Marion County Class Specification BulletinPage of
<br />>>>
<br />oversees ongoing vulnerability testing. Leads the information technology security assessments to
<br />identify risk due to changes or modifications to the computing environment. Directs the security
<br />assessments/audits to identify vulnerabilities in security program and policies. Controls testing of
<br />security procedures, mechanisms and measures. Collaborates with federal and state auditors, and
<br />subject matter experts for satisfactory completion of compliance and program audits of the
<br />information security program.
<br />2.Designated leader of security incident reporting and official responses to security incidents
<br />(breaches) responds to potential policy violations or complaints from external parties. Leads the
<br />oversight and activities for intrusion detection and response. Ensures the internal control systems
<br />are monitored and that appropriate access levels are maintained.
<br />3.Acts as the Marion County's designee representing the Information Technology department on
<br />information security matters. Oversee the investigation and documentation of security breaches,
<br />misuse of computer resources, internet access, and other violations of information security
<br />policies, standards, and personnel rules governing use of technology by employees; develops
<br />after-action reports and testify in administrative or judicial proceedings.
<br />4.Serves as the contact point for external auditors, survey requests, etc. and on security/privacy
<br />matters. Initiates, facilitates, and promotes activities to create information security awareness and
<br />training throughout the organization.
<br />5.Plan, organize, manage, and administer information security programs, operations, and functions;
<br />develop and implement program and strategic planning; implement and assist in the development
<br />of program policies, procedures, and business practices; evaluate goals, objectives, priorities, and
<br />activities to improve performance and outcomes; recommend and establish administrative controls
<br />and improvements; develop procedures to implement new and/or changing regulatory
<br />requirements.
<br />6.Work with internal stakeholders to enact, monitor and administer enterprise information security
<br />policies and standards; conduct the information security risk assessment program; coordinate
<br />contingency plan tests on a regular basis.
<br />7.Provide expert guidance and reporting on information security issues to other departments, the
<br />general public, and/or outside agencies; represent the county to the public, elected officials, other
<br />agencies, governments, and organizations including making presentations, participating in
<br />meetings, and interacting with emergency services community; act as representative on
<br />committees, interagency task forces, and special projects.
<br />8.Respond and resolve confidential and sensitive inquiries; investigate non-conformance and
<br />recommend corrective actions as necessary.
<br />9.Analyze and review federal, state, and local laws, regulations, policies, and procedures in order to
<br />ensure compliance; conduct analysis on best practices and trends, and formulate and implement
<br />recommendations.
<br />10.Develop, administer, assist, and monitor information security budgets; develop justifications for
<br />budgetary recommendations and/or adjustments; participate in forecasting additional funds for
<br />resources; identify, obtain, and manage funding from information security grants and interagency
<br />partnerships.
<br />11.Attends and participates in professional meetings and stays abreast of new trends and innovations
<br />in the field of information security.
<br />12.Actively participates in maintaining a safe and respectful working environment.
<br />13.Perform other duties as assigned.
<br />MINIMUM REQUIREMENTS:
<br />EXPERIENCE AND TRAINING
<br />1.Bachelor's degree from a four (4) year accredited college or university with major coursework in
<br />computer science, information technology or a related field; AND
<br />2.Five (5) or more years of progressive experience in computing and information security, including
<br />experience with internet technology and security issues; OR
<br />3.Any satisfactory equivalent combination of nine (9) years or more of education, training, and/or
<br />experience relevant to the position.
<br />https://agency.governmentjobs.com/marion/default.cfm?action=specbulletin&ClassSpecID=...8/3/2020
<br />
<br />
|