SALARY: $123,516 Yearly USD

SUMMARY:

Responsible for managing the City’s security, privacy, and business continuity functions. Develops directives and procedures for the organization based on current trends and best practices in the industry. Monitors and tests the enterprise for vulnerabilities and creates plans for enhancement. Determines responses to attacks or security breaches and manages related incidents. Creates and manages educational resources and opportunities for City staff regarding information security, including investigation and recovery. Partners with IS operations staff, City staff, vendors, and contractors to maintain a secure environment. Work requires limited supervision and the use of independent judgment and discretion.

ESSENTIAL JOB FUNCTIONS:
• Develops security and privacy related administrative directives, general orders, and standard operating procedures for the enterprise. Monitors industry standards and best practices for regular enhancement of processes and procedures.
• Manages the development of disaster and business recovery protocols to ensure appropriate and timely recovery to security breaches, malicious activity, disasters, or other incidents. Tests and practices these protocols on a regular basis to ensure business familiarity and reliability of each protocol.
• Manage security framework of the enterprise, including security related applications, appliances, or administrative controls. Installs and manages security products in the City’s environment with support of IS Operations staff.
• Conducts regular testing for compliance and vulnerability of the City’s networks, including penetration testing and PCI compliance testing, among others.

• Manages and responds to security related incidents. Able to respond to such incidents outside of normal business hours in an emergency fashion.
• Responsible for assisting in the training of City staff and contract staff security protocols, risks, and proper habits, including; online learning management, in persons training events, reviewing work accuracy, providing feedback, identifying skill gaps and implementing any necessary skill development or corrective action plans to mitigate gaps.
• Participates in a variety of special projects in support of departmental operations, which may include: analyzing vendor contracts; performing special studies; participating in committees; providing guidance and recommendations to departments to ensure organizational sustainability and maximize organizational efficiency, effectiveness, and performance; recommending cost- conscious decisions and actions; and/or, performing other related activities.
• Performs other duties as assigned, which may involve irregular work hours, including evenings and weekends.

KNOWLEDGE, SKILLS, AND ABILITIES:

• Knowledge of CJIS, NIST, and/or Texas CyberSecurity Framework standards
• Knowledge of limited or zero-trust environments
• Knowledge of disaster and business recovery practices
• Knowledge of intrusion detection and intrusion prevention applications
• Knowledge of firewall appliances
• Knowledge of endpoint security controls
• Knowledge of government operations and processes
• Knowledge of process improvement principles and practices
• Knowledge of privacy principles, including HIPAA standards
• Knowledge of data loss prevention techniques
• Knowledge of risk assessment tools, technologies, and methods
• Skilled in designing secure networks, systems, applications architecture, and accompanying documentation
• Skilled in risk assessment and response modeling
• Skilled in incident response and management
• Skilled in endpoint security solutions
• Skilled in the use of Microsoft Office365 Security & Compliance Suite Skilled in developing performance metrics and periodic reports
• Skilled in evaluating quality and reviewing final work products
• Skilled in conducting investigations and forensic tools
• Skilled in analyzing, interpreting, and documenting vendor contracts
• Skilled in analyzing security processes
• Skilled in reading and interpreting technical documents
• Skilled in assessing cost efficiency and effectiveness of municipal operations
• Skilled in conducting best practice research
• Skilled in applying independent judgment, personal discretion, and resourcefulness in interpreting and applying guidelines
• Skilled in reading, interpreting, applying, authoring and explaining rules, regulations, policies, and procedures
• Skilled in preparing clear and concise reports and executive presentations
• Skilled in providing customer service
• Skilled in gathering and analyzing information and making recommendations based on findings and in support of organizational goals
• Skilled in communicating effectively with a variety of individuals
• Skilled in security and/or risk management for an on-premise network

MINIMUM QUALIFICATIONS:
• Bachelor’s Degree in Information Systems or a related area of study
• Bachelor’s Degree in Information Systems or a related area of study
• 7 years’ of progressively responsible experience in information technology experience
• 3 years’ of progressively responsible experience in information security
• Must hold, at least one of the following certifications (or substantially similar);
• Certified Information Systems Security Professional (CISSP)
• GIAC Security Essentials (GSEC)
• Certified Ethical Hacker (CEH)
• Certified Information Security Manager (CISM)
• Certified Protection Professional (CPP)
• Must qualify for and maintain compliance with Criminal Justice Information Systems access requirements (CJIS)

WORKING CONDITIONS:
• Frequent reaching, sitting, talking, seeing, hearing, and manual dexterity
• Occasional climbing, balancing, stooping, kneeling, and crouching
• Occasional lifting and carrying up to 50 pounds
• Work is typically performed in a standard office environment
• Work may be performed in a data-center environment, involving loud noise and temperature irregularity
• Work is occasionally performed in an outdoor environment, with potential exposure to adverse weather conditions

CONDITIONS OF EMPLOYMENT:
• Must pass pre-employment drug test.
• Must pass an extensive criminal history check.
• Must pass motor vehicle records check.