INTRODUCTION

The Maryland State Department of Education is dedicated to supporting a world-class educational system that prepares all students for college and career success in the 21st century. With excellent stewardship from our divisions, we oversee State and federal programs that support the needs of a diverse population – students, teachers, principals, and other educators throughout Maryland.

SUPPORTING LOCAL EDUCATION AGENCIES

• The director works collaboratively with the Department of Information Technology to advise on best practices, processes, and state IT and security requirements. They will assist with or facilitate major security incident responses for schools as needed

MINIMUM QUALIFICATIONS

Education: A bachelor’s degree in Cyber Security, Computer Science, Information Technology, or related field of study or equivalent experience.
Experience: Seven (7) years of experience in cybersecurity or in IT with significant security responsibilities. Three (3) years of the required experience must have included direct supervision of other professional cybersecurity employees.
Note:

The following can be substituted for the bachelor’s degree

• A senior level security certification such as CISSP, CISM, CCISO, GSTRT, GLSC
• An equivalent military/federal government certification or completed course of study
• Three (3) additional years of experience in cybersecurity or in IT with significant security responsibilities

DESIRED OR PREFERRED QUALIFICATIONS

Preference will be given to applicants who possess the following preferred qualification(s). Include clear and specific information on your application regarding your qualifications.

• Experience within government or education sectors
• Masters degree in information security or a related field
• Additional relevant certifications from CompTIA, EC-Council, (ISC)2, ISACA, GIAC

SPECIAL REQUIREMENTS

Applicants must consent to State and FBI (CJIS) background check as a routine procedure for all MSDE employees.

The Director of IT Security and Compliance serves as the Chief Information Security Officer (CISO) for the Maryland State Department of Education (MSDE) and is responsible for developing and executing a comprehensive security strategy and roadmap centered around MSDE’s agency-specific systems, data, and security needs, and the shared cybersecurity and IT operations services provided by the Department of Information Technology (DoIT). This position ensures the protection of MSDE’s educational data and systems by implementing appropriate security controls, governance frameworks, and compliance measures as outlined in the Maryland IT Security Manual. The CISO collaborates with DoIT on enterprise-wide security initiatives while focusing on MSDE-specific requirements, including data privacy,audit readiness, security awareness, and incident response coordination for the agency’s unique educational technology environment. This role serves as the primary security liaison connecting MSDE leadership, DoIT security personnel, and Local Education Agencies (LEAs) to maintain a cohesive security posture that supports the agency’s educational mission, while also contributing to legislative reviews and budget planning processes related to information security.
The CISO engages collaboratively with MSDE divisions and partners to find solutions and enable the MSDE mission and business to move forward smoothly and securely, ensuring alignment with state and federal requirements and industry best practices.
Duties include, but are not limited to:

Manages MSDE’s Security, Governance, Compliance, and Risk Management Program

• Develops, maintains, and oversees the MSDE-specific Security Program in alignment with DoIT’s enterprise security framework
• Develops and maintains comprehensive security policies that address both MSDE’s educational systems and the operational systems supporting the agency’s educational oversight programs
• Provides overall management and leadership to the IT Security Program and team
• Reviews and updates security policies to protect both student data and administrative information across all MSDE systems