Click here to apply
Under direction of the Chief Information and Innovation Officer, the Information Technology Security Officer is responsible for ensuring the security and safety of all users, both students and staff, hardware, applications belonging to or used by the Washoe County School District, as well as all data belonging to the district or shared with outside parties, and the transit and storage of that data.
This position requires the IT Security Officer to plan, develop, and manage data, systems, network and endpoint security standards, policies, procedures, regulations, and guidelines throughout the District. Needs to be an experienced leader who has extensive familiarity with developing and implementing security policies and governance procedures, and in some cases, creating a system where one doesn't currently exist.
The IT Security Officer is responsible for the availability of WCSD data, systems, and applications and maintaining business continuity to support the District's mission.
The IT Security Officer is responsible for the oversight of information security practices within the Information Technology Department and across the District. The IT Security Officer has overall responsibility and accountability for:
Creating security initiatives that continuously improve system security to include business impact analyses, risk assessments, system security plans, Backup/DR (disaster recovery) plans, and staff awareness and training campaigns.
Prepare and present regular status and progress reports of the security of the District's information systems to IT staff, Executive Leadership, and the Board of Trustees.
Ensure compliance with all regulatory and legal requirements relating to data security, data privacy, and data processing. This includes, but is not limited to; CIPA, FERPA, HIPAA, COPPA, NRS, BOT/District policies and any other requirements that are, or may become applicable.
Create, edit, and update security policies, procedures, regulations, and documentation for compliance with federal, state, and local laws, as well as District/Board policy. The IT Security Officer is responsible for creating and reviewing security documentation to ensure compliance and to further enhance security across the District.
The IT Security Officer will work with Human Resources, Legal Department, School Police, and/or outside law enforcement agencies to complete investigations involving technology whether the issue is administrative or criminal.
Develop security training for the IT Department.
Utilize the IT Department security staff to monitor and audit ongoing operations to detect, analyze, and remediate security incidents/violations.
Develop security standards and baselines to define required security controls and settings on all firewalls, servers, commercial applications, endpoints, networks, databases, and network access. This includes Active Directory and GPO audits as well as Cisco configurations for all existing equipment.
Interacting with district stakeholders to ensure that decisions related to system security throughout the District maintain and enhance the District's overall security posture. A high priority will be placed on the requirement to incorporate sound security features and practices into any new systems or applications deployed within the District.
Utilize the IT Department security staff to conduct vulnerability assessments of all District information systems and recommend remediation and mitigation strategies as appropriate.
Conduct ongoing research of "best practices," new hardware and software products, and emerging technologies that would be of benefit to the District.
Work with the Chief Information Officer and IT staff to recommend the acquisition, implementation, and administration of information system security hardware and software on the District's wide area networks, local area networks, cloud platforms, and endpoints
Other responsibilities include:
Assume full responsibility for directing, managing, planning, and administering the operational and administrative activities associated with District IT security program.
Develop and implement security standards, procedures, and guidelines for multiple local, web, and cloud based platforms.
Directs IT security staff to develop, test, and implement security plans, products, and control techniques.
Analyze security incidents and recommends appropriate escalation of security events to either internal resources and possibly external law enforcement agencies depending on the situation.
Investigates the misuse or inappropriate use of District systems.
Directs IT security staff to perform penetration tests, phishing tests, and vulnerability scans to identify and resolve vulnerabilities within the District.
Review District contracts for new and/or existing software and equipment to ensure the product complies with current security standards.
Any education and experience that would provide the required knowledge and skills is qualifying. A typical way to obtain the knowledge and skills would be:
1. Bachelor of Science Degree in Computer Science or in a directly related field of study,
2. Five (5) years of direct experience in information systems and system security in a large enterprise environment, including two years' experience in IT security management in a large enterprise environment.
3. A total of five (5) years' experience in the above areas, including two years' experience in IT security management in a large enterprise environment.
4. At least one of the following certifications:
Certified Information Systems Security Professional (CISSP)
GIAC Certified Information Security Officer (GISO)
GIAC Security Leadership Certification (GSLC)
GIAC Certified Firewall Analyst (GCFW)
GIAC Systems and Network Auditor (GSNA)
ITIL and IT Governance
Knowledge of, and the ability to ensure compliance with; CIPA, FERPA, HIPAA, COPPA, NRS, BOT/District policies and any other requirements that are, or may become applicable.
Networking, application systems, Internet, Intranet, and client server operation.
IT security principles, access controls, and confidential information protection principles.
Firewall technology, remote access security, voice, data, and advanced local-area and wide-area networking technologies.
Encryption technologies, software, and applications.
Security management practices, and security architecture and models.
Legal requirements, investigation methods, and ethics surrounding IT security.
Methods of project and process control, budgeting, and cost analysis and prediction. The ability to identify risks, assign priorities, and develop long range budgets for remediation.
Access control systems and methodology.
Creating and establishing a system security program in an organization that does not currently have a formal program in place.
Working in a large enterprise environment where security programs must be successfully implemented without negatively affecting the organization's workflows.
Communicating and working with a broad range of audiences to include educators, administrators, C level staff, IT staff, support services staff, and the community. Highly developed verbal, written, presentation, and interpersonal skills are critical.
Supervising individuals and/or teams in a positive, constructive manner.
Evaluating staff performance and conducting progressive discipline procedures if necessary.
Licenses/Certificates: Possession of, or ability to obtain, a valid State of Nevada driver license with a driving record acceptable to the District.