Job Type :
Reference Code :
Required Years of Experience :
Required Education :
Job Description :
Responsible for the governance, operations and maintenance of the County's enterprise information security controls. Monitors security tools, logs and other resources to ensure that security controls comply with the County's security policies. Performs analysis of threats and vulnerabilities. Raises awareness of risk through countywide education programs and works with responsible parties regarding remediation. Develops and implements practical and achievable policies and procedures for securing and protecting the enterprise.
- Configuration and monitoring of network security tools.
- Notification, follow-up, and documentation in response to recognized security events.
- Identify, track, and remediate identified vulnerabilities.
- Execute and manage periodic account, device, and vulnerability scanning and reviews to ensure settings meet policy requirements.
- Installs, configures, manages, and maintains enterprise security infrastructures such as firewalls, VPNs, and other security systems.
- Researches, develops/recommends solutions to address gaps in internal security framework.
- Defines the overall information security strategy.
- Conducts research on enterprise security products, services, and standards. Provides accurate and unbiased feedback to senior management through effective written and oral communications.
- Determines budgetary requirements and provides long-range planning related to enterprise security products and services.
- Establishes security audit procedures.
- Conducts regular security audits to ensure information security policies and procedures are implemented as designed.
- Assists the Network Operations Section in developing and maintaining disaster recovery processes.
- Assists County departments in developing, documenting and maintaining information security policies, standards, and procedures.
- Promotes, develops, and facilitates activities to increase information security awareness through regular and ongoing education campaigns.
- Establishes and maintains strategic relationships with technology providers.
- Monitors changes in local, state, and federal regulations affecting information security and works with management on the need to adopt policy changes.
- Retains relevant job knowledge and expertise by participating in educational opportunities, reading professional publications, maintains personal professional networks, and participates in professional organizations.
- Leads and/or attends staff conferences, professional meetings, workshops and other events.
- Performs other related work as required.
Required Qualifications :
Education, Training, and Experience
- Bachelor's Degree in Computer science or in a related field from an accredited college or university.
- Four (4) years or more IT experience in a diverse enterprise environment.
- Training and experience may be substituted for the minimum requirements.
Certificates, Licenses, Registration, Skills
- CompTIA Security+ or better.
- Must obtain CISSP within two years of employment if applicant does not have the CISSP certification at time of hire.
- Requires performing skilled work involving rules/systems with almost constant problem solving.
- Requires performing specialized technical work requiring general understanding of operating policies and procedures and their application to problems not previously encountered.
- Requires normal attention with short periods of concentration for accurate results or occasional exposure to unusual pressure.
- Requires reading journals, manuals, and professional publications
- Ability and experience speaking formally and informally to management, groups of co-workers, staff in other organizational agencies, the public, and people in other organizations
- Ability and experience presenting training; composing original reports, training and other written materials, using proper language, punctuation, grammar, and style.
- Requires ability to maintain courteous and effective relations with County staff and the public.
- Must have strong working knowledge of computers and be proficient in the use of Microsoft Office Suite of Products (i.e., Outlook, Word, Excel, etc.).
- Must have or be able to obtain within 90 days certification in FEMA National Incident Management System (NIMS) courses:
- IS-100.c: Introduction to the Incident Command System (ICS); and
- IS-700.b: An Introduction to the National Incident Management System
- Cisco Certified Network Administrator (CCNA) or equivalent.
- Microsoft Certified Solutions Associate (MCSA) or better
- Certified Information Systems Security Professional (CISSP)
- Experience in scripting and programming
- Experience with VMware and managed network switches
Basis of Rating: No written test is required. Applications will be carefully reviewed to assess each individual's qualifications. The kind and length of related work experience, training and education shown on the application will be an important consideration in the screening process. Must successfully pass an employment reference check, criminal background check and physical examination.
Equal opportunity employer, does not discriminate on the basis of race, color, national origin, sex, religion, age or disability in employment or the provisions of services.
Work Schedule: Full -Time, Hours not specified
Annual Salary: $49,671.44 - $71,904.82, DOE