Information Security Officer (# 1773) Salary: Grade 25 ($81,808

Thomas K. Lee, Executive Director/CIO
Human Resources Department
(518) 447-2906
Information Security Officer (# 1773)
Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141)
The New York State Teachers’ Retirement System (NYSTRS) is the second-largest public retirement
system in the state and one of the 10 largest public systems in the nation. The System administers a
defined benefit plan that provides retirement, disability and death benefits to eligible New York State
public school teachers and administrators. Our active and retired membership exceeds 426,000 and
annual pension payments are in excess of $6.0 billion. NYSTRS is not part of the Executive Branch of the
State and, therefore, does not come under the State Budget. However, the majority of our positions are
classified by the New York State Civil Service Department, thereby requiring appointments to be made in
accordance with the Civil Service Law and providing NYSTRS employees the ability to transfer to State
Agencies and to take State promotional exams.
Summary of Duties
The job duties include, but are not limited to the following:
Under the direction of the Director of Risk Management, directs and manages NYSTRS' information
security and compliance program; manages and coordinates the resolution of security threats to
NYSTRS' information systems; serves as an information security expert; confirms systems and contract
alignment with NYSTRS' information security policies; and monitors information security industry trends,
tools and techniques. Works cooperatively with NYSTRS' information security administration and
operations teams.
Minimum Qualifications
• Bachelor's degree
• Five years of information technology experience, including three years of information security or
information assurance experience to qualify at the SG-25 level.
• Six years of information technology experience, including four years of information security or
information assurance experience to qualify at the SG-27 level.
• Must have a diverse security background including knowledge in at least three of the following areas:
developing and implementing layered security architecture; internet protocols; firewalls; VPN
technologies, anti-virus and spam technologies; risk and vulnerability assessments, compliance.
NYS Teachers’ Retirement System
Page 2
* The grade level assigned to the position is dependent upon the candidate's
qualifications. The complexity of tasks assigned will be tailored to the grade level.
Preferred Skills/Expertise
Education:
Bachelor's Degree: BA or BS degree in Computer Science, Electrical
Engineering, Computer Engineering, Information Systems, or related fields.
Master's Degree: (MA or MS) in the same fields of study to include Business
Administration and Finance, or 30 + hours of graduate work.
Certification:
• Certified Information Systems Security Professional (CISSP), or
• Certified Information Security Manager (CISM), or
• Certified in Risk and Information Systems Control (CRISC
Experience:
• 3-5 years experience:
• Developing incident response plans and leading information
security response teams.
• Conducting and/or coordinating technical security scanning,
penetration testing including social engineering testing,
application security testing, mobile device security analysis, and
similar monitoring and validation techniques.
• Implementing and managing information security technologies
and measures such as firewalls, IDS/IPS, endpoint protection,
encryption, access controls, network security, security
architecture and design, secure software application design,
etc.
• Hands-on infrastructure experience, networking, risk
NYS Teachers’ Retirement System
Page 3
management, and information security experience, as well as
demonstrated understanding of Cyber security.
• Conducting risk assessments and implementing appropriate
prevention, detection, and response mechanisms.
Computer Skills:
• Ability to adapt to rapidly changing technology and apply it to business
needs.
• Knowledge in the use and configuration of commonly used protocols.
• Experience with hacker techniques and exploits.
• Extensive training and experience in computer technology and
networking with experience in enterprise networking infrastructure.
• Some web experience including backend server, security, and
SSL/TLS.
• Expertise in IT development, integration, delivery and maintenance
• Applied knowledge in one or more of the following areas: Platform
Security, Data Security, Data Center and Cloud Computing Security,
Network Security, Perimeter Security, Physical Security, Security
Assessment Tools, Security Monitoring Tools, and Managed Security
Services.
• Applied knowledge in one or more of the following areas: Security
Governance Standards, Business Continuity Planning, Enterprise Risk
Management, Computer Security Incident Response, and Security
Compliance Audits.
• Advanced knowledge/proficiency with personal computers: MS Office
NYS Teachers’ Retirement System
Page 4
Knowledge of Information Security Management Frameworks:
3-5 years security assessment experience, including:
• ISO/IEC 27000 family of standards for managing the security of
information assets
• NIST SP 800-30 rev 1 (September 2012) — Guide for Conducting Risk
Assessments — Information Security.
Regulatory Knowledge:
• Knowledge of data privacy laws.
Other Skills & Abilities:
• Excellent organizational, written and verbal communication skills
• Strong leadership/team building skills
• Strong project and people management skills
• Ability to handle confidential and sensitive matters.
• High degree of initiative and dependability
• Willingness and ability to meet goals and deadlines
• Commitment to providing exceptional customer service
• Excellent interpersonal skills
Our Vision
To be the model for pension fund excellence and exceptional customer service.
How to Apply
You will find a link to the employment application on the NYSTRS website (NYSTRS.org > About Us >
Employment Opportunities). Please note that resumes will not be accepted as a substitute, in whole or
part, for a completed application.
Inquiries regarding vacancy postings, minimum qualifications, or application procedures may be made
by email to [email protected]s.org. You can reach us by phone at (518) 447-2906.
NYS Teachers’ Retirement System
Page 5
Our Commitment to Diversity
NYSTRS is committed to fostering an inclusive environment where diversity is valued and recognized as a
source of strength and enrichment. We seek to attract talented people from a diverse range of
backgrounds and cultures.
NYSTRS is an equal opportunity employer.