Information Security Officer

The Panther Group is seeking a W2 Contract (long term with potential to go full time) Agency Information Security Officer with one of our partners, a state government OIT. This role is 100% remote. Pay Rate is $67 an hour. Does not permit Visas or sponsorship now or in the future. EST/CST preferred. Is not open to C2C. Must have 5+ years of leadership skills and some government experience is required.

Top 4 Skills Required and listed on resume:

• 5 to 7 years of experience in a leadership role, information security, relationship management, and cross-functional goal achievement
• Regulatory compliance & policy implementation
• Incident response & threat mitigation
• Experience with Federal, State, or Local Government

Required Skills:

• 5 to 7 years of experience in leadership role, information security, relationship management
• Regulatory compliance
• Policy implementation
• Incident response
• Threat mitigation

Preferred Skills

• Experience with consolidated data centers
• Experience with disaster recovery sites
• Experience with shared print facilities

What will you do?

As the Agency Information Security Officer, you will:

• Exercise independent judgment on critical security matters, including risk assessments, resource allocation, and policy implementation, ensuring the agency’s operations and inter-agency relationships are secure and compliant with state and federal regulations.
• Work closely with sections of the Information Security Office to implement and support the the state's Information Security Program Plan, fostering cross-functional collaboration to address emerging threats and vulnerabilities.
• Engage with stakeholders across agencies to integrate security strategies into business objectives, ensuring that security operations and initiatives directly support the agency’s missions, goals, and regulatory compliance needs.
• Serve as the primary point of contact for the escalation of cybersecurity issues, ensuring that concerns are promptly addressed and resolved in a timely, coordinated, and efficient manner to minimize risk and maintain business continuity.
• Advise on Security Policies & Standards – Develop, review, and enforce security policies, standards, and best practices to ensure agency compliance with state and federal regulations.
• Risk Assessment & Management – Conduct security risk assessments, analyze findings, and recommend remediation strategies to mitigate threats and vulnerabilities.
• Incident Management & Response – Assist with security incident investigations, coordinate response efforts, and provide guidance on incident containment, remediation, and reporting.
• Third-Party Risk Management – Evaluate vendor and third-party security controls to ensure compliance with state security requirements and industry standards.
• Audit & Compliance Support – Support internal and external security audits by providing necessary documentation and guidance to ensure adherence to regulatory requirements.
• Emerging Threat & Technology Assessment – Stay informed on evolving cybersecurity threats, technologies, and best practices, and provide recommendations for improving agency defenses.
• Business Continuity & Disaster Recovery – Collaborate with agencies to develop and test business continuity and disaster recovery plans to ensure resilience in the event of a security incident or disruption.

Minimum Qualifications:

• Self-motivated leader with 5 to 7 years of experience in a leadership role, information security, relationship management, and cross-functional goal achievement;
• Bachelor’s degree in information technology or related field. Four years of direct experience with information security consultancy may be used in lieu of a degree;
• Expertise working with Security and Privacy Controls for Information Systems and Organizations as established by the National Institute of Standards and Technology;
• Ability to pass required background checks; and
• While not mandatory, experience with support functions—such as consolidated data centers, shared print facilities, and disaster recovery sites—as they relate to the regulatory compliance requirements for federally protected data types is preferred.