Information Technology Security Officer
Job Summary: The Information Technology Security Officer performs highly advanced information security managerial work providing direction and guidance in strategic operations and planning. Develops security and business continuance standards and action plans; develops security architecture and policies based on business needs, risk assessments, and regulatory requirements; and conducting information security risk analysis and system audits. Supervises assigned staff.
The intent of this position description is to provide a representative summary of the major duties and responsibilities performed by incumbent(s) in this position. Incumbent(s) may not be required to perform all duties in this description and incumbent(s) may be required to perform position-related tasks other than those specifically listed in this description.
- Essential Job Functions & Other Important Duties
Essential Job Functions:
- Oversees the deployment and maintenance of the City information technology security infrastructure.
- Manages the City technology risk management program which includes providing security requirements into the disaster recovery and business continuity planning.
- Oversees the implementation of computer system security plans with City personnel and outside vendors.
- Develops, recommends and oversees implementation of City policies for encryption of data transmissions.
- Develops and manages information security and risk management awareness and training programs.
- Reviews technical risk assessments and reviews new and existing applications and systems, including data center physical security and environment.
- Reviews results of special IT investigations, internal audits, research studies, forecasts, and modeling exercises to provide recommendations and guidance.
- Reviews security guidelines, procedures, rules, and regulations; and monitors compliance.
- Reviews IT security budgets and provides priorities and recommendations.
- Represents the City at required IT Security meetings, hearings, etc.
- Works with other City departments for IT Security awareness and initiatives.
- Analyzes and recommends necessary action for all Federal Security Cyber threats from Homeland Security.
- Researches relevant security trends and technology.
- Provides required IT Security input for new and upgrade technology projects.
- Travels to assigned meetings, presentations, conferences and training.
- May be required to work irregular hours, including evenings and weekends.
- Researches current industry trends, new technologies, innovations and related legislation.
- Performs other related duties as assigned.
- Regular and consistent attendance for the assigned work hours is essential.
- Job Requirements
- Knowledge of departmental and city rules, regulations and procedures relevant to information systems and service.
- Knowledge of local, state, and federal laws and regulations relevant to information security, privacy, and computer crime; of the principles and practices of public administration and management; of the limitations and capabilities of computer systems; of technology across all network layers and computer platforms; and of operational support of networks, operating systems, Internet technologies, databases, and security applications.
- Knowledge of current and future technologies and processes used to establish and maintain the IT security posture with respect to systems, infrastructure and data.
- Skill in executive presentation and communication skills.
- Skill in Influencing and problem resolution.
- Skill in principles of computer technology, systems analysis and design.
- Ability to display strong subject matter expertise in firewalls, intrusion prevention systems, application security and vulnerability testing tools.
- Ability to communicate effectively to senior, managerial and technical levels and clearly present technical approaches related to resolving business issues with technology.
- Ability to apply risk principles to challenging business situations.
- Ability to evaluate and implement cyber security controls and provide guidance for on premise or distributed computing platforms.
- Bachelor's degree in a related field from an accredited university
- 7 years of progressively responsible IT experience, with at least 3 years' experience in information security analysis/management to include:
- Proven track record in risk management principles in challenging business situations. 'Experience implementing cyber security controls for on premise and or distributed computing platforms.
- Must have one of the following certifications OR earn within 1 year of employment.
- Certified Information Systems Security Professional (CISSP)
- GIAC Security Essentials (GSEC)
- CompTIA Security+
- Certified Ethical Hacker (CEH)
- Certified Information Security Manager (CISM)
- Environmental Factors & Conditions/Physical Requirements
Environmental Factors and Conditions/Physical Requirements:
Work is performed in an office environment.
This work typically requires the following physical activities to be performed. A complete description of the activities below is available upon request from Human Resources.
Fingering - picking, pinching, typing, working with fingers rather than hand.
Hearing 1 - perceiving sounds at normal speaking levels, receive informationMental Acuity - ability to make rational decisions through sound logic, deductive reasoning.
Speaking - expressing ideas with spoken word, convey detailed, important instructions accurately, concisely.
Talking 1- expressing ideas by spoken wordVisual Acuity 1 - prepare, analyze data, transcribing, computer terminal, extensive reading.
Visual Acuity 2 - color, depth perception, field of vision.
Visual Acuity 3 - determine accuracy, neatness, observe facilities/structures.Sedentary work: Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body.