Class specifications are intended to present a descriptive list of the range of duties performed by employees in the class. Specifications are not intended to reflect all duties performed within the job.
DEFINITION
Develop and implement organizational information security strategies and plans to prevent the unauthorized use, release, modification, loss or destruction of data and other information assets; assess the business impacts of various security approaches and develop and implement security plans balancing security needs with operational requirements; conduct risk assessments, evaluate security management options and develop and implement procedures and protocols to mitigate risk.
JOB CLASSIFICATION
Exempt, Safety Sensitive.
SUPERVISION RECEIVED AND EXERCISED
Receives direction from the Information Technology Director.
PRIMARY DUTIES--The following are examples of primary duties assigned to positions in this classification. Other related duties and responsibilities may be assigned.
1. Develop and implement an information security program aligned to organizational priorities; define and develop key performance indicators to determine effectiveness of information security programs.
2. Conduct risk assessments to identify vulnerabilities and evaluate the effectiveness of organizational security architecture through third-party advisories, architectural reviews, application testing, penetration testing, self-assessments, vulnerability scans, change management reviews and audits; track and report on security issues identified; develop solutions and mitigate risk.
3. Conduct audits and develop broad-scale testing and exercises to ensure implementation of business continuity plans in the event of emergencies.
4. Collaborate with management, staff, and others to identify, integrate and vet advanced protection methodologies to protect information data, systems, facilities, and strategic partners.
5. Monitor and enforce all information security programs, policies and procedures; develop and implement appropriate security incident response and notification procedures; lead investigations of security compromises with management, outside auditors, consultants, and appropriate law enforcement.
6. Assist in managing implementation of business process changes, management of information assets, information technology changes, and other issues involved in avoiding or minimizing potential risks to organizational assets; provide informal leadership to drive and influence product development across engineering, design, integration, and distribution.
7. Perform other duties of a similar nature or level.
QUALIFICATIONS
Knowledge of:
Common information security management frameworks.
Principles, practices, methods, tools, and techniques of information technology security.
Network architectures and theory and principles of network design and integration, including topologies and protocols.
Operating system architecture, characteristics, commands, and components.
Principles, practices and methods of systems/networks and database administration and maintenance.
Business relationship management and internal consulting concepts and practices.
Principles, practices, methods, and techniques applicable to long-range and strategic information technology security planning.
City ordinances, codes, procedures, and practices regarding areas of assigned information security responsibility.
Principles, practices, methods and techniques of business continuity planning and continuity management.
Ability to:
Develop conceptual frameworks and apply approaches and technology to the development, management and administration of information security systems and protocols.
Perform business analysis and risk exposure/threat assessments.
Serve as an effective facilitator and consensus builder with multiple stakeholders of diverse views and needs.
Evaluate and develop complex strategies and approaches.
Perform project management responsibilities, including developing logical and efficient project plans, establishing priorities, monitoring, and managing task completion, anticipating, and avoiding problems.
Understand, interpret, explain, and apply City, state, and federal policy, law, and regulation applicable to area of responsibility.
Communicate clearly, logically, persuasively and concisely, both orally and in writing.
Prepare comprehensive correspondence, reports, studies, and other written materials appropriate to both technical and non-technical audiences.
Maintain confidentiality.
Establish and maintain effective working relationships with all those encountered in the course of work.
Speak, read, comprehend, and write the English language fluently.
Experience and Training Guidelines
Minimum Requirements:
Experience:
Five (5) years of progressively responsible experience in information technologies security.
Training:
Bachelor’s degree from an accredited college or university with major course work in information technology, computer science, or a related field.
Other combinations of experience and education that meet the minimum requirements may be substituted.
License or Certificate
Possession of, or ability to obtain a Certified Information Systems Security Professional (CISSP) or equivalent within 1 year of hire.
Possession of, or ability to obtain, a valid Colorado driver’s license.
WORKING CONDITIONS
Environmental Conditions:
The job is performed in the following working environment:
Office environment; exposure to computer screens.
Physical Conditions:
The job is characterized by:
Sedentary Work: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
The following physical activities are very or extremely important in accomplishing the job's purpose and are performed daily:
While performing the duties of this job, the employee is regularly required to sit, stand, walk, talk, hear, see and demonstrate manual dexterity. The employee is occasionally required to kneel, stoop, and perform light lifting.