Description

Duties and Responsibilities: One of the key responsibilities within DoIT, via the direction of the State Chief Information Security Office (SCISO), is the management and oversight of a Statewide Security Awareness Training Program for all State employees and contractors, estimated to date at 50,000 plus users. DoIT would like to engage in making several structured improvements to the cybersecurity training and awareness program and continued operations of the program. Detailed responsibilities include, but are not limited to:

  • Reviews and develops a Statewide policy that establishes the requirements, scope, roles, responsibilities, and management commitment for security awareness and training, including privacy awareness of training ( training ) that is congruent with State and Federal laws, executive orders, directives, regulations, policies, standards, and guidelines.
  • Reviews, develops, plans, and coordinates the dissemination of pertinent awareness training materials that includes:
    • Initial awareness training for new employees
    • Monthly microlearning training based on current events, incident lessons learned, or the top human risks to the organization
    • Quarterly education and awareness briefings with stakeholders; d. Annual privacy training
    • Annual role-based training.
  • Responsible for developing, planning, and coordinating the curriculum and resources supporting the annual security awareness summit held every October.
  • Identifies key metrics to monitor for ensuring the effectiveness of the program and develops strategies to improve the metrics each performance period.
  • Performs administrative duties in the security awareness training platform, including but not limited to, account provisioning/deprovisioning, report creation and delivery, campaign administration, and troubleshooting platform and user issues.
  • Responsible for requirements development and the evaluation of new security awareness training platforms.
  • Develops and monitors processes to ensure all appropriate employees are enrolled in the security awareness training platform and receives all mandatory and discretionary training.
  • Develops and maintains awareness content for the Maryland.gov security awareness training webpage.

Minimum Qualifications:

  • Minimum of 10 years experience in the information technology field with a focus on security awareness, privacy, and/or cybersecurity
  • At least five (5) years experience designing and maturing a medium to large size organization s security awareness training program
  • At least three (3) years experience working with and/or administering the Proofpoint Security Awareness Training platform
  • CISSP, CISM, CDPSE, CRISC, or CIPM certification
  • Policy, process, and procedure development with the ability to translate information to respective documentation
  • Ability to provide guidance and advice to management on cybersecurity education and awareness strategies
  • Develop system related requirements for solicitations
  • Managing or providing direct work products for security awareness training programs
  • Ability to communicate and coordinate well with others, inclusive of good oral and written skills
  • Ability to create executive level presentations and host virtual training sessions

Educational Requirement: 

Bachelor's degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline

Education

Bachelor's Degree