The Information Security Office's mission is to safeguard the confidentiality, integrity, and availability of Department's information assets. The primary responsibilities of the Information Security Office are to:
- Develop and implement department-wide information security policies and procedures to address issues presented by rapidly changing technology.
- Investigate information security incidents and breaches, recommend required action(s) and report incidents and breaches to the Department's executive management and comply with all applicable state reporting requirements.
- Provide and manage the department's security awareness-training program.
- Develop and maintain the Department's Disaster Recovery / Business Continuity Plan.
- Function as an internal consulting resource on information security issues.
- Participate on teams charged with designing new applications or making major modifications to existing systems to ensure auditability and security are considerations from inception to implementation.
- Participate on the Data Governance Board and its workgroups to bring a data security perspective to the Department's collection, processing and disclosures of protected and sensitive data.
- Participate in the procurements of technology and services that may impact information security by writing, reviewing and/or revising data agreement terms and conditions to secure terms favorable to the Department (e.g. Information Protection Agreements, Data Disclosure Agreements, and Memorandum of Understanding).
- Review and approve all external network connections to NYSED’s network.
Perform research and provide recommendations in order to assist in the development of policies, procedures, and strategic initiatives on such topics as PCI, Distaster Recovery, General IT security best practices, and IT security training. Assist in the research and implementation of a security information and event management (SIEM) product and an incident management system.
Working with NYSED's Information Security Office, the intern can expect to gain holistic knowledge of how a typical Information Security department operates in a state government agency. The intern will have exposure to the daily operations of the department, and will learn to appreciate the importance of standards, policies, and procedures in protecting institutional data. The intern will learn how to think strategically about information security, will gain hands-on knowledge in developing enterprise-level professional documentation, and will learn how to work as part of a team to ensure that such documentation meets the needs of the entire agency.
Qualified candidates should email a cover letter, resume, transcript (student copy is acceptable), and completed internship application to firstname.lastname@example.org. Please include the Assignment Number (PIMS-35) in the subject line of your email to reference this assignment.