IT Cyber Security Administrator
Company: Marion County
Location: Monmouth
Posted on: October 29, 2024
|
|
Job Description:
This recruitment has been reopened for additional applicants. If
you have already applied for recruitment #560-2024-2, you do not
need to reapply. Information Technology (IT) provides technical
services, manages the county's technical resources, and provides
consulting services for technology improvements through three
programs: Administration, Operations, and Technology Solutions.
These programs provide a complete range of technology services,
which include strategic planning, new service design, business
analysis, project management, security risk management, data
security, applications delivery and support networks, servers and
storage, desktop and mobile management, database administration,
and end-user support through the service desk. GENERAL STATEMENT OF
DUTIES Plan, organize, manage, and administer information security,
operations, and functions; develop and implement program and
strategic planning; implement and assist in the development of
information security program policies, procedures, and business
practices; evaluate goals, objectives, priorities, and activities
to improve performance and outcomes; recommend and establish
administrative controls and improvements; develop procedures to
implement new and changing regulatory requirements; serve as an
advisor to the management team. SUPERVISION RECEIVED Under general
supervision of the IT Director, who assigns work, establishes
goals, and reviews the results obtained for overall effectiveness
through analyzing work products, observations, and meetings.
SUPERVISION EXERCISED Full supervision, including employee
selection and training, performance evaluation, complaint response,
and personnel recommendations. DISTINGUISHING CHARACTERISTICS
Develop and maintain the framework for the organization's IT
information security. Evaluate and recommend new information
security technologies and countermeasures against threats to
information or privacy. Identify information technology security
initiatives and standards for the enterprise. Manage the
development, implementation, and maintenance of information
security policy, standards, guidelines, and procedures. Set the
access and authorization controls for everyday operations and
emergency procedures for data. Set the standards for access
controls, audit trails, event reporting, encryption, and integrity
controls. Keep abreast of the latest security and legislation,
regulations, advisories, alerts, and vulnerabilities about IT
assets. Typical Duties - Duties include, but are not limited to the
following Monitor and maintain security tools/systems (not limited
to) Endpoint Threat Protection Monitoring (Devices with
Antivirus)Cloud Security Monitoring, alerts & reportsAdvanced
Threat Protection (ATP)SIEM or other logging and correlation
technologiesVulnerability Scans for security and compliance
Vulnerability remediation assessment and planning Implement new
security configurationsResearch security configuration enhancements
and make recommendations to managementSecurity Risk and Prevention:
Monitor data access: ensure the internal control systems are
monitored and that appropriate access levels are maintained
following the principle of least privilege.Conduct security
assessments through vulnerability testing and risk analysis using
available vulnerability scanning tools.Assist with internal and
external security audits.Ensure adopted security policies,
procedures, and best practices are followed.Contribute to weekly
security status reports to IT leadership Security Incident and
Authoritative Contact: Analyze security breaches to identify the
root cause.Respond to potential security policy violations or
complaints from external parties. Assist in oversight and
activities for intrusion detection and response. Investigate
security incidents and develop after-action reports. Serve as a
point of contact for external security auditors, survey requests,
and for department security/privacy matters. Assists in
facilitating and promoting activities to create information
security awareness and training.Other duties as assigned.
Requirements for the Position EXPERIENCE AND TRAININGBachelor's
degree in computer science, information technology, or related
field; ANDFive years of progressive experience in computing,
information security, and internet technology, including two years
of supervisory experience; ORAny satisfactory combination of work,
education, training, or experience relevant to the position, as
determined by Marion County. SPECIAL REQUIREMENTS The finalist for
this position will be required to pass a criminal history
background check, including finger printing; however, conviction of
a crime may not necessarily disqualify an individual for this
position.Must possess a current driver's license in the applicant's
state of residence and an acceptable driving history. Marion County
will obtain a copy of the driving record for all qualified
applicants from Driver and Motor Vehicle Services and review the
driving record according to the Marion County policy and procedure
for Driving on County Business. The policy can be found at:
assignment is represented by a union.This is a full-time position,
which is eligible for overtime.Typical Work Schedule: Monday
through Friday, 8:00 A.M. - 5:00 P.M., with flexibility depending
upon the needs of the department and program.Must be available to
perform assigned rotating after-hour duties. PREFERENCESCertified
Information Systems Security Professional (CISSP), or formal
security certifications from International Information System
Security Certification Consortium (ISC)--, Global Information
Assurance Certification (GIAC), Computing Technology Industry
Association (CompTIA), Information Systems Audit and Control
Association (ISACA).Information security principles and practices,
including any of the following: security risk assessment standards,
risk assessment methodologies, and vulnerability assessments.Senior
level knowledge of mainstream operating systems and a wide range of
security technologies, such as network security appliances,
identity and access management (IAM) systems, anti-malware
solutions, automated policy compliance tools, and desktop security
software.KNOWLEDGE, SKILLS, AND ABILITIES Knowledge of technology
hardware and software which includes, but is not limited to
systems, application languages, server based systems, cloud
computing, personal computers, local and wide area network
configurations and management, information and data management
software and state-of-the-art system development and maintenance
technologies; local, state, and federal laws, rules, policies, and
regulations affecting information security and related technology
and systems; strategic planning, preparation, and projection; and
effective leadership and organizational communication principles
and practices. Working knowledge of prevailing industry security
standards and common body of knowledge gained by way of CISSP,
SANS, or CISA Certifications. Skills and abilities to manage and
oversee comprehensive information security; lead diverse
technologies, employees, and customer groups; communicate
effectively in writing and orally, including the ability to make
public or staff presentations; establish and maintain effective
working relationships with a variety of individuals and groups,
including customers in high-stress situations; and assist in
confidential investigations. Skill in identifying information
security problem areas, formulating diagnoses, and proposing
practical solutions. Deep understanding of network infrastructure,
including routers, switches, firewalls, and the associated network
protocols and concepts. Ability to establish and maintain effective
working relationships with employees, systems users, outside
consultants, and vendors. PHYSICAL REQUIREMENTS Sees using depth
perception; stands; sits; moves about the work area; bends forward;
stoops; climbs 1 floor of stairs; crawls; reaches overhead; lifts
up to 40 lbs.; pushes, pulls, and carries up to 25 lbs.; moves
carts weighing up to 100 lbs.; operates a keyboard; speaks clearly
and audibly; reads a 12 pt. font; distinguishes colors and shades;
hears a normal level of speech; and works in areas that may be
exposed to dust. Marion County offers a generous benefits package
to regular employees working 50% or more of the regularly scheduled
work week and their eligible dependents. Temporary employees and
part-time regular employees working less than 50% of the regularly
scheduled work week are not eligible for benefits. For a summary of
benefits, click here. For a complete and detailed overview of the
benefits package for management and supervisory employees, click
here, and select Management Benefits from the left menu or
Management Employees from the page links. Benefits are defined
based on position and are approved by the Marion County Board of
Commissioners.PandoLogic. Category: Technology, Keywords: Security
Administrator
Keywords: Marion County, Corvallis , IT Cyber Security Administrator, Other , Monmouth, Oregon
Click
here to apply!
|