Commonwealth of Pennsylvania

POSITION DESCRIPTION FOR JOB POSTING

Position Number:  50693827

Description Activated On:  5/22/2026 8:40:25 AM

Position Purpose: Describe the primary purpose of this position and how it contributes to the organization’s objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively. 

 The GG/CE Deputy Delivery Center Information Security Officer serves as the operational second-in-command to the Delivery Center Information Security Officer and supports the management of the cybersecurity program, policies, procedures, and operational security services within the GG/CE Delivery Centers. The position helps translate strategic direction into day-to-day execution for the agencies and boards supported by the Delivery Center, strengthens continuity of leadership, and advances a risk-based security program aligned with Commonwealth policy, enterprise direction, and agency business needs.

Description of Duties: Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor.

Manages and oversees the delivery center's daily cybersecurity operational activities under the direction of the DC ISO, ensuring consistent implementation, administration, and maturation of the Delivery Center security program.

Ensures that the GG/CE Delivery Center cybersecurity program provides a secure environment for supported agencies in coordination with the DC-ISO, Delivery Center CIO, Enterprise Information Security Office, and other Commonwealth partners.

Leads and oversees day-to-day operational security activities, priorities, and follow-up actions to ensure effective execution of the Delivery Center security program and fulfillment of agency commitments.

Acts as a liaison, under the direction of the DC-ISO, between the GG/CE Delivery Centers, EISO, agency stakeholders, technical teams, and vendors to support implementation of security initiatives and resolution of security issues.

Assists with the planning, coordination, and administration of risk assessments, internal assessments, audits, surveys, and security reviews to evaluate readiness and control effectiveness.

Compiles, reviews, and analyzes assessment, audit, vulnerability, and compliance results and prepares reports, summaries, and recommendations for the DC-ISO and other executive leadership.

Tracks remediation, mitigation, transfer and acceptance of identified risks and control deficiencies, working with technical teams, business owners and agency leaders to support timely and effective closure.

Supports Delivery Center risk, threat, and vulnerability management activities by helping prioritize issues, monitor status, coordinate assignments, and elevate significant concerns to the DC-ISO.

Assists in overseeing security risk assessment activities related to technology changes, new implementations, applications, third-party relationships, infrastructure changes, and other operational initiatives.

Contributes to the development, implementation, maintenance, and review of security policies, procedures, standards, guidance, and operating practices designed to protect sensitive, confidential, and mission critical information.

Supports the development maintenance of Delivery Center data classification practices and procedures, ensuring appropriate handling and protection of sensitive data.

Coordinates with technical and agency personnel to help ensure that security requirements are incorporated into network, application, system, and service design discussions and appropriate governance review processes.

Reviews documentation, prepares recommendations, and supports the DC-ISO in evaluating waiver requests and risk-based decisions regarding acceptance, mitigation, remediation, or transfer of risk.

Coordinates with GG/CE Delivery Centers security and technical staff to identify, document, and address risks discovered through vulnerability assessments, audits, reviews, scans, and operational activity.

Assists in supporting disaster recovery and business continuity coordination by helping track plans, exercises, test results, follow-up items, and improvement opportunities.

Supports compliance activities related to PCI, CJIS, and other applicable legal, regulatory, or policy-driven security requirements, including preparation, coordination, evidence gathering, and remediation follow-up.

Provides consultative support to agency personnel, technical teams, and managers regarding security controls, implementation expectations, compliance requirements, and practical risk reduction strategies.

Promotes awareness of security issues among leadership, staff, and supported agencies and helps ensure security principles are reflected in operational planning and service delivery.

Supports adherence to the established enterprise Incident Response Procedure for GG/CE Delivery Center-related incidents, including coordination of triage, investigation support, impact analysis, root cause analysis, lessons learned, and follow-up recommendations.

May serve as an operational point of contact during security incidents or urgent matters when delegated by the DC-ISO.

Prepares status reports, dashboards, metrics, and other communications to keep leadership informed of security issues, trends, program performance, and risk posture.

Reviews assigned staff work products, coordinates task assignments, helps set priorities, monitors progress, and supports quality and timeliness of deliverables.

Provides support in managing vendors and contracted services that support the GG/CE Delivery Centers security program, including coordination of deliverables, follow-up, and issue resolution.

Represents the DC-ISO in meetings, workgroups, and coordination efforts as assigned and communicates program priorities, requirements, and follow-up actions to relevant stakeholders.

Provides continuity of leadership and program operations in the absence of the DC-ISO for routine and delegated matters, while elevating high-risk, high-visibility, or enterprise-impacting issues to appropriate leadership.

Travels as required, including overnight stays.

Performs all other duties as assigned.

Decision Making: Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisor’s signature.

The incumbent will handle to the day to day coordination, implementation, administration, and support of GG/CE Delivery Center security standards, procedures, reviews, assessments, reporting, operational priorities within established policy, delegated authority, and supervisory guidance. It requires exercising judgment in coordinating audits, risk assessments, vulnerability follow up, incident support activities, staff assignments, stakeholder communications, documentation review, reporting, and providing routine consultative guidance to agencies and technical teams. The position also provides recommendations to the DC ISO regarding risk treatment options, audit and assessment priorities, remediation strategies, policy application, process improvements, operational readiness, staffing needs, and security program requirements, while matters involving enterprise wide impact, formal risk acceptance decisions, major policy exceptions, substantial legal or regulatory implications, disciplinary actions, strategic policy direction, or high profile incident decisions are referred to the DC ISO, the Delivery Center CIO, the Commonwealth CISO, or other appropriate leadership.

Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License

Experience:



Licenses, registrations, or certifications:

1.   N/A
 
2.   N/A
 
3.   N/A
 
4.   N/A
 
5.   N/A
 
6.   N/A

Essential Functions: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.
 
 1. Maintains effective and collaborative working relationships with key stakeholders.
 2. Communicates and collaborates effectively verbally and in writing.
 3. Builds and maintains productive working relationships across organizational lines.
 4. Coordinates and supports large and complex projects and security initiatives.
 5. Ensure compliance with Commonwealth policies, directives, and procedures.
 6. Supports compliance with IT policies, management directives, and security requirements.
 7. Exercises sound judgment in handling sensitive and confidential information.
 8. Manage multiple assignments and respond to changing priorities.
 9. Support incident, audit, assessment, and compliance activities under deadlines.
 10. Travel as required.