Sr Business SME2 : CyberSecurity
The Cybersecurity and Compliance Legal Consultant performs a range of government affairs services for the Office of Information Technology. This position assists with the review and development information technology legislation and contracting processes to ensure they meet state and federal statutory and regulatory requirements for information security. This position also assists in preparing executive leadership for legislative engagements and correspondence.
To meet these requirements the successful candidate must be knowledgeable about how policy and legislative products fits into the broader security program, and generally understands network security concepts outlined by the National Institute of Standards and Technology (NIST). Additionally, a high level of understanding of contract law as it relates to the secure procurement of information technology goods and services is needed. A familiarity with the State legislative process is also required for this dynamic position.
Knowledge, Skills, and Abilities Required:
• Monitor and advise on information security issues related to information assets, data systems, information workflows and business processes to ensure administrative security controls for the State are appropriate and meet compliance requirements
• Stay abreast of external regulations, data security/privacy standards, and relevant data/breach notification laws applicable to State government
• Work with data owners on revised process improvements; participate in incident response activities as required.
• Review all 3rd party vendor services/contracts (applications, hosting, systems, etc.) that involve the collection, processing, transmission, or storage of Confidential or Restricted data as defined by State’s Data Classification Policy
• Develop and keep current, core contract language that should be included as terms/definitions in relevant contracts.
• Expertise in providing counsel on the legal components of information security projects.
• Expertise in the State of Maine legislative process to assist executive leadership and develop legislation that support information security.
• Familiarity with information security controls outlined in NIST Special Publication 800-53.
• Familiarity with federal laws that detail federal audit agency requirements for different data types (e.g., Federal Tax Information, Criminal Justice Information, Social Security Information, Affordable Care Act Information)
• Ability to conduct legislative research, analyze, and communicate the legal and regulatory impact of legislative proposals in a concise manner.
• Knowledge of the organizational and staffing structures in State agencies and Departments.
• A high level of attention to detail reviewing complex documents related to information security.
A Juris Doctorate and 6 years of experience with government policy and legislation
Top 3 Skills: