Security Program Support

Statement of Work - Project - Security Program SupportDuration:January 1, 2020, through December 31, 2020Background:The Colorado Office of Information Technology's Office of Information Security (OIS) is responsible for providing leadership in the development, delivery and maintenance of an information security program by safeguarding the state's information assets against unauthorized use, disclosure, modification, damage or loss to support Colorado's mission to provide secure and sustainable services. The OIS is responsible for security risk management, oversight of applicable regulatory compliance, and creation of secure coding best practices to protect Colorado's information systems and mission critical applications.Through its continuing efforts to constantly provide the highest level of service to its constituents, the OIS is continuously engaged in technology projects targeting information security enhancements.The OIS will engage with a contractor to provide project, process, and program management related to statewide security training, OIT-related training, and security program support to achieve 2020 security goals.Summary:The Office of Information Technology (OIT) Office of Information Security (OIS) is seeking an experienced project and program manager to provide the following services:Main Responsibilities:Conduct business process analysis, documentation and coordination across the CISO teamDetermine the operations to be performed and how processes will be implemented in the support of the Cyber Security LMS and under the guidance of the training teamCreate and revise office procedures and write or update office and training procedure manualsOrganize programs and activities in accordance with the mission and goals of the CISO team and the OIT organizationDevelop and/or assist in the refinement or development of (new) programs to support the strategic direction of the CISO teamFormulate, organize, coordinate and monitor inter-connected CISO projects with responsibilities including but not limited to:Plan and define project/program scopePlan and sequence resources, schedules and activitiesEstimate costs and develop a budget as neededCollaborate on determining suitable strategies and objectivesIdentify, implement and manage changes and interventions to ensure project goals are achievedCoordinate cross-project activitiesDevelop, control and communicate deadlines, budgets and activitiesCollaborate in identifying and resolving program/project issues to improve program/project process, efficiency and effectivenessTrack and report on the status of cybersecurity projectsPrepare reports for CISO program/project directorsIdentify system, project, program gaps in the CISO team; propose and implement solutionsLearning Management System - Security-related Training update and supportIdentify security-related, training needs of the organization and enterprise; procure, create, or update security-related training to meet business needs; convert training content, as needed, to meet LMS formatting standards; assist with role-based Security curriculum development that is aligned with OIT's Playbook compliance requirementsCollaborate with the OIT LMS Administrator to: track user lesson progress and send out timely reminders to complete training, identify common user experience issues and work with vendor and OIS staff to resolve, analyze the effectiveness of the LMS and make recommendations to HR regarding its use as compared to other potential platforms, track amount of time spent troubleshooting and resolving user issues for reporting purposes.Provide limited assistance with trouble ticket management and vendor tracking/communications of platform improvements, assistance with strategic planning with respect to CISO's near-, mid-, and long-term goals around OIT training management (tracking, delivery via both classroom and online formats, platform, etc.)Security Program Structure and SupportDevelop effective reporting tools for the business unit including quality assurance of data.Prepare routine and ad hoc reports (could include: project/program status reports, monthly scorecard, ELT monthly report, quarterly operations reviews, etc.). Analyzes trends and recommends adjustments.Maintain current best practice methods of data collection and reporting.Analyze the business unit's activities and trends and compare analyses against the service standards and best practices.Present findings and works with the leaders in assigned business units and other personnel to identify and implement strategies that will address tactical and strategic goals.Bridge communications between CISO teams, and assists with interdepartmental collaboration.Facilitate communication between the CISO team and other teams within OIT to ensure CISO goals are met.Look for opportunities for collaboration among OIT teams.Participate in staff meetings, operations reviews, project reviews, etc. for CISO team.Oversee internal projects or process improvements that impact security initiatives or promote increased security or increased operational efficiency.Take assigned projects from the original concept through final implementation.Work directly with appropriate OIT personnel to understand project concept, objectives and approach.Define project scope and objectives.Create and maintain project schedules by developing project plans and specifications, estimating time requirements, establishing deadlines, monitoring milestone completion, tracking all phases of the project/product/service lifecycle, providing timely reporting of issues that impact project progress, coordinating actions, and resolving conflicts. This includes documenting, prioritizing, and tracking.Work with appropriate personnel to allocate personnel time to project tasks and to track progress of their work.Gain understanding of business unit's processes and explain those processes to other business units.Expected Monthly Deliverables:DeliverableCadence/Not later thanProvide YTD security-related training metrics for statewide security awareness training complianceNot later than end of the first week of each monthReview and respond to security training needs, closing out tickets as necessaryNot later than the end second week of each monthWork with teams to create security efficiencies, documenting security processes or procedures as identifiedNot later than the end of the third week of each monthSubmit status report on FY20 project progressNot later than the end of the last business day of each monthMinimum Job Requirements:Work Experience: Two to five years experience in the information technology industry,business administration, project management, or related areasEducation/Training: Graduation from an accredited college or university with a BA/BS inbusiness administration, public administration, or related field.Functional/TechnicalKnowledge & Skills: Business planning and managementProven experience as a program/project coordinatorStrong communication & presentation skillsAnalysis & reportingProblem solving & decision makingChampion for changeCustomer focus & relationship buildingStrong leadership, organizational, & time management skillsInformation Technology proficiencyMathematical aptitude & descriptive statisticsAdvanced skills in Microsoft Office applications, specifically Word, Excel,& PowerPoint as well as Google AppsComment Files Company Origin Viewable Created By Created On Background VerificationMinimum Verification RequirementsPlease complete the following verifications with Info Cubic upon candidate's selection. Additional verifications may be identified by the agency.State Criminal Record verification (past 7 years covering each State in which the candidate has resided)County Criminal Records (past 7 Year Address History)Federal Criminal Records Verification (past 7 years)SSN Name SearchGlobal Monitor Check (formerly Patriot/OFAC/Terrorist)(Suppliers Only)To order, click on the link to the right: