Team Flagstaff is seeking a highly qualified IT security professional who can lead the security program. This individual will have a great deal of flexibility and autonomy in developing security policies and best practices for the City of Flagstaff. They will have budgetary responsibility over the program. This position reports directly to the IT Director. This individual must be able to work with various departments throughout the City. This person must maintain the highest level of professionalism whether directing staff on security concerns, training users on new security policies or making presentations to City Management and City Council on risks to the City. Most importantly, this individual will need to be a team player and continue our culture of having fun while supporting the City's goals.
Actively supports and upholds the City's stated mission and values. Under direct supervision of the IT Director and with special assignments under Water Services, this position is responsible for maintaining the security of City technology infrastructure and information. This position acts as the primary information security officer in relation to information technology infrastructure and in accordance with applicable laws such as, but not limited to, HIPAA, CJIS, PCI, and others. This position is also charged with organizational compliance of information security best practices.
- Supervisory: This job has lead worker responsibilities (coordinates and monitors the work of others) but does not supervise. Lead work responsibilities include any IT related project that has potential security risks within the IT Section, Water Services Division, or other areas impacted by potential risk of an IT security breach.
- Budgetary: This job has full responsibility at the Program level for preparing, implementing, and managing the security budget.
- Strategic Planning: This job has full responsibility for strategic planning at the Program level (develops, implements, interprets, and manages long and short-term goals).
- Policies/Procedures: This job has full responsibility for policies and procedures at the Program level (develops, implements, and interprets).
- Compliance: This job has full responsibility at the Program level (follows, assists in ensuring compliance with, and may enforce) Federal, State, and Local laws, rules, and regulations as well as City policies and procedures.
- Council Communications: This job has full responsibility for Council communication at the Program level (makes recommendations and presentations, writes staff summaries, ensures performance measures are met, and balances needs with Council's adopted priorities and direction).
- Reporting: This job has full responsibility for reporting to Federal/State/local agencies at the Program level (ensures reporting requirements are met, trains others on reporting requirements and methods, and addresses discrepancies in reporting).
EXAMPLES OF THE WORK PERFORMED (ILLUSTRATIVE ONLY)
- Provides excellent customer service to both internal and external customers.
- Creates information security strategies, both short-term and long-range, in support of the City of Flagstaff's goals.
- Recommends and implements security tools, appliances and services.
- Conducts internal security audits, testing, and acts as primary point of contact for external auditors, contractors, or systems integrators for security-related items.
- Develops, conducts, and maintains an employee security training program for all new and existing employees.
- Communicates risks and recommendations to mitigate risks to various City Divisions, Sections, or Programs (such as Water Services, Police, Traffic, etc.), the City's IT Steering Committee, City Management, and City Council in non-technical and cost/benefit terms to assist City Leadership in making decisions to ensure the security of City systems and information.
- Evaluates security incidents and determines what response, if any, is needed; coordinates city response, including technical response and providing information to City Management and City Council.
- Assists City personnel in complying with security and privacy laws, such as HIPAA, PCI, and CJIS, and security best practices such as the American Water Works Association best practices.
- Develops, oversees, and maintains all information security related City policies such as Disaster Recovery, Remote Access, and Acceptable Use.
- Serves as the primary technical expert and owner of the following technologies:
- Disaster Recovery and Business Continuity
- Anti-virus/anti-malware software
- All security appliances, tools and services
- Remote Access (VPN, Remote Desktop and related remote technologies)
- Assists other City IT and technical staff to secure other technologies such as but not limited to:
- Miscellaneous network equipment (switches, routers, SCADA, traffic signals, etc.)
- PC Hardening
- Server security (Physical and Virtual)
- Email security
- Cloud services or applications
- Or any other service or technology being implemented at the City
- Other duties as assigned.
- Bachelor's Degree in Computer Technology or related field.
- Six years of experience in an IT related field.
- Two years of IT security experience.
- One or more security certifications, such as CEH, CISM, CISSP.
- Or any combination of education, experience, and training equivalent to the above Minimum Requirements.
DESIRED EXPERIENCE AND TRAINING
- Master's Degree in Computer Technology with an emphasis in IT Security
- Four years of IT security experience.
- Must possess, or obtain upon employment, a valid Arizona driver's license.
- Regular attendance is an essential function of this job to ensure continuity.
REQUIRED KNOWLEDGE, SKILLS AND ABILITIES (ILLUSTRATIVE ONLY)
- Working knowledge of Security best practices and standards such as HIPAA, CJIS, PCI and others.
- Working knowledge of PC hardware, software and peripherals.
- Experience working in a Microsoft Windows and Office environment.
- Strong troubleshooting skills.
- Excellent communication and interpersonal skills.
- Ability to be a productive and effective team player.
- Ability to work under pressure and successfully complete time-sensitive tasks.
- Strong organizational skills, self-motivated and able to prioritize tasks.
- Strong aptitude for attention to detail and accuracy.
- Working knowledge of project management and project management methodology.
PHYSICAL REQUIREMENTS AND WORKING CONDITIONS
- While performing the duties of this job, the employee is frequently required to talk or hear; regularly required to stand, walk, sit, use hands to finger/handle/feel, reach with hands and arms; and is occasionally required to climb or balance, stoop/kneel/crouch/crawl.
- The employee must occasionally/regularly/frequently lift and/or move up to 100 pounds.
- Vision requirements for this position include close vision, color vision, and peripheral vision.
- Working conditions include regular exposure to risk of electrical shock, and occasional exposure to wet or humid conditions (non-weather), work near moving mechanical parts, work in high precarious places, outdoor weather conditions, extreme cold (non-weather), extreme heat (non-weather), and vibration.
- The noise level in the work environment is usually moderate.
- There are no pre-employment physical requirements for this position.
- There are no pre-employment testing requirements for this position.
- There are no pre-employment vaccination requirements for this position.
Range 115 Range 15, C-5-1, FLSA exempt
Attention To Detail
Certified Ethical Hacker