TLN Worldwide Enterprises, Inc
Technical Specialist / Security Subject Matter Expert (SME) - State of New York
TLN Worldwide Enterprises, Inc, Hauppauge, New York, United States, 11788
The
Technical Specialist / Security Subject Matter Expert (SME)
will serve as the
lead cybersecurity authority
supporting Suffolk County’s Department of Information Technology (DoIT) Governance, Risk, and Compliance (GRC) initiatives.
This role is responsible for ensuring the County’s cybersecurity posture meets all applicable
federal, state, and local laws, regulations, and frameworks , with a focus on
NIST 800-series ,
CIS Controls , and
ISO 27001
standards.
The Security SME will work closely with DoIT leadership to assess risk, establish compliant security baselines, and guide the development and implementation of robust information security policies, standards, and processes.
Key Responsibilities
Serve as the County’s
cybersecurity governance and compliance lead , providing expert guidance on IT security frameworks, controls, and best practices.
Identify and interpret
cybersecurity laws, regulations, and standards
applicable to County operations (e.g., NYS ITS policies, CJIS, HIPAA, NIST).
Develop, update, and enforce
cybersecurity policies, standards, and procedures
based on the
NIST Cybersecurity Framework (CSF)
and related standards.
Define and oversee
risk-based compliance audits , risk tracking, and risk mitigation plans.
Establish processes for documenting and managing risk exceptions and remediation activities.
Conduct assessments and audits of the County’s IT systems, applications, and infrastructure to identify security gaps and recommend improvements.
Support
security awareness , training, and program development for staff and system owners.
Collaborate with other DoIT teams on
incident response planning ,
business continuity , and
disaster recovery initiatives .
Provide
technical security advisory
support for procurements, RFPs, and new system integrations.
Prepare detailed reports, executive summaries, and compliance documentation for County leadership and auditors.
Requirements
Bachelor’s Degree
in Computer Science, Information Security, or related field (Master’s preferred).
10+ years
of professional experience in IT security, including at least
5 years in GRC, policy development, and risk management
roles.
Deep understanding of
NIST 800-53, NIST CSF, ISO 27001, CIS Controls , and other relevant standards.
Demonstrated experience creating and implementing organizational cybersecurity frameworks and risk programs.
Proven ability to conduct audits, document risk findings, and support continuous compliance.
Strong understanding of
network, cloud, and endpoint security controls .
Excellent communication skills — able to explain technical concepts to executive stakeholders.
Preferred Certifications
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CISA (Certified Information Systems Auditor)
CRISC, CGRC, or CASP+
NIST Cybersecurity Framework Practitioner or similar
#J-18808-Ljbffr
Technical Specialist / Security Subject Matter Expert (SME)
will serve as the
lead cybersecurity authority
supporting Suffolk County’s Department of Information Technology (DoIT) Governance, Risk, and Compliance (GRC) initiatives.
This role is responsible for ensuring the County’s cybersecurity posture meets all applicable
federal, state, and local laws, regulations, and frameworks , with a focus on
NIST 800-series ,
CIS Controls , and
ISO 27001
standards.
The Security SME will work closely with DoIT leadership to assess risk, establish compliant security baselines, and guide the development and implementation of robust information security policies, standards, and processes.
Key Responsibilities
Serve as the County’s
cybersecurity governance and compliance lead , providing expert guidance on IT security frameworks, controls, and best practices.
Identify and interpret
cybersecurity laws, regulations, and standards
applicable to County operations (e.g., NYS ITS policies, CJIS, HIPAA, NIST).
Develop, update, and enforce
cybersecurity policies, standards, and procedures
based on the
NIST Cybersecurity Framework (CSF)
and related standards.
Define and oversee
risk-based compliance audits , risk tracking, and risk mitigation plans.
Establish processes for documenting and managing risk exceptions and remediation activities.
Conduct assessments and audits of the County’s IT systems, applications, and infrastructure to identify security gaps and recommend improvements.
Support
security awareness , training, and program development for staff and system owners.
Collaborate with other DoIT teams on
incident response planning ,
business continuity , and
disaster recovery initiatives .
Provide
technical security advisory
support for procurements, RFPs, and new system integrations.
Prepare detailed reports, executive summaries, and compliance documentation for County leadership and auditors.
Requirements
Bachelor’s Degree
in Computer Science, Information Security, or related field (Master’s preferred).
10+ years
of professional experience in IT security, including at least
5 years in GRC, policy development, and risk management
roles.
Deep understanding of
NIST 800-53, NIST CSF, ISO 27001, CIS Controls , and other relevant standards.
Demonstrated experience creating and implementing organizational cybersecurity frameworks and risk programs.
Proven ability to conduct audits, document risk findings, and support continuous compliance.
Strong understanding of
network, cloud, and endpoint security controls .
Excellent communication skills — able to explain technical concepts to executive stakeholders.
Preferred Certifications
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CISA (Certified Information Systems Auditor)
CRISC, CGRC, or CASP+
NIST Cybersecurity Framework Practitioner or similar
#J-18808-Ljbffr