Technical Specialist / Security Subject Matter Expert (SME) - State of New at TLN Worldwide Enterprises Inc

Town of Islip, New York, United States -

Full Time

Start Date

Immediate

Expiry Date

16 Feb, 26

Salary

0.0

Posted On

18 Nov, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cybersecurity, Governance, Risk Management, Compliance, NIST 800-53, NIST CSF, ISO 27001, CIS Controls, Policy Development, Auditing, Network Security, Cloud Security, Endpoint Security, Communication, Technical Advisory, Incident Response

Industry

Description

Description The Technical Specialist / Security Subject Matter Expert (SME) will serve as the lead cybersecurity authority supporting Suffolk County’s Department of Information Technology (DoIT) Governance, Risk, and Compliance (GRC) initiatives. This role is responsible for ensuring the County’s cybersecurity posture meets all applicable federal, state, and local laws, regulations, and frameworks, with a focus on NIST 800-series, CIS Controls, and ISO 27001 standards. The Security SME will work closely with DoIT leadership to assess risk, establish compliant security baselines, and guide the development and implementation of robust information security policies, standards, and processes. Key Responsibilities Serve as the County’s cybersecurity governance and compliance lead, providing expert guidance on IT security frameworks, controls, and best practices. Identify and interpret cybersecurity laws, regulations, and standards applicable to County operations (e.g., NYS ITS policies, CJIS, HIPAA, NIST). Develop, update, and enforce cybersecurity policies, standards, and procedures based on the NIST Cybersecurity Framework (CSF) and related standards. Define and oversee risk-based compliance audits, risk tracking, and risk mitigation plans. Establish processes for documenting and managing risk exceptions and remediation activities. Conduct assessments and audits of the County’s IT systems, applications, and infrastructure to identify security gaps and recommend improvements. Support security awareness, training, and program development for staff and system owners. Collaborate with other DoIT teams on incident response planning, business continuity, and disaster recovery initiatives. Provide technical security advisory support for procurements, RFPs, and new system integrations. Prepare detailed reports, executive summaries, and compliance documentation for County leadership and auditors. Requirements Bachelor’s Degree in Computer Science, Information Security, or related field (Master’s preferred). 10+ years of professional experience in IT security, including at least 5 years in GRC, policy development, and risk management roles. Deep understanding of NIST 800-53, NIST CSF, ISO 27001, CIS Controls, and other relevant standards. Demonstrated experience creating and implementing organizational cybersecurity frameworks and risk programs. Proven ability to conduct audits, document risk findings, and support continuous compliance. Strong understanding of network, cloud, and endpoint security controls. Excellent communication skills — able to explain technical concepts to executive stakeholders. Preferred Certifications CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CISA (Certified Information Systems Auditor) CRISC, CGRC, or CASP+ NIST Cybersecurity Framework Practitioner or similar

Responsibilities

The Technical Specialist / Security SME will lead cybersecurity initiatives for Suffolk County’s DoIT, ensuring compliance with relevant laws and frameworks. This role involves assessing risks, developing security policies, and conducting audits to enhance the County's cybersecurity posture.