Introduction \nThe Maryland State Department of Education is dedicated to supporting a world-class educational system that prepares all students for college and�career success in the 21st century. With excellent stewardship from our�divisions, we oversee State and federal programs that support the needs of�a diverse population - students, teachers, principals, and other educators�throughout Maryland.\n\n\nThis is a Management Service position, and serves at the pleasure of the Appointing Authority.\n GRADE 24\n LOCATION OF POSITION Nancy S. Grasmick Education Building\n200 W. Baltimore Street�\nBaltimore, MD 21201\n\n\n\n POSITION DUTIES The Director of IT Security and Compliance serves as the Chief Information Security Officer (CISO) for the Maryland State Department of Education (MSDE) and is responsible for developing and executing a comprehensive security strategy and roadmap centered around MSDE's agency-specific systems, data, and security needs, and the shared cybersecurity and IT operations services provided by the Department of Information Technology (DoIT). This position ensures the protection of MSDE's educational data and systems by implementing appropriate security controls, governance frameworks, and compliance measures as outlined in the Maryland IT Security Manual. The CISO collaborates with DoIT on enterprise-wide security initiatives while focusing on MSDE-specific requirements, including data privacy,audit readiness, security awareness, and incident response coordination for the agency's unique educational technology environment. This role serves as the primary security liaison connecting MSDE leadership, DoIT security personnel, and Local Education Agencies (LEAs) to maintain a cohesive security posture that supports the agency's educational mission, while also contributing to legislative reviews and budget planning processes related to information security.\n\n\nThe CISO engages collaboratively with MSDE divisions and partners to find solutions and enable the MSDE mission and business to move forward smoothly and securely, ensuring alignment with state and federal requirements and industry best practices.\n\n\nDuties include, but are not limited to:�\n\n\nManages MSDE's Security, Governance, Compliance, and Risk Management�Program\n\n\n Develops, maintains, and oversees the MSDE-specific Security Program in alignment with DoIT's enterprise security framework\n Develops and maintains comprehensive security policies that address both MSDE's educational systems and the operational systems supporting the agency's educational oversight programs\n Provides overall management and leadership to the IT Security Program and team\n Reviews and updates security policies to protect both student data and administrative information across all MSDE systems\n\nReporting and Audit Management\n\n\n Provide reporting for types of student data and personally identifiable information processed held and processed by MSDE, and the controls governing and protecting that data, and the state of compliance with those�\n Authority to Operate practices and review procedures, and the state of compliance across the agency\n Leading, providing, and coordinating MSDE response to OLA, DBM, DoIT, and federal security and technology controls audits and all audits to which MSDE IT must answer\n Ad-hoc reports as needed for CIO and leadership requests and to support the development and maintenance of the MSDE Security program\n\nSupporting Local Education Agencies\n\n\n The director works collaboratively with the Department of Information Technology to advise on best practices, processes, and state IT and security requirements. They will assist with or facilitate major security incident responses for schools as needed\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n MINIMUM QUALIFICATIONS Education: A bachelor's degree in Cyber Security, Computer Science, Information Technology, or related field of study or equivalent experience.\n\n\nExperience:� Seven (7) years of experience in cybersecurity or in IT with significant security responsibilities.� Three (3) years of the required experience must have included direct supervision of other professional cybersecurity employees.\n\n\nNote:�\nThe following can be substituted for the bachelor's degree\n\n\n A senior level security certification such as CISSP, CISM, CCISO, GSTRT, GLSC\n An equivalent military/federal government certification or completed course of study�\n Three (3) additional years of experience in cybersecurity or in IT with significant security responsibilities\n\n\n DESIRED OR PREFERRED QUALIFICATIONS Preference will be given to applicants�who possess the following preferred qualification(s).�Include clear and specific information on your application regarding�your qualifications.\n\n\n Experience within government or education sectors\n Masters degree in information security or a related field\n Additional relevant certifications from CompTIA, EC-Council, (ISC)2, ISACA, GIAC\n\n\n SPECIAL REQUIREMENTS \n\n\nApplicants must consent to State and FBI (CJIS) background check as a routine procedure for all MSDE employees.\n\n\n SELECTION PROCESS Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. The resulting list of eligible candidates will be in effect for at least one year.\n EXAMINATION PROCESS The assessment may consist of a rating of your education, training, and experience related to the requirements of the position.�It is important that you provide complete and accurate information on your application.�Please report all experience and education that is related to this position.\n\n\nFor education obtained outside the U.S., a copy of the equivalent American education as determined by a foreign credential evaluation service must be provided prior to hire.\n BENEFITS STATE OF MARYLAND BENEFITS\n�\n FURTHER INSTRUCTIONS It is preferred that applicants complete the MD State Government online�application for employment and submit their professional resume. The application must clearly demonstrate that�the applicant meets the minimum qualifications for the position. If the\napplicant is unable to apply online, paper applications can be obtained�from the link below and be faxed to 410-333-8950 or mailed to MSDE Office�of Human Resources, 200 W. Baltimore Street, Baltimore, MD 21201. If there�is a supplemental questionnaire, this must be completed and sent in with�your paper application, if you are unable to apply online.\n\nAll application materials must be received in our office by the closing�date. Postmarks will not be accepted. Applications must be complete to be�considered including all related job duties, even if those are also listed�on an attached resume. Additional required materials may be uploaded with the online application, submitted to the fax number, or mailed to the�address listed.\n\nInquiries can be made to 410-767-0019, TDD 410-333-3045. Appropriate�accommodations can be made for individuals with disabilities.\n\nIf you have difficulty with your user account or have general questions�about this online application system, please contact the MD Department of�Budget and Management, Recruitment and Examination Division at�410-767-4850. TTY Users: Call via Maryland Relay.\n\nProof of eligibility to work is required in compliance with the Immigration�Reform and Control Act. Any misrepresentation of academic or experience�requirements for this position may result in non-selection or termination�of employment.\n\nAs an equal opportunity employer, Maryland is committed to recruiting,�retaining and promoting employees who are reflective of the State's�diversity. People with disabilities and bilingual candidates are encouraged�to apply.\n\nWe thank our Veterans for their service to our country.\n