Purpose: |
|
This position is responsible for the Citywide information security program, including safeguarding the City’s information, data, and technology infrastructure; and for overseeing the information security governance committee. |
Duties, Functions and Responsibilities: |
|
Essential duties and functions, pursuant to the Americans with Disabilities Act, may include the following. Other related duties may be assigned.
- Monitors and protects the City’s information and data from current and emerging internal and external security threats.
- Designs, develops, implements, evaluates, refines, monitors, and reports on all security-related aspects of the City's information and data systems and architecture.
- Develops and implements response and strategic business continuity plans and related policies and procedures to ensure service is continuous when a change program is introduced, a security breach occurs, or in the event that the disaster recovery plan needs to be triggered.
- Audits and conducts a continuous assessment of current IT security practices and systems and identifies areas for improvement.
- Researches and evaluates Citywide data security solutions.
- Develops and presents budget recommendations, long- and short-term plans, and key performance indicators and targets.
- Directs security threat assessments, risk analyses, and system audits; and develops information and data security standards.
- Maintains relationships and establishes credibility with City administration and departmental management.
- Represents the City on information security strategy to internal and external organizations and maintains an information security governance committee.
- Oversees relevant and appropriate communications, awareness, and training programs.
- Champions and educates the organization about the latest security strategies and technologies.
|
Responsibilities - Supervisor and/or Leadership Exercised: |
|
Responsible for the full range of supervisory activities including selection, training, evaluation, counseling, and recommendation for dismissal.
|
Knowledge, Skills, and Abilities: |
|
Must possess required knowledge, skills, abilities, and experience and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.
- Knowledge of Local, State, and Federal laws and regulations relevant to information security, privacy, and computer crime.
- Knowledge of the principles and practices of public administration and management.
- Knowledge of the capabilities and limitations of computer systems and technology.
- Knowledge of operating systems, Internet technologies, databases, and security infrastructure.
- Knowledge of information security controls, procedures, and regulations.
- Knowledge of concepts and techniques for enterprise risk management, audits, and risk assessments.
- Knowledge of incident response program practices and procedures.
- Skill in quickly resolving advanced security issues in diverse and decentralized environments.
- Skill in foreseeing technology threats and keeping ahead of security needs.
- Ability to establish and maintain effective working relationships with City staff, executive management, peers, State and County officials, outside agencies and partners, vendors, community groups, general public, and media representatives.
- Ability to direct and organize program activities; to identify problems, evaluate alternatives, and implement effective solutions.
- Ability to develop and evaluate policies and procedures and to prepare reports.
- Ability to communicate effectively in writing, verbally, and in presentations;
- Ability to plan, assign, or supervise the work of others.
- Ability to manage and oversee the development, monitoring, and maintenance of information technology security processes and controls.
|
Minimum Qualifications: |
|
Graduation with a Bachelor’s degree from an accredited college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field, plus six (6) years of related experience, including two (2) years of experience which were in a supervisory capacity. |
Licenses and Certifications Required: |
|
- Maintain relevant security leadership certification (i.e., CISSP, CISM) or obtain within six (6) months of employment.
- Relevant security incident response/forensics certification (i.e., OSCP, GIAC, etc.).
|