Laserfiche WebLink
Marion County Class Specification BulletinPage of <br />>>> <br />oversees ongoing vulnerability testing. Leads the information technology security assessments to <br />identify risk due to changes or modifications to the computing environment. Directs the security <br />assessments/audits to identify vulnerabilities in security program and policies. Controls testing of <br />security procedures, mechanisms and measures. Collaborates with federal and state auditors, and <br />subject matter experts for satisfactory completion of compliance and program audits of the <br />information security program. <br />2.Designated leader of security incident reporting and official responses to security incidents <br />(breaches) responds to potential policy violations or complaints from external parties. Leads the <br />oversight and activities for intrusion detection and response. Ensures the internal control systems <br />are monitored and that appropriate access levels are maintained. <br />3.Acts as the Marion County's designee representing the Information Technology department on <br />information security matters. Oversee the investigation and documentation of security breaches, <br />misuse of computer resources, internet access, and other violations of information security <br />policies, standards, and personnel rules governing use of technology by employees; develops <br />after-action reports and testify in administrative or judicial proceedings. <br />4.Serves as the contact point for external auditors, survey requests, etc. and on security/privacy <br />matters. Initiates, facilitates, and promotes activities to create information security awareness and <br />training throughout the organization. <br />5.Plan, organize, manage, and administer information security programs, operations, and functions; <br />develop and implement program and strategic planning; implement and assist in the development <br />of program policies, procedures, and business practices; evaluate goals, objectives, priorities, and <br />activities to improve performance and outcomes; recommend and establish administrative controls <br />and improvements; develop procedures to implement new and/or changing regulatory <br />requirements. <br />6.Work with internal stakeholders to enact, monitor and administer enterprise information security <br />policies and standards; conduct the information security risk assessment program; coordinate <br />contingency plan tests on a regular basis. <br />7.Provide expert guidance and reporting on information security issues to other departments, the <br />general public, and/or outside agencies; represent the county to the public, elected officials, other <br />agencies, governments, and organizations including making presentations, participating in <br />meetings, and interacting with emergency services community; act as representative on <br />committees, interagency task forces, and special projects. <br />8.Respond and resolve confidential and sensitive inquiries; investigate non-conformance and <br />recommend corrective actions as necessary. <br />9.Analyze and review federal, state, and local laws, regulations, policies, and procedures in order to <br />ensure compliance; conduct analysis on best practices and trends, and formulate and implement <br />recommendations. <br />10.Develop, administer, assist, and monitor information security budgets; develop justifications for <br />budgetary recommendations and/or adjustments; participate in forecasting additional funds for <br />resources; identify, obtain, and manage funding from information security grants and interagency <br />partnerships. <br />11.Attends and participates in professional meetings and stays abreast of new trends and innovations <br />in the field of information security. <br />12.Actively participates in maintaining a safe and respectful working environment. <br />13.Perform other duties as assigned. <br />MINIMUM REQUIREMENTS: <br />EXPERIENCE AND TRAINING <br />1.Bachelor's degree from a four (4) year accredited college or university with major coursework in <br />computer science, information technology or a related field; AND <br />2.Five (5) or more years of progressive experience in computing and information security, including <br />experience with internet technology and security issues; OR <br />3.Any satisfactory equivalent combination of nine (9) years or more of education, training, and/or <br />experience relevant to the position. <br />https://agency.governmentjobs.com/marion/default.cfm?action=specbulletin&ClassSpecID=...8/3/2020 <br /> <br />