Position: Security Awareness Training - SME

Client: Maryland – Department of Information Technology (DoIT)

Location: 100 Community Pl, Crownsville, MD 21032 (hybrid - three days remote, two days onsite). Must be able to travel to both the DoIT office located in Crownsville, MD, and agencies within the Baltimore/Annapolis region.

Interview mode: Virtual

DK Consulting Overview: Founded in May 2003, DK Consulting, LLC, a woman-owned small business, was formed to provide management and technology solutions based on industry best practices. DK Consulting, LLC works with multiple State, Federal, and Commercial customers, and our services range from providing customers with that one ‘critical resource’ to assuming responsibility for an entire IT project. We offer excellent benefits and provide exceptional employee management.

The Unemployment Insurance Program of the Maryland Department of Labor is seeking an Application Developer to help relieve the financial burden of those individuals separated from employment through no fault of their own by the prompt payment of benefits. The Application Developers will provide support for design, development, testing, and deployment activities for a comprehensive reporting module.

Duties and Responsibilities: One of the key responsibilities within DoIT, via the direction of the State Chief Information Security Office (SCISO), is the management and oversight of a Statewide Security Awareness Training Program for all State employees and contractors, estimated to date at 50,000 plus users. DoIT would like to engage in making several structured improvements to the cybersecurity training and awareness program and continued operations of the program. Detailed responsibilities include, but are not limited to:

• Reviews and develops a Statewide policy that establishes the requirements, scope, roles, responsibilities, and management commitment for security awareness and training, including privacy awareness of training (“training”) that is congruent with State and Federal laws, executive orders, directives, regulations, policies, standards, and guidelines.
• Reviews, develops, plans, and coordinates the dissemination of pertinent awareness training materials that includes:
  • Initial awareness training for new employees
  • Monthly microlearning training based on current events, incident lessons learned, or the top human risks to the organization
  • Quarterly education and awareness briefings with stakeholders; d. Annual privacy training
  • Annual role-based training.
• Responsible for developing, planning, and coordinating the curriculum and resources supporting the annual security awareness summit held every October.
• Identifies key metrics to monitor for ensuring the effectiveness of the program and develops strategies to improve the metrics each performance period.
• Performs administrative duties in the security awareness training platform, including but not limited to, account provisioning/deprovisioning, report creation and delivery, campaign administration, and troubleshooting platform and user issues.
• Responsible for requirements development and the evaluation of new security awareness training platforms.
• Develops and monitors processes to ensure all appropriate employees are enrolled in the security awareness training platform and receives all mandatory and discretionary training.
• Develops and maintains awareness content for the Maryland.gov security awareness training webpage.

Minimum Qualifications:

• Minimum of 10 years’ experience in the information technology field with a focus on security awareness, privacy, and/or cybersecurity
• At least five (5) years’ experience designing and maturing a medium to large size organization’s security awareness training program
• At least three (3) years’ experience working with and/or administering the Proofpoint Security Awareness Training platform
• CISSP, CISM, CDPSE, CRISC, or CIPM certification
• Policy, process, and procedure development with the ability to translate information to respective documentation
• Ability to provide guidance and advice to management on cybersecurity education and awareness strategies
• Develop system related requirements for solicitations
• Managing or providing direct work products for security awareness training programs
• Ability to communicate and coordinate well with others, inclusive of good oral and written skills
• Ability to create executive level presentations and host virtual training sessions

Educational Requirement: Bachelor's degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline.

*No Visa Restrictions*