Information Technology Security Manager

Information Technology
Exempt, Pay Grade 20

The Information Technology Security Manager is responsible for the organization’s enterprise wide data and information security strategy, governance, control, policy development, and effective protection of County data.  The Information Technology Security Manager’s role will combine accountability and responsibility for information security, data security and network monitoring and protection against cyber criminals.  Essential functions include, and are not limited to the following:

The Information Technology Security Manager will be responsible for data and network security for the County.

• Functions include:
  Provides cybersecurity guidance and oversight across all County departments and organizations that can impact the County's information security position;
• Serves as the primary point of contact for the County to receive and communicate cybersecurity alerts;
• Serves as the co-owner of the County Cyber Incident Response Plan with the County Risk Manager;
• Manages all technical tasks related to detection, assessment, reporting, and recovery from a County Cyber Incident
• Evaluates security related functions and implements strategies for existing and planned system and network software;
• Coordinates County IT response to cybersecurity alerts and incidents;
• Provides leadership to establish and maintain County-wide information security policies and strategies to minimize risks;
• Prepares and maintains technical documentation of the system software security functions and implementation;
• Ensures cybersecurity best practices are established and followed in all County departments;
• Oversees activities to assess the County's cybersecurity exposure, including security audits, risk assessments, and other activities to continuously identify areas for improvement;
• Conducts or manages employee security awareness training and programs;
• Must stay current with the threat landscape and technologies used to defend assets.
• Performs all tasks of a Senior Systems Analyst but at a high level of efficiency and on more complex assignments, often coordinating with State, University, and Federal Cybersecurity groups;
• Provides cybersecurity assistance to other staff as needed.
• Acts as liaison between cybersecurity vendors, user departments, boards, contractors, and outside agencies;
• Works with Information Technology and users to develop data security specifications for new applications, as well as changes to existing applications;
• Provides status reports to supervisor and management;
• Participates in department's teamwork concept;
• Meets departmental and organizational deadlines;
• Performs various other activities as required.

QUALIFICATIONS: Bachelor's Degree in Computer Science, Information Technology, or related field; AND five (5) years of progressively responsible professional experience providing data and network security,  cybersecurity program management and data and network protection infrastructure planning and operations.   

PREFERRED CERTIFICATES, LICENSES, REGISTRATIONS

Security A+. CISSP, CEH or CISM preferred.  Criminal background check required.

Possesses very strong supervisory, leadership, logical abilities, and excels in both oral and written communication skills.

Knowledge.

1. Knowledge of the practices and principles of enterprise data and network security
2. Knowledge of advanced data and network protection techniques.
3. Knowledge of best practices in data access and protection.
4. Knowledge of cybersecurity practices, policies and procedures.
5. Excellent knowledge of technology environments, i.e. architecture, application development, data storage, telecommunications, networks, programming, service delivery, service desk, and desktop support.
6. Excellent knowledge and understanding of project management principles.
7. In-depth knowledge of multiple enterprise-wide complex security systems and operations and the integration of those systems to maximize the protection of data.
8. In-depth knowledge of applicable laws and regulations as they relate to technology issues and cybersecurity.

Skills.

1. Skill in developing an enterprise data and network security strategy.
2. Skill in communicating cybersecurity strategy and goals to executive levels of organizational and customer groups.
3. Skill in working with internal and external data security professionals to create a comprehensive data security plan for a large organization.
4. Skill in developing, implementing and ensuring compliance to IT Operation’s policies, standards, and procedures.
5. Skill in researching, analyzing and evaluating advanced cybersecurity technologies to address evolving business needs and changing requirements.
6. Excellent verbal and written communications skills including presentation facilitation. 13. Strong tactical skills.
7. Excellent interpersonal skills. 

Abilities.

1. Ability to work with organizational data owners to support data and network security
2. Ability to own and manage cybersecurity plans and procedures; establishing network monitoring and problem detection procedures.
3. Proven leadership ability.
4. Demonstrated ability to interact effectively with all levels of decision makers.
5. Ability to set and manage priorities judiciously.
6. Ability to articulate ideas to both technical and non-technical addressees.
7. Demonstrated ability in self-motivation and self-direction.
8. Keen ability in attention to detail.
9. Superior analytical, evaluative, and problem-solving abilities.
10. Exceptional service orientation ability.
11. Ability to motivate in a team-oriented, collaborative environment.

Requires exceptional ability to work and perform under pressure; exceptional ability to work well with people; ability to work independently, and ability to self-motivate. Incumbent must exhibit strong leadership attitude in support of project, department, and County goals, and must have demonstrated ability to lead others in a team environment.

PHYSICAL CONDITIONS AND NATURE OF WORK CONTACTS:  Work is typically performed in an office, computer room, computer classroom laboratory, and/or conference rooms. Continuous ability to communicate by phone is necessary. Regular use of keyboards, computers, laser printers, etc. is necessary. Work requires occasional handling of small fragile computer components and large components weighing in excess of 50 pounds. Occasional operation of county vehicles to travel to locations throughout the county is required. Regular contact is made with internal departments and senior level persons at all levels of County government and the school division. Contacts are usually cooperative, however, require tact and diplomacy. External contacts with vendor companies and other information services agencies are necessary. Occasional need to perform urgent tasks to meet organizational deadlines. Frequent work activity after normal duty hours and occasional weekend duties are necessary. Depending on job location, employees in this position may be considered essential personnel and fall under Albemarle County AP-4 and in addition, be subject to working overtime, being held over, or called back for disasters, local emergencies, or special events.

SALARY:  Hiring Range: $64,654 - $77,585/annual equivalent based on experience, education and internal equity.       

                Internal candidates will receive pay adjustments in accordance with County Policy §P-60.

DEADLINE FOR APPLICATIONS:  Until Filled