaining felony free, per Section 5.12.1.1 of the Criminal Justice Information Systems Security Policy.
In addition, the selected candidate must possess and maintain a valid driver's license and a current Defensive Driving Certificate from the State of New Mexico; or pass and receive the Defensive Driving Certificate within six (6) months of date of hire.
Working Conditions
Office setting, exposure to Visual/Video Display terminal (VDTI and extensive personal computer and telephone usage with extended periods of sitting. Must be able to lift 25 lbs. Continuous Visual Acuity and verbal communication. Extensive personal computer usage. Occasional need to move computer equipment. Occasional travel.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Kent Augustine (505) 709-5264. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.
$107,324 - $171,718 Annually
This position is a Pay Band II
Posting Details
The New Mexico Department of Public Safety (DPS) is looking for a proven leader and cybersecurity expert to serve as Chief Information Security Officer (CISO) and lead our Cybersecurity and Compliance Bureau (CCB). The CCB is a key strategic bureau within DPS and the Information Technology Division (ITD). DPS houses the New Mexico State Police (NMSP) and provides many services to the entire law enforcement community throughout New Mexico. DPS is the FBI designated Criminal Justice Information Services (CJIS) Systems Agency (CSA) for the State of New Mexico. As such, DPS is the exclusive entity in New Mexico that provides access to CJIS for all federal, state, local and tribal law enforcement agencies. The DPS CISO also serves as the FBI designated CSA Information Security Officer (ISO) for the State of New Mexico.
The DPS ITD provides a portfolio of services to the entire law enforcement community in New Mexico in addition to being the key technology partner of NMSP and the other statewide law enforcement support divisions of DPS. The ITD Leadership Team is committed to helping everyone on our team grow professionally and personally through training, mentorship, and challenging work assignments.
DPS has one of the most complex networks in the State of New Mexico consisting of over 50 physical offices including the DPS headquarters, the NM Law Enforcement Academy, three forensic labs, three 911 communications / dispatch centers, 12 NMSP district offices, and a significant number of permanent and transitory sub-stations in key locations throughout the state including the Governor's Mansion. In addition to these physical locations, the network consists of 650 NMSP patrol units, the NMSP helicopter and several mobile command centers. The network is accessed 24 hours per day, 7 days per week with no tolerance for downtime by DPS civilian staff, NMSP, and all federal, state, local and tribal law enforcement agencies (LEAs) to receive mission-critical CJIS and to access many other systems. These systems are essential to law enforcement statewide.
DPS ITD provides the time, resources and encouragement for its staff to participate in ongoing training and mentorship. We are looking for employees who want to grow their skills, develop as individuals, be reliable teammates and enjoy challenging work assignments. The significant number of our employees who have been promoted into higher positions is evidence of our success. ITD enjoys a close working relationship with the NMSP, law enforcement agencies across New Mexico and our federal partners such as the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). ITD and its employees are valued by the leadership of DPS as an essential part of the public safety services in New Mexico. If you become a member of the DPS ITD family, you will quickly become integrated into the law enforcement community statewide.
Why does the job exist?
The DPS CISO (IT Security & Compliance Manager II) leads the Cybersecurity and Compliance Bureau (CCB) at DPS. The CCB is responsible for various cybersecurity efforts including strategic planning, policy development and implementation, network scans, log consolidation, alert monitoring, threat hunting, implementing security tools, and expanding adoption of technologies and best practices such as Multi Factor Authentication (MFA). The CCB also is responsible for various oversite and compliance efforts at DPS such as Payment Card Industry Data Security Standard (PCI DSS) and CJIS including audits, surveys, training, documentation, etc. The CCB works closely with the other teams in ITD including networking, servers, applications, end user support, and project management to ensure that all solutions delivered and maintained by DPS meet the highest security standards possible.
DPS is looking for a CISO with strong leadership and interpersonal skills, who is organized, mission-oriented and will passionately support the mission of DPS. The DPS CISO must possess a strong technical understanding of cybersecurity and a wide array of IT such as networking, datacenters, applications, end-user devices and cloud. The CISO will need to quickly learn about the mission and operations at DPS, State Police and law enforcement statewide. As the CSA ISO, this position will be one of the key experts in New Mexico on the FBI CJIS Security Policy. CSA ISO duties include reviewing and approval of network / system changes for all CJIS agencies in the State including law enforcement, courts, corrections and non-criminal agencies that perform FBI background checks on individuals. As the CSA ISO, strong relationship building and the ability to ensure policy and compliance is adhered to by the law enforcement community and vendors while being flexible enough to maintain critical access to systems and support services for public safety is necessary. Some travel to training and conferences is required.
The CCB was created three years ago. The accomplishments of the CCB over that period are substantial, including thwarting ongoing cybersecurity threats and significantly enhancing the cybersecurity posture of the agency. The incoming CISO will have the opportunity to further build out the capabilities and staff of the CCB, forging a truly best of class cybersecurity and compliance team.
The CISO reports directly to the DPS Chief Information Officer (CIO) at the DPS Headquarters complex in Santa Fe and leads a four-person team that is expected to grow. The CISO is a member of the ITD Leadership Team. As such, the CISO provides leadership to ITD as well as the entire DPS. The CISO works closely with the Department of Information Technology (DoIT) and the New Mexico Office of Cybersecurity on state government cybersecurity efforts.
One of the key duties of the CISO is being a partner and advisor to the CIO. The CISO works closely with the DPS CIO and other members of the ITD Leadership Team on strategic initiatives and budgets for the agency. The CISO is expected to build strong relationships with key stakeholders within and outside DPS. This includes the DPS Executive Team, State Police Command Staff, Directors and Bureau Chiefs throughout DPS and key partner agencies of DPS. DPS leadership understands the value and importance of cybersecurity which will allow the incoming CISO to quickly earn the trust of the entire department through outreach, networking, hard work, integrity and results.
How does it get done?
The CISO oversees the day-to-day operations of the DPS Cybersecurity and Compliance Bureau (CCB). The CISO works closely with the DPS CIO and other members of the ITD Leadership Team in providing direction to a growing staff of dedicated professionals who are dedicated to the mission of DPS. The CISO also serves as the FBI designated New Mexico CSA ISO. The following are the primary duties of the CISO:
* Oversee the recruitment and development of employees and contractors under direct supervision of the CISO. Provide mentorship to these employees and perform performance evaluations.
* Develop metrics to ensure that all DPS cybersecurity projects remain on schedule, on budget, and within scope. Develop systems to capture, track and report on metrics about cybersecurity projects in a manner that enables process improvement.
* Build strong relationships with DPS Leadership, NMSP commissioned officers, DPS non-commissioned personnel, and key stakeholders outside of DPS. Leverage these relationships to learn about the needs of ITD's customers and ensure that the services offered by ITD remain aligned with these needs.
* Ensure that ITD personnel remain customer-centric and aligned with the mission of keeping the public and officers throughout New Mexico safe.
* Rotate week-long on-call management duties for nights and weekends with the rest of the 7-person ITD Leadership team (CIO, Deputy CIO and 5 bureau chiefs.) Most weeks involve responding to a few calls and coordinating responses to occasional incidents.
* Working closely with the CIO and other members of the ITD Leadership Team, develop strategic initiatives and direction for ITD.
* Take personal responsibility for the success of ITD and DPS as a whole.
* Provide strategic leadership of the CJIS information security programs.
* Provide guidance and counsel to the state CJIS Systems Office (CSO) and executive management at DPS to define objectives for information security.
* Work with Law Enforcement Agency (LEA) agency Local Agency Security Officers (LASOs) and LEA leaders (Chiefs, Sheriffs, etc.) to oversee the formation and operations of an integrated statewide CJIS security infrastructure that is organized toward a common goal and standards in information security.
* Coordinate information security efforts with the FBI CJIS Division ISO, Cybersecurity and Infrastructure Security Agency (CISA), the New Mexico Office of Cybersecurity and the New Mexico CSO.
* Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire state criminal justice community in support of all agencies and services.
* Establish annual and long-range security and compliance standards and goals, define security strategies, metrics, reporting mechanisms and program services; create maturity models and a roadmap for continual program improvements.
* Lead the development and implementation of effective policies and practices to secure protected and sensitive data; ensure information security and compliance with relevant legislation and legal interpretation.
* Provide leadership philosophy for the CJIS Systems Agency (CSA) to create a strong bridge between criminal justice organizations; bring groups together to share information and resources to create better decisions, policies and practices for the state in conjunction with the FBI CJIS Division.
* Develop, maintain and oversee policies, processes and control techniques to address all applicable information security requirements.
* Provide leadership for all security incidents and act as primary control point during significant information security incidents as mandated by the CJIS Security Policy.
* Manage statewide information security governance processes for all agencies in the state receiving CJIS.
* Provide leadership in the communication of state CJIS security standards for information technology across all state criminal justice agencies.
Who are the customers?
DPS including NMSP and all Law Enforcement and criminal justice agencies within the state of New Mexico.
Ideal Candidate
* Technical experience using cybersecurity tools.
* Technical experience with networks, firewalls and virtual private networks (VPNs).
* Experience setting cybersecurity policy and governance.
* Experience managing a team (including hiring, training, mentoring and progressive discipline).
* Experience developing and implementing incident response plans.
* Experience developing end-user cybersecurity awareness programs and training.
* Experience conducting cybersecurity investigations and root cause analysis.
* Excellent verbal and written communication skills.
* Comfort working in and with law enforcement.
* Comfort in a leadership role within a large organization.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering, or similar technical degree and ten (10) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Any combination of education from an accredited college or university in a related field and/or direct experience in this occupation totaling fourteen (14) years may substitute for the required education and experience. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one (1) year of experience. At least four (4) years of supervising a security/compliance team.
Substitution Table
These combinations of education and experience qualify you for the position:
Education Experience Education Experience 1 High School Diploma or Equivalent AND 14 years of experience OR High School Diploma or Equivalent AND 14 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 12 years of experience Associate's degree or higher in any field AND 14 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification AND 10 years of experience 4 Master's degree in the field(s) specified in the minimum qualification AND 8 years of experience 5 PhD degree in the field(s) specified in the minimum qualification AND 6 years of experience
Education and years of experience must be related to the purpose of the position.
If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Employment is subject to a pre-employment background investigation and fingerprinting in accordance with all terms and conditions of federal and state law, rules and regulations; and is conditional pending results. Continued employment is contingent upon remaining felony free, per Section 5.12.1.1 of the Criminal Justice Information Systems Security Policy.
In addition, the selected candidate must possess and maintain a valid driver's license and a current Defensive Driving Certificate from the State of New Mexico; or pass and receive the Defensive Driving Certificate within six (6) months of date of hire.
Working Conditions
Office setting, exposure to Visual/Video Display terminal (VDTI and extensive personal computer and telephone usage with extended periods of sitting. Must be able to lift 25 lbs. Continuous Visual Acuity and verbal communication. Extensive personal computer usage. Occasional need to move computer equipment. Occasional travel.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Kent Augustine (505) 709-5264. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.