Cyber And Physical Security Officer

Description

The Cyber and Physical Security Officer will be responsible for maintaining and documenting the security profile of the City's information (IT) and operational technology (OT) networks and facilities. The security officer will work closely with both the infrastructure team as well as operations team to ensure tight collaboration and integration of security solutions. The officer must possess the ability to perform security requirements elicitation, analysis and specification with a working ability to identify architecturally significant requirements and their ramifications. Develop attack and defense methodologies for high-risk computer networks. This position is a supervisory position, responsible for highly technical and professional personnel within the security division.

Examples of Duties

• Stay informed about the latest cybersecurity trends, threats, and technologies to continuously improve security measures.

• Initiates and coordinates all network security and physical security related projects through all phases of the project

• Evaluate the effectiveness of existing cyber and physical security measures, such as firewalls, password policies, intrusion-detection systems, camera monitoring and badge access and make recommendations for improvements and implementation.

• Manages and maintains contracted security guard force to ensure all post orders and duties are fulfilled.

• Oversee governance, risk, and compliance program to ensure adherence with standards, policies, procedures, and regulations.

• Promote appropriate security best practices and fundamentals in architectural design, engineering, and implementation in both information technology (IT) and operational technology (OT) areas.

• Perform security auditing, assessments, and evaluation vulnerability testing tools and procedures.

• Develop policies that give managers and employees varying levels of access to corporate applications, systems and data.

• Provides service consultation and support towards information security related projects and or solutions

• Perform enterprise security architecture requirements analysis and design, support/lead engineering and deployment activities.

• Provide ongoing engineering support for deployed security technologies, support security design reviews for all application and technology rollouts.

• Review proposed changes in the technology environment for security implications.

• Evaluate and implement new technology and security products for relevancy to the city's overall security strategy and in support of new business requirements/initiatives.

• Conduct regular security assessments and audits to identify and address vulnerabilities.

• Coordinate with various project teams to communicate the necessity of security requirements and design constraints as part of SDLC or vendor supplied applications.

• Oversee the installation and maintenance of security systems, including access control, surveillance, and alarms.

• Monitor and respond to security incidents, including conducting investigations and implementing corrective actions.

• Participate in the engagement of outside agencies such as CISA, DHS, FBI, etc. to stay abreast of the changing cybersecurity landscape.

• Responsible for ensuring all endpoints are protected with malware detection software and that updates are applied on a timely basis.

• Responsible for providing security related expertise in the administration and support activities for the organization's email server and client systems, including configuration, data protection, and availability.

• Leads or commissions suitable information security awareness, training and educational activities.

Perform any other related duties as assigned.

Minimum Qualifications

QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty mentioned satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

EDUCATION AND EXPERIENCE

Graduation from an accredited 4-year college with major coursework in Computer Engineering or related field.

Minimum of 4 years of paid experience in administration or management of computer hardware, software, and networking.

Must possess Network+ and Security+ certifications.

An equivalent combination of training and professional experience may substitute for educational requirements

REQUIRED CERTIFICATES, LICENSES, REGISTRATIONS

Must possess a valid Florida Driver's License with an acceptable driving record.

CompTIA A+, CompTIA Network+, CompTIA Security+, or CompTIA CSIS

ISC2 CISSP within first year of employment

Supplemental Information

RESPONSIBILITY FOR FUNDS, PROPERTY and EQUIPMENT

Annual Budget: $

SUPERVISORY RESPONSIBILITIES

This position will directly supervise 4 employees.

This position may indirectly supervise 1 employees.

If applicable, supervisory responsibilities include interviewing, hiring and training employees; planning, assigning and directing work; appraising performance, rewarding and disciplining employees; addressing complaints and resolving problems.

ANALYTICAL ABILITY / PROBLEM SOLVING

MODERATELY DIRECTED. Activities covered by wide-ranging policies and courses of action, and generally directed as to execution and review.

PLANNING

With regard to general assignments in planning time, method, manner and/or sequence of performance of own work. CONSIDERABLE RESPONSIBILITY; in addition, the work operations of a group of employees, all performing Basically the same type of work.

DECISION MAKING

Performs work operations which permit opportunity for decision-making of minor importance. FREQUENTLY;

Performs work operations which permit opportunity for decision-making of major importance. FREQUENTLY;

COMMUNICATION SKILLS

Ability to read, analyze, and understand the most complex documents;

Ability to respond effectively to the most sensitive inquiries or complaints.

MATHEMATICAL SKILLS

Ability to comprehend and apply principles of advanced calculus, modern algebra, and advanced statistical theory.

CRITICAL THINKING SKILLS

Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

SUPERVISION RECEIVED

Under GENERAL SUPERVISON where standard practice enables the employee to PROCEED ALONE on routine work, referring all questionable cases to supervisor.

MENTAL DEMAND

INTENSE; Operation requiring sustained directed thinking to analyze, solve, or plan highly variable, administrative, professional, or technical tasks involving complex problems or mechanisms.

USE OF MACHINES, EQUIPMENT AND/OR COMPUTER

Highest level of network engineering, subject matter experts and telecom engineering and/or comprehensive information system management executive for Information Systems or Information Technology operations.

ACCURACY

Probably errors would normally not be detected in succeeding operations and would definitely have serious effects in relationships with patrons and/or with the operations of other segments of the organization.

PUBLIC CONTACT

Regular contacts with patrons, either within the office or in the field. May also involve occasional self-initiated contacts to patrons. Lack of tack and judgment may result in a limited type of problem for the organization.

EMPLOYEE CONTACT

Continuous contacts frequently involving difficult negotiations with require a well-developed sense of strategy and timing. Involves contacts with senior level internal officials.

PREFERRED CERTIFICATES, LICENSES, REGISTRATIONS

ISC2 CISSP

SOFTWARE SKILLS REQUIRED

10-Key Advanced

Accounting Basic

Alphanumeric Data Entry Mastery

Contact Management Basic

Database Intermediate

Enterprise Resource Planning Basic

Human Resources Systems Basic

Payroll Systems Basic

Presentation/PowerPoint Intermediate

Programming Languages Intermediate

Spreadsheet Intermediate

Word Processing/Typing Intermediate

ADDITIONAL SOFTWARE SKILLS

Good understanding of network protocols and network components.

Experience configuring Windows workstations, Windows Server, network switches, and firewalls. Familiar with relational database administration.

Experience with virtual server configuration and management.

Scripting experience in one or more modern languages including Python, BASH, or PowerShell. Ability to physically install desktop computers, printers, servers, and other computer equipment.

OTHER SKILLS

Is motivated, innovative, and results-oriented with a consistent desire to excel.

Ability to analyze and interpret data and solve problems.

Works under general supervision with a certain degree of creativity and latitude expected.

Recognize, adopt, use, and recommend best practices in security engineering.

Ability to communicate effectively, orally and in writing and convey ideas persuasively in a concise, organized, and professional manner.

Possesses good teamwork and project management skills.

Ability to establish and maintain effective working relationships with the general public, employees, and public officials.

PHYSICAL ACTIVITIES

While performing the functions of this job, the employee may be required to:

Stand Regulary

Walk Regularly

Sit Regularly

Use hands to handle or feel Regularly

Reach with hands and arms Regularly

Climb or balance Regularly

Stoop, kneel, crouch or crawl Regularly

Talk or hear Continuously

Taste or smell Continuously

WEIGHT LIFT REQUIREMENTS

The employee must occasionally lift and/or move:

Up to 50 pounds

VISION REQUIREMENT

Specific vision abilities required by this job may include:

Close vision (use of a computer, equipment, or any other work duties that require clear

vision within two (2) feet or less).

ENVIRONMENTAL CONDITIONS

The following work environment characteristics described here are representative of those

an employee encounters while performing essential functions of this job. Reasonable

accommodations may be made to enable individuals with disabilities to perform the

essential functions.

Work near moving mechanical parts (spinning shafts, engines, lifts, etc.)

Occasionally

Work in high, precarious places (tall structures, bucket lifts, extension ladders, etc.)

Occasionally

Fumes or airborne particles (painting, sanding, solvents, flying lint or dust particles, etc.)

Never

Toxic or caustic chemicals (including potential for chemical spills, etc.)

Never

Outdoor weather conditions (exposure to outdoor heat, cold or inclement weather)

Occasionally

Wet or humid conditions (not weather-related, such as greenhouse, carwash, etc.)

Never

Extreme cold (not weather-related, such as freezer, cold storage, etc.)

Never

Extreme heat not weather-related, such as furnace, kitchen, ovens, etc. where temp is

regularly above 100 degrees F) Never

Risk of electrical shock (live electrical wires, equipment that retains power after shutoff)

Occasionally

Work with explosives (TNT, dynamite, nitroglycerine or other related explosives)

Never

Risk of radiation (x-ray equipment, nuclear radiation, electromagnetic radiation, etc.)

Never

Vibration (jack hammer, soil compactor, equipment that creates high vibration, etc.)

Never

The noise level in the work environment is usually Moderate (business office with

computers/printers, light traffic, etc.)

ADDITIONAL INFORMATION

This is not necessarily an exhaustive list of all responsibilities, skills, duties, requirements,

efforts, or working conditions associated with the job. While this is intended to be an

accurate reflection of the current job, management reserves the right to revise the job or to

require that other or different tasks be performed when circumstances change (e.g.,

emergencies, changes in personnel, workload, rush jobs, or technological developments).