Full-time
Chief Information Security Officer - City of Tuscaloosa - Tuscaloosa, AL

Summary The purpose of this classification is to perform managerial and technical functions for developing and maintaining an information security program that protects enterprise technology assets from internal and external threats. This position will work with the Chief Information Officer and other positions within the organization to plan, manage, and adapt security measures in a proactive and ongoing manner.
Essential Functions The following duties are normal for this classification. The omission of specific duties does not exclude them from the classification if the work is similar, related, or a logical assignment for this classification. Other duties may be required and assigned. Specific duties listed may not be required for all positions within this classification, but are determined by the normal requirements for the particular position.

Supervises, directs and evaluates assigned staff, processing employee concerns and problems, directing work, counseling, disciplining and completing employee performance appraisals; conducts training activities.

Reviews, assesses, plans and implements security measures that ensure the City of Tuscaloosa has a strong securing posture and one that is proactive and forward-looking.

Leads in the development of formal plans that address disaster recovery and business continuance; works with the CIO and other IT staff to holistically meet this goal.

Implements and manages a layered security strategy and platforms to prevent breaches and to minimize the impact of any such occurrence.

Implements, configures and maintains network and host or cloud-based security platforms.

Assists in the development and maintenance of security processes and documentation that address cyber security risks to the environment.

Conducts risk management processes to identify and remediate vulnerabilities associated with cyber security; implements and manages controls to address identified risks.

Identifies and assesses private and sensitive information, to include information covered by legal mandates such as HIPPA, CJIS, etc., and implements processes and controls to properly secure and mitigate threats to this data.

Works with IT Department staff and business partners such as Human Resources to plan and perform security awareness training for City of Tuscaloosa staff.

Reviews and develops secure business communications practices; works with partners such as Communications and Human Resources to develop and implement related policies.

Ensures that the City of Tuscaloosa is in regulatory compliance with regards to data resources; works with partners such as the City Attorney and Human Resources to enforce such compliance.

Leads and manages cyber security incidents; conducts necessary discovery and forensic investigations.

Prepares information security processes and policies including, but not limited to, physical security of technology resources, digital security measures, data access, data use, data replication, and data destruction; manage encryption key management, network intrusion systems, security logs, security information event management, passwords and regulatory compliance standards.

Plans and administers security audits to assess and improve the City of Tuscaloosa's security posture; works with third-party vendors to accomplish this goal.

Manages computer access needs across the enterprise; review and establish access policies; works with internal partners to continuously monitor and improve such policies.

Works with third-party vendors and contractors to evaluate, establish and control their remote access to any technical resource; works with internal partners to achieve this goal.

Interfaces with Department Heads and Department Managers to discuss, review and improve security postures.

Communicates cyber-security topics to IT and City leadership; uses concise presentations to present this information.

Establishes mechanisms for audit policy reports to ensure compliance with standards such as HIPPA, PCI, CJIS, etc.

Provides necessary and timely reports to keep management informed of security risks or issues.

Works closely with internal IT staff and external partners to evaluate and implement commercial and proprietary software patches, version upgrades and other bug fixes as may be necessary.

Conducts security and forensic investigations as required.

Conducts routine audits and reviews of user privileges, data and system access privileges; work with internal and external partners to review such findings; take necessary measures to ensure such privileges are current, appropriate and maintain an appropriate security posture.

Plans and administers user and system password policies; ensures policies meet all current standards and enhance Tuscaloosa's security posture.

Administers security requirements and mandates from external agencies such as Criminal Justice Information Systems (CJIS) or other security mandates such as HIPPA or PCI compliance.

Maintains an awareness of new technology trends, products and advances in the technology profession.

Attends meetings, conferences, workshops, and training sessions.

Demonstrates punctual, regular and reliable attendance; performs 24-hour on-call service as required.

Prepares written documentation as required; completes required reports.

Communicates with supervisor, co-workers, users, departments, vendors, and outside agencies to discuss work in progress, exchange information, resolve problems, coordinate equipment needs, provide operational support, and project management.

Understands the functions, procedures, and workflow of city departments as they relate to computer operations/support; provides computer support to departments.

Comprehensive and current knowledge of cyber security technology, concepts and strategies.

Thorough knowledge of auditing and risk management as related to information security, including enterprise networking, data storage, distributed systems, database technology, computing endpoints and enterprise email.

Thorough knowledge of computer system auditing, performance monitoring and network auditing, including network forensics such as packet sniffing, etc.

Thorough knowledge of the TCP/IP protocol and OSI model.

Comprehensive knowledge of current cyber-security concerns such as malware, ransomware, email security, emerging threats, attach vectors and vulnerability management techniques and processes.

Knowledge of routing and switching concepts and protocols as related to cyber security; appropriate command line knowledge and skills to work with such equipment.

Ability to learn Tuscaloosa's existing technology resources and to enhance the security posture for such resources.

Working knowledge of cyber-security tools including, but not limited to, Security Event Incident Management (SEIM), Next Gen Antivirus and Endpoint Protection, Intrusion Detection, Network Management, Data Protection Platforms; effectively perform work using such tools; research, identify and assist in procurement of such tools.

Ability to effectively lead and communicate with employees and internal and external partners; communicate security topics in a clear, concise manner.

Working knowledge of operating systems across a range of devices including but not limited to Microsoft Windows, Linux, Cisco switches and routers; knowledge of virtualization platforms such as VMWare; knowledge of data storage architectures such as Storage Area Networks.

Knowledge of wireless (Wi-Fi) technologies and security protocols, Wireless LAN Controllers, configuration and policy-based control of such devices.

Working knowledge of Microsoft Active Directory, Group Policy and scripting technologies such as PowerShell.

Ability to identify, comprehend and integrate a complex set of technologies into a working system of data and technology security.

Ability to analyze and identify security issues; provide quick and effective response; evaluate and recommend appropriate resolutions timeframes.

Effectively build and maintain relationships with IT staff, external partners and vendors; communicate effectively across such groups.

Ability to work effectively with all areas of the enterprise including staff positions and elected officials.

Demonstrate sound judgement, innovative and resourceful initiative, tact and proper decorum with regard to spoken and written communications.

Operates a motor vehicle to conduct work activities.

Recommends policies and procedures that guide and support the provision of quality services by the department.

Incorporates continuous quality improvement principles in day-to-day activities.

Must be able to maintain good interpersonal relationships with staff, co-workers, managers and citizens.

Must accomplish the essential functions of the job, with or without reasonable accommodations, in a timely manner.

Performs other related duties as required.
Minimum Qualifications Bachelor's degree in Computer Science, Management Information Systems, Cyber Security, or a closely related field; five years of progressively responsible professional experience in a cyber security related or information technology field preferably in a government, enterprise, or military work environment; or any equivalent combination of education, training, and experience which provides the requisite knowledge, skills, and abilities for this job. A minimum of one of the following industry certifications is required: Cisco Certified Network Associate Security (CCNA Security), Certified Information Systems Auditor, Certified Information Security Manager, Certified Information Systems Security Professional. Must possess and maintain a valid driver's license Minimum Requirements to Perform Essential Job Functions The following requirements are normal for this classification. Specific requirements may not apply to all positions within this classification, but are determined by the normal requirements for the particular position. PHYSICAL REQUIREMENTS: Must be able to operate a variety of equipment, machinery and tools which may include a personal computer, terminal, terminal server, printer, tape/disk drives, uninterruptible power source, optical disk reader, scanner, modem, copy machine, facsimile machine, calculator, telephone, data scope, volt ohmmeter, crimper, wire cutter, etc. Physical demand requirements are at levels of those for light work. DATA COMPREHENSION: Requires the ability to compare and/or judge the readily observable functional, structural, or compositional characteristics (whether similar to or divergent from obvious standards) of data, people, or things which may include forms, reports, logs, maps, drawings, floor plans, flow charts, technical manuals, operational manuals, procedural manuals, and reference materials. INTERPERSONAL COMMUNICATION: Requires the ability to speak with and/or signal people to convey or exchange technical information, including giving/receiving assignments and/or directions to/from co-workers, assistants, managers, or supervisors as well as communicating with the general public. LANGUAGE ABILITY: Requires ability to read a variety of technical documentation, directions, instructions, and methods and procedures. Requires the ability to write job related documentation and reports with proper format, punctuation, spelling and grammar, using all parts of speech. Requires the ability to speak with and before others with poise, voice control, and confidence using correct English and well-modulated voice. INTELLIGENCE: Requires the ability to learn and understand complex computer programming/operation principles and techniques, to understand departmental policies and procedures, to make independent judgments in absence of supervision, and to acquire and be able to expound on knowledge of topics related to primary occupation. VERBAL APTITUDE: Requires the ability to record and deliver information, to explain procedures, and to follow verbal and written instructions. NUMERICAL APTITUDE: Requires the ability to add and subtract, multiply and divide, calculate decimals and percentages, determine time and weight, perform college level algebra, perform high school level trigonometry, perform statistical calculations, and perform Boolean algebra. FORM/SPATIAL APTITUDE: Requires the ability to visually inspect items for proper length, width, and shape using job related equipment. MOTOR COORDINATION: Requires the ability to coordinate hands and eyes in using job related equipment. MANUAL DEXTERITY: Requires the ability to handle a variety of items, computer equipment, control knobs, switches, etc. Must have the ability to use one hand for twisting motion or turning motion while coordinating other hand with different activities. Must have moderate levels of eye/hand/foot coordination. COLOR DIFFERENTIATION: May require the ability to discern color. INTERPERSONAL TEMPERAMENT: Requires the ability to deal with and relate to people beyond giving and receiving instructions. Must be able to adapt to and perform under considerable stress when confronted with an emergency. PHYSICAL COMMUNICATION: Requires the ability to talk, express, or exchange ideas by means of spoken words and/or hear and perceive nature of sounds by ear.
The City of Tuscaloosa offers a comprehensive benefits package to full-time permanent employees that includes retirement, vacation and illness leave, paid holidays, medical and dental insurance, flexible spending account, life insurance, and other supplemental insurances and deferred retirement saving plans.

For a more detailed overview of our benefits package, please visit the Employee Benefits Summary within our website or contact the Human Resource Department at (205) 248-5230.

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.