Cyber Risk Management

Introduction

MDEM is looking for a diligent, detail-oriented individual who is excited about making Maryland a safer�place to live and work by�assisting�with the Cyber Preparedness Unit.\r
\r
\r
MDEM's mission is to proactively reduce disaster risks and reliably manage consequences through�collaborative work with Maryland's communities and partners. MDEM is the department of State�government with primary responsibility and authority for emergency preparedness policy, and for�coordinating hazard mitigation, incident response, and disaster recovery. MDEM is a national leader in�Emergency Management that provides Maryland residents, organizations, and emergency management�partners with expert information, programmatic activities, and leadership in the delivery of financial,�technical, and physical resources "to shape a resilient Maryland where communities thrive." We do this�by being Maryland's designated source of official risk reduction and consequence management�information.\r
\r
\r
NOTE: This position operates within an on-call rotating schedule according to assignment within the State Emergency Operations Center (SEOC) to attend to all emergencies on a statewide 24/7 basis. This may involve working 12-hour�shifts extended periods of time in support of 24-hour consequence management activities.\r

GRADE

17\r

LOCATION OF POSITION

7229 Parkway Dr Hanover, MD 21076\r
7450 Traffic Dr, Hanover, MD 21076�(COOP Site)\r
1 E Rolling Crossroads, Catonsville, MD 21228, USA\r

Main Purpose of Job

The Maryland Department of Emergency Management (MDEM) is a\r
primary executive department of State government with primary responsibility\r
and authority for emergency preparedness policy, and for coordinating hazard\r
mitigation, incident response, and disaster recovery.� MDEM works to\r
ensure that all Marylanders engage in preparedness activities and that the\r
entire state is more disaster resilient.� The Preparedness Branch – Cyber\r
Preparedness Unit is a critical part of MDEM's mission.�This\r
position reports to the Risk Management & Assessment Program\r
Coordinator.�\r
�\r
This\r
position serves the State of Maryland, its State Agencies and Local\r
Jurisdictions, in the following area:\r
\r
Local\r
Jurisdiction Cyber Preparedness Support:\r
Support the\r
Local Cyber Preparedness Program with projects and initiatives to\r
increase cyber preparedness, including:\r
\r
\r
\r
\r
\r
\r
Cyber\r
Preparedness Planning\r
\r
\r
\r
\r
\r
\r
\r
Plan\r
Development\r
\r
\r
\r
\r
\r
\r
\r
\r
Planning\r
Workshops\r
\r
\r
\r
\r
\r
\r
\r
Cyber\r
Preparedness Training\r
\r
\r
\r
\r
\r
\r
Cyber\r
Preparedness Testing & Exercise\r
\r
\r
\r
\r
\r
Provide\r
technical assistance in support of Local Jurisdiction cyber preparedness\r
activities.\r
\r
\r
\r
\r
Provide cyber\r
incident management support to Local Jurisdiction Offices of Emergency\r
Management (OEMs)/Emergency Operations Center (EOCs)\r
\r
\r
\r
State Cyber\r
Preparedness Support:\r
\r
\r
\r
Coordinate\r
with and provide support to the DoIT Office of Security Management\r
\r
\r
\r
\r
Provide\r
support and technical assistance to State agencies emergency management\r
coordinators.\r
\r
\r
\r
MDEM\r
Information & Communication Technology (ICT) Support:\r
\r
\r
\r
Serve as the\r
Third-Party Risk Analyst within the MDEM ICT Program.\r
\r
\r
\r
\r
Support MDEMs\r
Enterprise Risk Management (ERM) Program with a focus on cybersecurity,\r
information technology, and third-party risks.\r
\r
\r
\r
\r
Develop and\r
maintain the following risk products:\r
\r
\r
\r
\r
\r
Third-Party\r
Vendor Inventory\r
\r
\r
\r
\r
\r
\r
Third-Party\r
System/Software/Application/Service Inventory\r
\r
\r
\r
\r
\r
\r
Third-Party\r
Risk Assessments\r
\r
\r
\r
\r
\r
\r
Third-Party\r
Service Level Agreement (SLA) Inventory\r
\r
\r
\r
\r
\r
\r
Third-Party\r
Risk Monitoring Reports\r
\r
\r
\r
\r
\r
Conduct the\r
analysis of organization business processes and systems (applications,\r
data usage, SaaS, etc.) for privacy/security compliance.\r
\r
\r
\r
\r
Assist with\r
the establishment of a Cyber Risk Management Framework with MDEM adhering\r
to NIST 800-53A, & the NIST Risk Management Framework (RMF).\r
\r
\r
\r
\r
\r
Ensure\r
Appropriate Risk Controls with Information Systems and Technology\r
Procurements\r
\r
\r
\r
\r
\r
\r
Develop an\r
understanding of MDEM's enterprise architecture\r
\r
\r
\r
\r
\r
Serve as the\r
lead for MDEMs Third Party Risk Management (TPRM) program, to include the\r
management of:\r
\r
\r
\r
\r
\r
Third-Party\r
Risk Assessment\r
\r
\r
\r
\r
\r
\r
Cybersecurity\r
Risk\r
\r
\r
\r
\r
\r
\r
Operational\r
Risk\r
\r
\r
\r
\r
\r
\r
Compliance\r
Risk\r
\r
\r
\r
\r
\r
\r
Reputational\r
Risk\r
\r
\r
\r
\r
\r
\r
Financial\r
Risk\r
\r
\r
\r
\r
\r
\r
Transaction\r
Risk\r
\r
\r
\r
\r
\r
\r
Strategic\r
Risk\r
\r
\r
\r
\r
\r
\r
Supply Chain\r
Risk\r
\r
\r
\r
\r
\r
\r
Third-Party\r
Vendor Evaluation\r
\r
\r
\r
\r
\r
\r
Third-Party\r
Risk Tiering\r
\r
\r
\r
\r
\r
\r
Third-Party\r
Continuous Monitoring\r
\r
\r
\r
\r
\r
Assist with\r
the development of Risk Awareness Training\r
\r
\r
\r
State of\r
Maryland:\r
\r
\r
\r
Support\r
programs, projects, initiatives, and activities of the Preparedness\r
Branch and its Units and Programs; and\r
\r
\r
\r
\r
Support\r
programs, projects, initiatives, and activities of MDEM.\r
\r
\r
\r
\r
Support\r
programs, projects, initiatives, and activities of the Governor's Office\r
of Homeland Security.\r
\r
\r
�\r
In order to fulfill these\r
responsibilities, this position requires strong communication, organizational,\r
and management skills, as well as strong technical and presentation skills.\r
�\r

POSITION DUTIES

\r
\r
\r
\r
Emergency and Disaster response and recovery operations\r
as needed and/or assigned by Department Secretary, Directors, or Operations\r
Personnel.� Employee will be expected to staff the State\r
Emergency Operations Center (SEOC) upon activation for consequence management\r
activities.� Employee may be called to duty at\r
any time, day or night, and is expected to report to the SEOC or assigned\r
duty location within 2 hours of notification. Employee will attend\r
training and retain competencies to be appropriately prepared for SEOC\r
staffing needs including understanding and mastery of all five components of\r
the National Incident Management System (NIMS) and the Maryland Emergency\r
Management System (MEMS). Employee will support SEOC activities, which may\r
involve extended work hours, as well as extraordinary stress levels, given\r
that a disaster event would occur requiring SEOC activation.� Employee\r
will be expected to perform command and supervisory functions for incident\r
management needs with competence and reliability under NIMS and MEMS.\r
Employee is expected to support ongoing recovery operations as it relates to\r
their specific Branch roles/responsibilities. Employee may be required to\r
report to an alternate location to perform SEOC duties in support of MEMS\r
stakeholders or in the event of a Continuity of Operations Program (COOP)\r
Plan activation.� Employee may be called to duty at any time, day or\r
night, and is expected to report to the SEOC or assigned duty location within\r
2 hours of notification.\r
\r
\r
\r
\r
Support the Local Cyber Preparedness Program: This\r
position coordinates with projects and initiatives to increase cyber\r
preparedness, including:\r
\r
Cyber Preparedness Planning\r
\r
\r
\r
Plan Development\r
\r
\r
\r
\r
Planning Workshops\r
\r
\r
�\r
Cyber Preparedness Training\r
�\r
Cyber Preparedness Testing &\r
Exercise\r
\r
Provide\r
technical assistance in support of Local Jurisdiction cyber preparedness\r
activities.\r
Provide cyber\r
incident management support to Local Jurisdiction Offices of Emergency\r
Management (OEMs)/Emergency Operations Center (EOCs)\r
\r
\r
\r
\r
\r
Cyber Risk Management & Preparedness: This\r
position serves as the Third-Party Risk Analyst & Preparedness Specialist\r
within the Cyber Preparedness Unit to develop and maintain the following risk\r
products:�\r
\r
Third-Party Vendor Inventory\r
Third-Party System/Software/Application/Service\r
Inventory\r
Third-Party Risk Assessments\r
Third-Party Service Level Agreement (SLA) Inventory\r
Third-Party Risk Monitoring Reports\r
\r
This\r
position will also support the Risk Management and Assessment coordinator\r
with ensuring that MDEM's risk management process is being effectively\r
conducted across the three tiers of organization, mission/business processes,\r
and information systems\r
\r
\r
\r
\r
Third Party Risk Management: This position serves as the\r
lead for MDEM's Third Party Risk Management (TPRM) program. This includes the\r
management/completions of\r
\r
Third-Party Risk Assessments\r
Third-Party Vendor Evaluations\r
Third-Party Risk Tiering\r
Third-Party Continuous Monitoring\r
Coordination of the risk review process for the\r
purchase or procurement of third-party systems, applications, and\r
software.\r
\r
\r
\r
\r
\r
Risk Control Measurements:\r
\r
Collaborate with DoIT to compile operational\r
evidence including records of remediation actions, the results of\r
security incident reporting (including breaches involving personally\r
identifiable information), and the results of organizational continuous\r
monitoring activities, for the purpose of measuring controls.\r
Collect and analyze data through personal interviews\r
and independent research;\r
Assemble statistical data and reports for use in\r
evaluating policies and programs;\r
Attend meetings with agency personnel to discuss\r
recommendations and related implementation issues;\r
\r
\r
\r
\r
\r
Preparedness Branch Support: This\r
position supports the Prepared Branch, Branch sponsored activities as well as\r
the Branch's units including the Planning & Assessment Unit, Training\r
& Exercise Unit, State Continuity Program Unit, the Radiological\r
Emergency Preparedness Unit, and the State Special Events Program.\r
\r
\r
\r
\r
Support the Department's statewide activities: This\r
position supports Department activities including developing, promoting, and\r
implementing assigned plans, documents, and other materials related to the\r
Maryland Emergency Management System. This may include, but not be limited\r
to, conducting capability assessments, and developing operational plans.\r
Provide support and assistance for the development and delivery of training\r
and exercise.\r
\r
\r
\r
\r
Support MDEM's strategic goals and objectives for\r
emergency management.\r
\r
\r
\r
\r
Support Maryland's strategic goals and objectives for\r
homeland security.\r
\r
\r
\r
\r
Support and participate in Consequence Management\r
Directorate and overall Agency initiatives and programs, as\r
assigned by the Preparedness Branch Manager, Consequence Management Director,\r
Deputy Executive Director, and/or the Secretary. Support the MEMA Consequence\r
Management, Disaster Risk Reduction, and Mission Support Directorates as\r
needed.\r
\r
\r
\r
\r
�\r

MINIMUM QUALIFICATIONS

Education: Graduation from an accredited high school or\r
possession of a high school equivalency certificate.\r
Experience: Five years of administrative staff or\r
professional work.\r
Notes:\r
1. Candidates may substitute 30 credit hours from an accredited\r
college or university for each year up to four years of the required\r
experience.\r
2. Candidates may substitute the possession of a Bachelor's degree\r
from an accredited college or university and one year of experience in\r
administrative staff or professional work for the required experience.\r
3. Candidates may substitute the possession of a Master's degree\r
from an accredited college or university for the required experience.\r
\r
\r
4. Candidates may substitute U.S. Armed Forces military service\r
experience as a commissioned officer involving staff work related to the\r
administration of rules, regulations, policy, procedures and processes, or\r
overseeing or coordinating unit operations or functioning as a staff assistant\r
to a higher-ranking commissioned officer on a year-for- year basis for the\r
required experience.\r

DESIRED OR PREFERRED QUALIFICATIONS

�\r
Certification as a Certified Risk Management Professional (CRMP) or\r
similar certification.�\r
�\r
Experience with Cyber Preparedness�\r
�\r
Experience with Third-Party Risk Management (TPRM)�\r
�\r
Experience with Database Management\r
�\r
Experience with Training Delivery�\r
�\r
Experience engaging a diverse set of stakeholders to include senior\r
leadership.\r
�\r
Experience working independently or collaboratively on Department\r
projects.\r
�\r
Experience exercising independent judgment and initiative in projects\r
relation to Department objectives.�\r
�\r
Experience preparing and presenting findings and recommendations in\r
clear, concise reports.�\r
�\r
Experience solving problems, thinking critically and analytically,\r
visualizing data, develop products, and communicating clearly and effectively.\r

LICENSES, REGISTRATIONS AND CERTIFICATIONS

Employees in this classification may be assigned duties which require the operation of a motor vehicle. Employees assigned such duties will be required to possess a motor vehicle operator's license valid in the State of Maryland.\r

SELECTION PROCESS

Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment.�RESUMES WILL NOT BE ACCEPTED IN LIEU OF COMPLETING THE�EMPLOYMENT APPLICATION.�All information concerning your qualifications including any required certifications must be submitted by the closing date.� We will not consider information submitted after this date.�\r

EXAMINATION PROCESS

The assessment may consist of a rating of your education, training, and experience related to the requirements of the position.�It is important that you provide complete and accurate information on your application.�Please report all experience and education that is related to this position.\r

BENEFITS

\r
Contractual employees who work for an agency covered under the State Employee and Retiree Health and Welfare Benefits Program, have a current employment contract and work 30 or more hours a week (or on average 130 hours per month) may be eligible for subsidized health benefits coverage for themselves and their dependents. As a contractual employee, you will be responsible for paying 25% of the premiums for your medical and prescription coverage, including any eligible dependents you have enrolled. The State of Maryland will subsidize the remaining 75% of the cost for these benefits. You can also elect to enroll in dental coverage, accidental death and dismemberment insurance, and life insurance, but will be responsible to pay the full premium for these benefits.\r
Leave may be granted to a contractual employee who has worked 120 days in a 12-month period. This leave accrues at a rate of one hour for every 30 hours worked, not to exceed 40 hours per calendar year.\r
\r
\r
\r

FURTHER INSTRUCTIONS

Online applications are highly recommended. However, if you are unable to apply online, the paper�application and supplemental questionnaire may be submitted to: Maryland Department of�Emergency Management, 5401 Rue Saint Lo Drive, Reisterstown, MD Paper application�materials must be received in our office by the closing date for the recruitment. No postmarks will be�accepted.\r
For questions regarding this recruitment, please call , or email �\r
Appropriate accommodations for individuals with disabilities are available upon request by calling: MD TTY Relay Service \r
We thank our Veterans for their service to our country.�People with disabilities and bilingual candidates are encouraged to apply.\r
As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.\r