General Position Summary:
TheCybersecurity Program Manager is responsible for ensuring the CISO’s strategyfor protecting the Idaho Judiciary’s networks, systems, and applications areeffectively implemented. This position will assist with determining,analyzing, and proposing security requirements, policies, and technicalsolutions. This position will work as the liaison for the InformationDivision to other functional business units representing security concerns andinitiatives. This position works under the direction of the CISO.
How We Work:
The Administrative Office of theCourts is committed to supporting the mission of the Idaho Courts through theuse of an agile approach that aligns strategy, work, and capacity. Thisapproach empowers our employees to respond quickly and efficiently to meet theneeds of our customers: citizens, courts, judges, employees, and otherstakeholders. We believe in continual improvement of our services and products to better serve and support ourcustomers and the evolving environment. Employees are future-focused, take initiative, and are personallyresponsible for work delivery and professional growth. Our leaders are committed to professionaldevelopment and growth of employees by empowering and supporting motivated individuals;providing clarity and focus for projects; giving those individuals theenvironment and support they need; and fostering a culture of collaboration,transparency, learning, trust and shared accountability.
Major Duties and Responsibilities: (Theexamples provided do not cover all the duties which the incumbent in thisposition may be required to perform.)
• Assists withobtaining approval of security systems for the Idaho Courts;
• Tracks andmonitors the implementation of security policies and procedures;
• Ensurestracking of personnel compliance with cybersecurity policies;
• Works with AOCfunctional business units to track outstanding security compliance questions;
• Ensurescybersecurity strategy, initiative, and solutions are effectively implemented;
• Tracks proposedsolutions and coordinates actions to mitigate system security threats andrisks;
• Assists withsecurity product evaluation and recommendations to improve the Court’s securityposture;
• Assist withleading and tracking the status of the development of security incidentresponse plans and organizes incident response exercises and testing;
• Assists withreview and identification of root causes of security incidents, identifies andtracks corrective actions, risks, and future proactive/preventive actions;
• Ensuresvulnerability/risk management processes are being documented in order toimprove vulnerability assessments, penetration testing, vulnerabilityremediation and compliance testing;
• Ensures reportingand tracks vulnerability and threat trends, including metrics for tracking andanalyzing vulnerability remediation efforts.
Minimum Qualifications:
The JudicialBranch reserves the right to consider an equivalent combination of education,training, and/or experience in determining whether an applicant is capable ofperforming the assigned duties and fulfilling the assigned responsibilities ofthis position.
Education and Experience
· Five (5) years of experience in cybersecurity
· Two (2) years of experience in a programmanagement or leadership role;
· Cybersecurity certifications such as CISSP,CISM, CISA, or equivalent, preferred;
· Project Management Professional (PMP) orequivalent project management certification, preferred;
· Experience with risk management, incidentresponse, and threat assessment;
· Familiarity with security tools andtechnologies (e.g., firewalls, intrusion detection systems).
·
Knowledge, Skills, and Abilities
· Knowledge of enterprise security architectureand compliance principles;
· Knowledge of cybersecurity frameworks (e.g., NIST,ISO 27001);
· Knowledge of infrastructure and applicationsecurity design;
· Knowledge of operating systems such as Windows,Windows Server, and VMware as well asLinux and Unix;
· Knowledge of security compliance and risk management;
· Knowledge of security awareness, education, andtraining programs;
· Knowledge of application and operating systemssecurity configuration and best practices;
· Skill in communicating complex information in anunderstandable manner;
· Skill in identifying complex issues andproposing feasible, cost-effective solutions;
· Skill in project management, including planning,execution, and monitoring of cybersecurity initiatives;
· Ability to work independently;
· Ability to provide leadership to staff;
· Ability to communicate effectively verbally andin writing, including developing reports and using metrics for illustration;
· Ability to match system solutions to specificuser requirements and functions;
· Ability to develop and interpret complexpolicies and procedures;
· Ability to display an attitude of cooperationand work harmoniously with all levels of court employees, the general public,and other organizations.
| Skill | Required /Desired | Amount | of Experience |
|---|---|---|---|
| Experience as an IT Project Manager | Required | 2 | Years |
| Experience in Cybersecurity | Required | 5 | Years |
| Experience in a program management or leadership role | Required | 2 | Years |
| Experience planning projects, tracking tasks, and reporting on status using a project management methodology. | Required | 5 | Years |
| Developing and creating reports using metrics and graphs. | Required | 2 | Years |
| Use of cybersecurity frameworks (e.g. NIST, ISO 27001) to identify, define and track risks in an organization. | Required | 5 | Years |
| Experience with developing a security incident response plan and organizing tabletop exercises. | Highly desired | 5 | Years |
| Experience developing cybersecurity policies, standards and procedures. | Nice to have | 2 | Years |
| Cybersecurity certifications such as CISSP, CISM, CISA, or equivalent | Nice to have | 0 | |
| Exceptional communication skills required | Required | 0 |
| No. | Question |
|---|---|
| Question1 | Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you agree to this requirement? |
| Question2 | What is your candidate's email address? |
| Question3 | Have you completed and submitted the Right to Represent form, making sure to do so exactly as instructed? The form is located at https://www.cai.io/media/documents/msp/id/idaho_e-rtr_template.doc. |
| Question4 | Candidates submitted above the hourly Vendor Rate of - will not be considered. Do you agree to this requirement? Candidates without the rate tab correctly completed at time of submittal will be rejected from consideration. |
| Question5 | Respond to this question with a link to your candidate's LinkedIn Profile. |
| Question6 | ONSITE work required in a hybrid schedule for this position. Selected resource MUST WORK 3 days/week in the office and the other 2 days can be remote. Because of onsite requirement, LOCAL candidates will be strongly preferred for the position. Fully remote work WILL NOT be an option. Please confirm you have discussed the fully onsite requirement with your candidate and the candidate accepts this requirement. |
| Question7 | All local candidates submitted MUST be able to attend an IN-PERSON interview at the client location if selected to interview. Please confirm you have discussed this with your candidate and they are able to make an in-person interview if selected by the client for an interview. |
| Question8 | Please SPECIFY the CITY and STATE in which your candidate is CURRENTLY located (if not specified or if location specified is determined to be untrue at any point during the screening/interview/onboarding process - INCLUDING DURING BACKGROUND CHECK WHICH WILL CONFIRM TRUE ADDRESS - your candidate will not be considered/will be removed from consideration for the position). |
| Question9 | All WORK HISTORY and EDUCATION listed on resume WILL BE VERIFIED during the background check process for your candidate. Please confirm you and the candidate understand this, and the information presented on the resume is true and accurate. |
| Question10 | Please prepare your candidate that they may receive a screening call from someone at CAI at any point between the time of submittal through close of business, Thursday, October 24, to discuss their qualifications for this position. Please MAKE SURE THEY ARE PREPARED FOR THIS CALL and are PREPARED TO GIVE US YOUR COMPANY's NAME as the vendor that submitted them for this position. Please confirm you have discussed this with them and they will be prepared for a potential screening call from CAI. |