Associate Division Director, Cyber Security

Job Description

JOB SUMMARY

Works under the Chief Information Officer to provide direction for the management, design, development, implementation, operation, and maintenance of Salt Lake County's Cyber security programs, which are designed to protect the confidentiality, integrity, and availability of all County information technology systems and resources, including but not limited to voice, data, network, applications, and computer infrastructure, and their associated information assets. Develops a comprehensive cyber security program, an accountable culture, and a secure infrastructure. Provides countywide strategic and operational IT leadership.

MINIMUM QUALIFICATIONS

Bachelor's degree from an accredited college or university in Information Technology field or business, or other closely related field, plus eight (8) years of related experience, of which two (2) years of supervisory or administrative experience is preferred; OR an equivalent combination of twelve (12) years of related education and experience.

Professional certification in Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) preferred. Prior experience in implementing the NIST Cyber Security Framework (NIST CSF) is preferred.

Due to the nature of this position, the successful applicant must pass a required pre-employment background check and subsequent mandatory background checks in accordance with current County Human Resources policy requirements.

ESSENTIAL FUNCTIONS

• Encourages innovation while weighing cost against the benefit of information technology investments.

• Determines the information security strategy for Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Directs the implementation of the information security strategy for Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Determines the need for information technology policies, standards, processes, procedures, and best practices for Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Works with the Technology Advisory Board (TAB) to review and adopt information technology policies, standards, processes, procedures, and best practices for Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Ensures that County employees, contractors, partners, and other third parties comply with information technology policies, standards, processes, procedures, and best practices for Salt Lake County and any entities that contract with Salt Lake County for information technology services.

• Determines Salt Lake County's compliance strategy to address IT security requirements imposed by regulatory programs like the Health Insurance Portability and Accountability Act (HIPAA.) Criminal Justice Information Systems Policy (CJIS) and the Payment Card Industry Data Security Standard (PCI-DSS.)

• Determines strategies to monitor risk to information technology systems in use by Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Conducts regular internal and external risk assessments of information technology systems in use by Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Communicates to County Leadership the current risk posture of information technology systems in use by Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Serves as the information security subject matter expert for Salt Lake County agencies and any entities that contract with Salt Lake County for information technology services.

• Represents Salt Lake County's information security interests to State and Federal agencies and regulatory bodies.

• Sponsors the security awareness training efforts intended to reduce risk to information technology systems in use by Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Establish and maintain effective partnerships with County agency management through collaboration and teamwork to ensure the effective use of information technology resources and systems supporting the County's business needs.

• Audits and reports on the effectiveness of security controls that protect information technology systems in use by Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Responsible for security incident response planning and tabletop exercises to ensure County information technology staff are prepared to effectively deal with any information security events or incidents that adversely affect information technology systems in use by Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Participates with other Associate Directors in the Information Technology Divisions continuity of operations planning (COOP) and disaster recovery planning and tabletop exercises to ensure County information technology staff are prepared to effectively deal with any service outages or interruptions that adversely affect information technology systems in use by Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Responsible for leading forensic responses to information security events or incidents that adversely affect information technology systems in use by Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Responsible for identifying, tracking, and remediating vulnerabilities found in information technology systems in use by Salt Lake County as a whole and any entities that contract with Salt Lake County for information technology services.

• Directs DevSecOps security tooling and processes; contextualizes findings to address in the team's workload priorities.

• Works with the Chief Information Officer and other Associate Directors to determine the budget for the Information Technology Division.

• Prepares the information security program budget for the Information Technology Division.

• Participates in developing information technology cost metrics for budgeting and accounting reports.

• Evaluates information technology key performance indicators related to the information security program. Directs and coordinates activities through managers and supervisors, which includes hiring, firing, promoting, orienting, training, assigning, and reviewing work performance, annual work performance appraisal, and discipline.

KNOWLEDGE, SKILLS AND ABILITIES (KSA)

Knowledge of:

• The NIST Cyber Security Framework

• The CIS Security Controls.

• The CIS security baselines.

• Security concepts, principles, and best practices for voice and data networks; applications and architecture; design and testing; hosting and cloud-based services; Internet/Intranet technology and mobile devices

• Information security architecture, information security technologies, tools, practices, and controls

• Operations, services, concepts, terms, and activities common to a comprehensive, state-of-the-art information technology security program and current regulatory requirements.

• Current and emerging security technologies including by not limited to Firewalls, Remote Access VPN, Email Security, Encryption, Vulnerability Management, Traffic Management, Extended Detection and Response (EDR), Managed Detection and Response (MDR), Incident Response, Identity and Access Management (IAM), Active Directory, Azure Active Directory, Cloud Security.

• Methods and techniques of evaluating information security and developing appropriate resolutions.

• Project management principles and techniques, including project budgeting, quality assessment and control, and resource management.

• Organizing and prioritizing projects and work assignments and reviewing, establishing, and maintaining project schedules.

Skills and Abilities to:

• Communicate effectively both verbally and in writing.

• Think logically and systematically; solve complex problems; apply general principles to specific conditions effectively.

• Facilitate projects and meetings as assigned, comfortable working with all levels of the organization.

• Analyze business and technical processes and determine ways of making them more efficient.

• Remain calm under stress and quickly adjust, evolve, and multitask between several competing priorities simultaneously.

• Maintain confidentiality and professionalism.

• Communicate effectively both verbally and in writing.