Job Description
Maine Office of Information Technology (MaineIT)
Agency Information Security Officer (DAFS)
ABOUT THE JOB DETAILS:
The role of the Agency Information Security Officer is to provide consultative, professional
advice and expertise about security issues to agency and executive management; is the agency
subject matter expert on information security matters. The position will work with agencies and
MaineIT divisions to identify, assess, prevent, protect, and mitigate information security risks,
threats, and vulnerabilities to safeguard business operations. This individual will serve as a
central point of contact on security related matters for agencies to assist in their strategic
planning, operational needs, incident response operations, and regulatory compliance efforts.
WHAT WILL YOU DO?
As the Agency Information Security Officer, you will:
• Collaborate with agencies and MaineIT to strengthen the state's security posture
through continuous assessment, proactive security measures, and alignment of security
initiatives with business goals.
• Exercise independent judgment on critical security matters, including risk
assessments, resource allocation, and policy implementation, ensuring the agency's
operations and inter-agency relationships are secure and compliant with state and
federal regulations.
• Work closely with sections of the Information Security Office to implement and
support the State of Maine Information Security Program Plan, fostering cross-functional
collaboration to address emerging threats and vulnerabilities.
• Engage with stakeholders across agencies to integrate security strategies into
business objectives, ensuring that security operations and initiatives directly support the
agency's missions, goals, and regulatory compliance needs.
• Serve as the primary point of contact for the escalation of cybersecurity issues,
ensuring that concerns are promptly addressed and resolved in a timely, coordinated,
and efficient manner to minimize risk and maintain business continuity.
• Advise on Security Policies & Standards - Develop, review, and enforce security
policies, standards, and best practices to ensure agency compliance with state and
federal regulations.
• Risk Assessment & Management - Conduct security risk assessments, analyze
findings, and recommend remediation strategies to mitigate threats and vulnerabilities.
• Incident Management & Response - Assist with security incident investigations,
coordinate response efforts, and provide guidance on incident containment, remediation,
and reporting.
• Third-Party Risk Management - Evaluate vendor and third-party security controls to
ensure compliance with state security requirements and industry standards.
• Audit & Compliance Support - Support internal and external security audits by
providing necessary documentation and guidance to ensure adherence to regulatory
requirements.
Emerging Threat & Technology Assessment - Stay informed on evolving
cybersecurity threats, technologies, and best practices, and provide recommendations
for improving agency defenses.
• Business Continuity & Disaster Recovery - Collaborate with agencies to develop and
test business continuity and disaster recovery plans to ensure resilience in the event of a
security incident or disruption.
WHAT MAKES THIS JOB UNIQUE?
• Make a Difference: The scope of this position impacts the trajectory of application
security in the State of Maine, ensuring the integrity and confidentiality of critical
systems.
• Show Your Strength: A chance to apply your expertise in application security and
demonstrate your capabilities.
• Experience in State Government: Opportunity to work within a large IT enterprise
supporting critical State applications.
• Selfless Service: Play a pivotal role in safeguarding the State's critical systems,
contributing to the public good by protecting citizens' data and ensuring the secure
operation of essential government services.
PREFERRED QUALIFICATIONS:
• Proactive: Uses time effectively and makes sound decisions independently;
• Collaborative: Builds coalitions among supported agencies for efficient information
security program management;
• Expertise: Subject matter expertise or the capacity to become an expert in the role's
essential functions; and
• Versatility: Dynamic individual capable of balancing information security, agency
business functions, and statewide risk.
WHY WILL YOU LOVE IT HERE?
If you are seeking a culture that supports growth, fosters success, and wants to play a key role
in maintaining the confidentiality, integrity, and availability of State of Maine data and systems,
then MaineIT is where you need to be. With the MaineIT, Information Security Office you can
expect:
• Immersion in rapidly evolving issues of state government and a fast-moving organization
full of opportunity.
• Collaboration with talented peers and exposure to creative problem-solving approaches.
• Opportunities to tackle unique and complex projects in application security.
MINIMUM QUALIFICATIONS:
• Self-motivated leader with 5 to 7 years of experience in a leadership role, information
security, relationship management, and cross-functional goal achievement;
• Bachelor's degree in information technology or related field. Four years of direct
experience with information security consultancy may be used in lieu of a degree;
• Expertise working with Security and Privacy Controls for Information Systems and
Organizations as established by the National Institute of Standards and Technology;
Ability to pass required background checks; and
• While not mandatory, experience with support functions-such as consolidated data
centers, shared print facilities, and disaster recovery sites-as they relate to the
regulatory compliance requirements for federally protected data types is preferred.
Requirements
Top 3 Skills:
5 to 7 years of experience in a leadership role, information security, relationship management, and cross-functional goal achievement
Regulatory compliance & policy implementation
Incident response & threat mitigation
Date Posted: 16 May 2025
Apply for this Job