|
Commonwealth of Pennsylvania |
|
|
POSITION DESCRIPTION FOR JOB POSTING |
|
|
Position Number: 00093149 |
Description Activated On: 1/5/2026 11:03:37 AM |
Position Purpose: Describe the primary purpose of this position and how it contributes to the organizations objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively. This position is responsible for professional and administrative leadership in directing the planning, development, and implementation of strategic enterprise programs that typically involve multiple agencies and diverse business operations. It oversees program planning and management, policy and standards development and implementation, as well as the establishment of plans and procedures to ensure the effective and efficient management of technology and resources across all Commonwealth agencies. Serving in a senior management role within OIT, this position leads major strategic enterprise initiatives, including Identity and Access Management and related Centers of Excellence, which provide a common application development platform for the enterprise. |
|
Description of Duties: Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor. Ensures that the DCs cyber security program provides a secure environment for the agencies served, in coordination with the CISO and the Delivery Center CIO, and manages staff and vendors who support the program. Determines the purpose and scope of risk assessments and audits to ensure that they are in-line with the Commonwealth's internal controls and strategic objectives. Manages the creation of online IT audit surveys and risk assessments that benchmark DC's IT security readiness and the adequacy of the Commonwealth's IT infrastructure, applications, physical security environments, and other aspects of IT controls. Utilizes reports to make strategic decisions about IT risk, goals and objectives, and initiatives in coordination with the CISO and DC CIO. Procures audits, e-GRC services, vulnerability assessments via the Commonwealth's procurement processes (ITQs, RFQs, RFPs, etc.). Manages the DC risk, threat, and vulnerability management programs. Assigns resources and oversees security risk assessment activities for the DC, to include assessment environment changes, technology implementations, introduction of new applications, third party relationships, and mergers/acquisition activities. Develops and implements effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. Manages internal assessments and evaluations to provide direction on the adequacy of the security controls for the DC's information and technology systems. Develops and maintains a data classification system within DC. Develops DC policies and procedures on the identification, classification, and management of sensitive data. Ensures that all new web application and e-commerce initiatives are vetted through the proper OA/OIT review process (SERP, COPPAR. CA2, etc.). Reviews waiver requests and accepts, mitigates, remediates, or transfers risks on behalf of DC CIO. Ensures DC security staff works with DC technical staff to identify and remediate, mitigate, or transfer risk discovered during vulnerability assessments. Ensures that disaster recovery and business continuity plans are in place and tested. Responsible for all Payment Card Industry (PCI) compliance audits and working with required entities in the execution and remediation of audits and audit findings. Develops and implements higher level security requirements such as those resulting from laws or regulations and ensuring compliance with the changing laws and applicable regulations. Consults on the development of network, application, and other IT system designs to ensure implementation of appropriate systems security policies and architectures are utilized. Promotes awareness of security issues among management, employees, and other entities agency-wide and ensures sound security principles are reflected in the organization's vision and goals. Follows the established enterprise Incident Response Procedure (IRP) process for Delivery Center-related incidents, including triage, post-incident investigations, impact analysis, root cause analysis (RCA), and recommendations for improvements to prevent similar issues. Complies to established policies related to Accessibility. Follows established service management processes and procedures, produces knowledge documents for inclusion in the knowledge management system, and meets established performance standards. Engages and seeks approval from your direct supervisor, the CISO, and the OA Communications Director regarding press inquiries, requests for speaking engagements, participation in panel discussions, or other similar engagements. Ensures the content of any presentation is reviewed and approved by the OA Communications Director at least a week prior to the engagement. Updates timesheets and any projects on a weekly basis and ensures direct reports do the same. Travel as required, including overnight stays. Performs all other duties as assigned. |
Decision Making: Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisors signature. This position performs in an OIT leadership role as a senior manager responsible for directing and managing major strategic Enterprise programs including Identity and Access Management and related Centers of Excellence which is a common applications development platform for the enterprise. |
||||||||||||||||||||
Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License Experience: Licenses, registrations, or certifications: 1. N/A 2. N/A 3. N/A 4. 5. 6. |
||||||||||||||||||||
Essential Functions: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.
|