Description of Duties Summary: The Cybersecurity Acquisition Program Manager and Technical Writer within the State's Information Security Office is a multifaceted role combining expertise in information security, program management, acquisitions, policy development, and technical writing. The position involves spearheading acquisition programs, ensuring information technology compliance, drafting policies, and producing comprehensive documentation related to information security practices.
Key Responsibilities:
• Acquisition Program Management:
• Oversee hardware, software, and information system acquisition
programs adhering to IT-related laws and policies.
• Ensure information security requirements are integrated into acquisitions,
procurements, and outsourcing efforts.
• Develop contract language to enforce supply chain, system, network, and
operational security.
• Policy Development and Advocacy:
• Formulate and advocate for policies supporting organizational cyberspace
initiatives.
• Resolve conflicts in laws, regulations, and standards pertaining to
cybersecurity.
• Technical Writing:
• Create comprehensive, easily understandable documentation on
information security topics for diverse audiences.
• Collaborate with subject-matter experts to accurately capture specialized
information.
• Review, edit, and finalize content ensuring alignment with NIST standards
and state policies.
• Stakeholder Engagement:
• Communicate effectively with program managers, contractors, and
stakeholders regarding business problems and corrective actions related to
information security.
Required Skill Set/Skill
Level/Experience
• Bachelor's degree in a technology or writing-intensive discipline.
• Demonstrated experience in technical writing, editing, and presenting
information security-related documents.
• Proficiency in information security concepts, NIST Framework (especially
NIST SP 800-53), and information systems design.
• Strong written and oral communication skills.
• Ability to analyze laws, rules, and regulations to articulate policy guidance
effectively.
• Familiarity with Industry Compliance Standards (SOC 2, IRS Pub 1075,
CMS MARS-E 2.2, PCI, CJIS, etc.).
• Aptitude for developing plans, policies, and procedures meeting
regulatory compliance requirements
Any Gradute