City of Orlango
City of Orlando
  Job Descriptions » main page »   
 
Job Title   Job Family   Job Code   Job Exempt
Information Security & Compliance Manager   Non_Bargaining   AIM84   Y
 
        Pay Grade   Pay Rate Type   Minimum   Midpoint   Maximum
        NB117   Salary   $43.40   $56.28   $69.15
 
Job Description
 
Performs professional-level work and identifies, manages, and reports on the City of Orlando’s security, privacy, regulatory, legislative, and contractual obligations. Performs security strategy development, updates, reviews, assessments, and audits of the City’s communications network, data, and applications of the internal and cloud services. Assists in the monitoring, coordination, and implementation of policies, procedures, standards, controls, and guidelines to support security, compliance, and auditing requirements. Helps drive the direction of the security and compliance practice; supervises the Information Security Officers' direct work of investigations, documentation, and reporting of cybersecurity compliance issues and incidents; and makes recommendations for security technology platforms. Works with City business leaders to ensure that security awareness and other required training is completed. Works with City business leaders to ensure security risk findings are reviewed/mitigated and that the information is communicated to the proper stakeholders. Oversees the management of the information security-related platforms and solutions. Work is performed under the general direction of the Chief Information Officer (CIO) with considerable latitude for individual initiative and judgment. Work is reviewed through meetings, detailed reports, audit results, and observation of results achieved.

Minimum Qualifications:

Bachelor's Degree with major coursework in Cybersecurity, Information Assurance Security, Homeland Security, Information Systems, Computer Science, or related field and five (5) years IT experience (with a focus on security and compliance covering legal, privacy, and regulatory compliance standards such as HIPPA, PII, PCI, SOC 2, and CJIS), to include two (2) years lead/supervisory experience; or an equivalent combination of education, training, and experience. Background check required. One (1) of the following certifications is preferredCISSP, CISA, GIAC, or CISM.

Additional Qualifications for Promotion

Two (2) years successive performance evaluations (may include interim and final appraisals) resulting in an overall "Exceeds Standards" rating. Promotions are not to be considered an automatic function of longevity and are subject to the review and authorization of the Supervisor.
 
Responsibilities
 
EXAMPLES OF WORK PERFORMED:

Note: The listed duties are only illustrative and are not intended to describe every function that may be performed by this job class. The omission of specific statements does not preclude management from assigning specific duties not listed if such duties are a logical assignment to the position.

Plans, directs, and supervises the work of assigned information security officers and others as assigned; provides guidance to help meet strategic security vision.

Manages complex, enterprise-wide, security-related projects and assigned resources.

Leads/conducts internal and external audits to ensure compliance. Works with outside consultants as appropriate for independent security audits.

Collaborates with various departments to develop security policies, standards, guidelines, and procedures to ensure the confidentiality, integrity, and availability of the City's systems and data.

Creates and implements long-term IT security vision and strategies that are aligned with the CIO directives.

Works with City managers to prioritize City security initiatives and IT security process management.

Develops, maintains, deploys, and manages Citywide security policies/processes/procedures to ensure that Information Technology (IT) and other City departments comply with existing laws and regulations (e.g. HIPAA, PCI-DSS, CJIS, etc.) and to ensure overall security within the enterprise IT environment.

Coordinates or performs research, selection, purchase, installation, and repair of equipment and communication links for assigned security platforms and works with vendor service personnel.

Consults management regarding risk assessment processes and advises the management of IT on security risk issues.

Oversees incident response planning; provides oversight of the investigation of security breaches; and assists with legal matters associated with such breaches as necessary.

Establishes security awareness and training standards.

Is responsible for assisting in the updating of the Information Technology Disaster Recovery Plan.

Conducts risk-based assessment of quality, process, procedures, and training as needed.

Coordinates security activities associated with the review of, installation of, and implementation of new solutions that may integrate with internal City hardware, software, or hosted solutions.

Reviews hardware/software and approves change requests for security; assures that those changes will not impact the City’s data integrity, availability, or confidentiality.

Provides security advice to City departments for the evaluation, selection, and installation of systems, networks, software, and hosted solutions.

Manages security functions such as audits, vulnerability scans, security risk analysis, security alerts, security awareness, and incident reports.

Creates and implements a risk management framework to ensure the appropriate application of controls based on risk and consults with data owners regarding their information security risks and responsibility in minimizing those risks.

Performs other duties as assigned.









 

 

 

 

 

 


KNOWLEDGE, SKILLS, AND ABILITIES:

Extensive knowledge of data and communications systems and network architectures, protocols, computing platforms, and services.

Considerable knowledge of computer servers, workstations and network equipment, configuration, operating system software, industry directions, and information security best practices, compliance, and audits.

Considerable knowledge of systems analysis, computer programming concepts, computer operations, network concepts and techniques, and information security methods and compliance.

Knowledge of computer system metrics, measurement techniques, and planning processes.

Knowledge of relevant business, accounting, record keeping, security, and audit practices and procedures.

Knowledge of planning principles, procedures and techniques for Information Security.

Ability to analyze problems, draw sound conclusions, and discern feasible recommendations regarding the personnel, and services managed by the Information Technology Department.

Demonstrated ability to identify, implement, and coordinate new and improved technologies to complement the business plans of the various City departments and offices.

Ability to analyze, troubleshoot, and resolve problems related to equipment and operating system software configuration of assigned security platforms.

Ability to prepare and present administrative and technical reports, orally and in writing, for review and consideration by staff, City Officials, and the community at large.

Ability to plan, organize, schedule, coordinate, and direct the daily activities of a large and technically proficient staff of information technology professionals.

Ability to establish and maintain effective working relationships with employees, other managers, staff, contractors, and vendors.

Ability to conduct research, analyze, and formulate recommendations to communicate clearly and concisely, both orally and in writing.

Ability to make decisions recognizing established guidelines, precedents and practices, and to use resourcefulness and tact in meeting new problems.

Ability to plan, schedule, coordinate, and review the work of information security officers, and systems/network administrators, telecommunications specialists, and engineers per project requirements.

Ability to interpret and communicate regulations, rules, and contract provisions for maximum benefit to City.

ADDITIONAL QUALIFICATIONS FOR PROMOTION:

Two (2) years of successive performance evaluations (may include interim and final appraisals) resulting in an overall "Exceeds Standards" rating required.

Promotions are not to be considered an automatic function of longevity and are subject to the review and authorization of the supervisor.