Position will remain open until filled.
Salary to be determined.
The Trial Court is committed to:
• the fair and impartial administration of justice;
• protection of constitutional and statutory rights and liberties;
• equal access to justice for all in a safe and dignified environment;
• efficient, effective and accountable resolution of disputes;
• prompt and courteous service to the public by committed and dedicated professional utilizing best practices in a manner that inspires public trust and confidence.
The Judicial Information Services (JIS) department is charged with the implementation, maintenance, update and training of technology systems in support of the Office of Court Management and all Judicial Departments, including the Probation Department. This includes network and servers connecting all judicial locations, computer hardware and peripherals, the myriad of software necessary to maintain the judicial programs, and the voice telecommunications services ranging from current phone systems to the use of newly installed video conferencing equipment. JIS is also charged with the production, deployment, training and maintenance of MassCourts (the web-based Trial Court Case Management System – CMS).
The Chief Information Security Officer is responsible for the development and enforcement of security policy and strategy. This individual would oversee the assessment, design, development, and ongoing management of the information security program. He/She would be responsible for ensuring appropriate organizational policies, procedures, and technical systems are in place to maintain confidentiality and compliance with all relevant laws, guidelines, and regulatory mandates to protect Personally Identifiable Information (PII). Under the direction of the Chief Information Officer, the Chief Information Security Officer would ensure that electronic systems architecture and functionality safeguards all confidential proprietary privileged and protected information assets. He/She would oversee the selection, development, deployment, monitoring, maintenance, and enhancements to the organization’s security technology. He/She would administer security programs and procedures.
The Chief Information Security Officer reports to the Chief Information Officer or his/her designee and receives general direction in performing duties in accordance with established guidelines.
Establish organization security protocols that require user identification and passwords and protect networks from hackers;
Observe and monitor the Court network, websites, applications, computers, and databases;
Advise management on information security issues, perform security risk assessments, implement information security procedures, manage information security policies and coordinate response to information security incidents;
Assess, design, oversee, and provide ongoing management of the information security program. Must keep current on antivirus software, firewalls, and other security systems. Develop emergency procedures for handling security breaches,
manage internal communication regarding security and provide estimates of budgetary requirements for security related items and upgrades;
Ensure appropriate organizational policies procedures technical systems and workforce training to maintain confidentiality integrity and compliance with all relevant laws and guidelines;
Ensure that electronic systems architecture and functionality safeguard all confidential proprietary privileged and protected information assets;
Implement, manage, and enforce information security processes and procedures within regulatory mandates to protect PII;
Ensure the ongoing integration of information security with business strategies and privacy requirements;
Develop and maintain an information security risk mitigation plan based on sound risk analysis. Work with Human Resources to ensure appropriate enforcement sanctions for information security breaches;
Perform and manage the security audit program to assess effectiveness of policies and procedures and systems security safeguards;
Manage complaint, incident, preventative, and investigative programs related to security policies. Conduct risk analyses to assess the probability of risks occurring and the impact on the organization. Lead information security awareness and training initiatives to educate workforce about policies procedures and information risk;
Establish and maintain the enterprise vision, strategy and program to ensure information assets are adequately protected.
Advise staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and Information Technology risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures;
Directly responsible for information-related compliance. Is the owner for all ongoing activities that provide access to and protect the confidentiality and integrity of customer, employee and commercially sensitive information in compliance with policies and standards;
Accountable for the development, implementation and monitoring of a strategic comprehensive enterprise information security program to ensure the availability, integrity, and confidentiality of information owned, controlled, or processed by the courts;
Manage the development and implementation of organization-wide security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Information protection responsibilities will include network security architecture, network access, and monitoring policies, attempting to hack info certain areas of the network, and employee education and awareness;
Work with outside consultants as appropriate for independent security audits and penetration tests;
Keep current regarding technology news, researching new antivirus technology and new safety protocols. Keep up with the current employee manifest. Ensure Audit and Access control processes are defined and being followed for minimum necessary access to confidential data and ensure that everyone with access is truly authorized. Manage the implementation of current system capabilities to track all access. Use Risk Assessment and other Security tools to identify necessary
technology or processes to mitigate the identified risk;
Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary;
Collaborate on the selection, development, deployment, monitoring, maintenance, and enhancement of the organization’s security technology; and
Perform IT Risk Assessments, audits, and security incident investigations.
Ethics and Values
Communicates and demonstrates the ethics and values of the Judicial Branch.
Understands, upholds, and communicates the Judicial Branch and Information Services missions.
Understands information services operations, specialized tools, applications, and software, with some understanding of the various court departments and divisions
Demonstrates a commitment to continuously improve their knowledge of fast-changing computer programs, hardware and software through professional development.
Commitment to Diversity
Promotes an environment of diversity through understanding, respect, and positive communication with persons of varies racial, ethnic, economic and cultural backgrounds.
Conducts oneself in a courteous and professional manner when assisting all employees of the Judiciary, regardless of their position in the Judiciary.
Works with others cooperatively, demonstrating a willingness to be a team player, and contributing to a work environment that focuses on shared departmental goals.
Accurately assesses workplace problems in TCIS and recommends and facilitates appropriate solutions.
These are the minimum requirements necessary to apply for the position of Chief Security Information Officer for Judiciary Information Services:
A Bachelor’s Degree in Information Systems or related field and 5 (Five) years of experience as an information services professional; or 10 years of relevant experience in lieu of Degree;
MBA or Masters of Science Degree in Engineering Technology, Computer Science or related Degree is preferred.
Security certification such as Certified Information System Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified Information Systems Auditor (CISA) strongly preferred.
In-depth understanding of the technologies and architectures supporting information security protection.
Strong understanding of how to apply current and emerging security technologies to solve business problems.
Comprehensive understanding of applicable practices and laws relating to data privacy and protection.
Superior communication skills, analytical ability and problem solving skills.
Practical experience implementing/managing ISO/IEC 27000 series standards desirable.
Expertise in state-of-the-art IT security systems tools programs and policies with a focus on public sector information systems highly desirable.
Strong customer service and problem solving skills required. May require response to emergencies twenty-four (24) hours/day, seven (7) days/week.
Use of a personal vehicle, with mileage reimbursement, to visit work sites and to assist at emergencies and/or events as needed.
Knowledge of security software and tools, such as McAfee, intrusion detection software, etc.
Demonstrated success working as a member of a team displaying competent communication skills.
Knowledge of state government, in particular the Massachusetts Judiciary, is preferred.
Salary to be determined.
HOW TO APPLY:
Applicants must apply by completing a Trial Court online application by clicking "Apply for this job online" button at the top of this page.
If you are not viewing this online, go to the Trial Court Jobs page at https://careers-trialcourtsofmass.icims.com/jobs and search for this job.
PLEASE NOTE: Paper, faxed or emailed applications or resumes are not accepted for any Trial Court position.
AFFIRMATIVE ACTION/EQUAL OPPORTUNITY EMPLOYER