Previous Job
MCS - IT Governance Lead Cyber Security (516731)
Ref No.: 17-02989
Location: Diamondale, Michigan
MCS - IT Governance Lead Cyber Security (516731)
7150 Harris Drive, Diamondale, MI
In Person Only

Works within DTMB's Michigan Cyber Security (MCS) to provide relationship management, communication, awareness, and oversight to State of Michigan Agencies for some key strategic programs including Vulnerability Management and Analytics.

Years of Experience:
10 years of experience in the field.

Job Description:
- Builds and maintains key relationships with State of Michigan Agency leaders and managers for key strategic programs, specifically Vulnerability Management and Analytics.
- Ensures stakeholders are educated on the scope, expectations and impacts of key strategic programs and holds them accountable.
- Coordinates stakeholders, facilitates governance routines and provides program oversight.
- Develops and owns the communication plans with the Agencies for various key initiatives.
- Strategizes and plans the program(s) based on best practices and security frameworks.
- Supplements the traditional project team with higher level communications, awareness and relationship management.
- Outlines and facilitates change management
- Collects and communicates key metrics on program progress.
- Assists in resolving high level issues and outlines critical risks in key strategic programs.
- Develops and delivers the operational transition plans for the technology and platforms for Vulnerability Management.

Familiarity and work experience (required) leveraging NIST Moderate and CIS Controls that address Vulnerability and Asset Management (The NIST Framework for Improving Critical Infrastructure Cybersecurity calls out the CIS Controls as one of the "informative references” – a way to help users implement the Framework using an existing, supported methodology. Survey data shows that most users of the NIST Cybersecurity Framework also use the CIS Controls.).

Responsibilities include:
Communication with Senior management including, but not limited to, DTMB's Michigan Cyber Security (MCS), Infrastructure & Operations and Agency Services to implement the respective programs and develop integrated workplan for their organizations.
- Organize and chair the respective program Steering Committee
- Align, and work with, the EPMO Project Manager on process, deliverable and QA.
- Act as the MCS Lead for what is referred to as a cross-functional "Operational Excellence” (OpEx) program for year
• Eliminate remediation deficit
• Establish and refine scanning and remediation windows and processes
• Establish and refine false positive reporting and close-out
• Establish and refine reporting requirements and dashboards
• Establish and refine Tenable platform requirements and configuration
• Include bi-weekly "office hours” workshops for problem resolution

Required / Desired
of Experience
Familiarity and work experience leveraging NIST Moderate Controls (addressing Vulnerability Management & Asset Management)
Familiarity and work experience leveraging CIS Controls (addressing Vulnerability Management & Asset Management)
Proven expertise in NIST Cybersecurity Framework
Professional Experience in Large Information Technology environments
Professional Experience in IT Security
Experience as Manager Director with direct reports
Experience in the IT or Security Consulting Field
Highly desired
Bachelors or Masters Degree in Computer Science, Information Systems, Business or Engineering
Question 1
Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question 2
Please list candidate's email address that will be used when submitting E-RTR.
Question 3
The Vendor Rate for this position is not to exceed $. Do you accept this requirement?
Question 4
The client plans to schedule IN PERSON ONLY interviews for this position the week of October 3rd. Please confirm your candidate will be available to interview any of those days if selected.
Question 5
Please include a paragraph re: candidate's availability, location, applicable skills, and other pertinent information in the Summary of Qualifications tab, when submitting.
Question 6
Have you set up and rolled out an enterprise Vulnerability Management (and Patch Management) Program at a large organization? If yes - please explain.
Question 7
Have you instituted programs that comply with either NIST or the CIS controls that address Vulnerability and Asset Management specifically? If yes - please explain.
Question 8
Have you set up and chaired an enterprise level Steering Committee? If yes - please explain.
Question 9
Do you have experience presenting program status and metrics to executives? If yes - please explain.