The Information Security Office's mission is to safeguard the confidentiality, integrity, and availability of Department's information assets. The primary responsibilities of the Information Security Office are to:
• Develop and implement department-wide information security policies and procedures to address issues presented by rapidly changing technology.
• Investigate information security incidents and breaches, recommend required action(s) and report incidents and breaches to the Department's executive management and comply with all applicable state reporting requirements.
• Provide and manage the department's security awareness-training program.
• Develop and maintain the Department's Disaster Recovery / Business Continuity Plan.
• Participate on teams charged with designing new applications or making major modifications to existing systems to ensure auditability and security are considerations from inception to implementation.
• Participate on the Data Governance Board and its workgroups to bring a data security perspective to the Department's collection, processing and disclosures of protected and sensitive data.
• Participate in the procurements of technology and services that may impact information security by writing, reviewing and/or revising data agreement terms and conditions to secure terms favorable to the Department (e.g. Information Protection Agreements, Data Disclosure Agreements, and Memorandum of Understanding).
Perform research and provide recommendations in order to assist in the development of policies, procedures, and strategic initiatives on such topics as PCI, Disaster Recovery, General IT security best practices, and Data Classification project.
Working with NYSED's Information Security Office, the intern can expect to gain holistic knowledge of how a typical Information Security department operates in a state government agency. The intern will have exposure to the daily operations of the department, and will learn to appreciate the importance of standards, policies, and procedures in protecting institutional data. The intern will learn how to think strategically about information security, will gain hands-on knowledge in developing enterprise-level professional documentation, and will learn how to work as part of a team to ensure that such documentation meets the needs of the entire agency.
Flexible Monday – Friday between 8 am and 5 pm.
Background with an understanding of programming, computer science, business, policy, project management, or cybersecurity.
Qualified candidates should email a cover letter, resume, transcript (student copy is acceptable), and completed internship application to email@example.com Please include the Assignment Number (PIMS-SU21-1) in the subject line of your email to reference this assignment.