Job Title

Job Family

Job Code

Job Exempt

Information Systems Security Officer III

Non_Bargaining

CL-AIM53

Pay Grade

Pay Rate Type

Minimum

Midpoint

Maximum

NB113

Salary

$34.60

$44.11

$53.62

Job Description

Performs support functions to adhere to the fundamental principles of information security, confidentiality, and integrity. This level focuses on security analysis and planning versus operational security completing tasks and managing systems and appliances. Performs security readiness reviews; conducts periodic security and system audits for internal audit and regulatory compliance; and performs a variety of technical tasks to support the protection of systems and digital assists involving the design, selection, implementation, tuning, and maintenance of security monitoring appliances. Periodically reviews solutions and hardware to ensure a secure configuration has been deployed. Primary duties include identifying possible vulnerabilities and work with functional areas to eliminate or mitigate risks. Is responsible for user provisioning where applicable. Interacts with Applications Development staff, providing consultation, problem resolution, and change management implementation. Collaborates with management and IT Department to improve security. Educates colleagues about security software and best practices for information security. Reports to the Information Security and Compliance Manager. Work is performed under general supervision and is reviewed upon completion through meetings, system performance, and assigned tasks.

Minimum Qualifications:

Bachelor's Degree with major coursework in computer science and at least five (5) years work experience, including two (2) years of City employment related to IT security, multi-user computer system/network administration, management or support; or a minimum of seven years external work experience specifically related to City system and/or network technologies; or an equivalent combination of specifically related education, training, and experience. Bachelor’s Degree with major coursework in Cybersecurity or Information Security and Assurance preferred. CEH, Security +, and/or GIAC preferred. Must pass a criminal background check.

Additional Qualifications for Promotion

Promotions are not to be considered an automatic function of longevity and are subject to the review and authorization of the Supervisor. The employee’s last performance review must have resulted in an overall rating of Meets standards or better with no factor rating of less than meets.

Responsibilities

EXAMPLES OF WORK PERFORMED:

Note: The listed duties are only illustrative and are not intended to describe every function that may be performed by this job class. The omission of specific statements does not preclude management from assigning specific duties not listed if such duties are a logical assignment to the position.

Analyzes and develops procedures for movement and compiling of developed applications from a test environment to the live production environment.

Designs, codes, tests, and modifies command language programs as well as logical, physical, and device files.

Keeps abreast of all the latest developments in cybersecurity space including information on recent company breaches, security vulnerabilities, and new products.

Monitors and analyzes system logs, journals, and statistics to determine security violations; monitors and modifies the operating system values in the main computer systems.

Evaluates, tests, and installs vendor supplied system program fixes to the main computer systems operating system. Recognizes, interprets, and initiates resolution of any main computer system problems, halts, or shutdowns.

Monitors performance and operation of various software operating packages and adjusts as needed or requested.

Develops system proposals, documentation, and procedures; analyzes main computer systems hardware and software proposals; and assists management with regards to recommendations.

Reviews security vulnerability results with the team and conducts research on remediation with appropriate teams within IT.

Conducts audits across IT infrastructure including Active Directory, CAD system, email system, camera system, and building access control.

Designs or participates in security awareness campaigns including making decisions on training, phishing tests, and frequency.

Conducts daily review of tickets received from computer operations including network troubleshooting, end-user device problems related to internal or third-party applications, and potential viruses/malware detection; coordinates with clients and relevant operations teams to identify the causes of incidents; implements resolutions; and ensures timely closure of tickets. Some tickets may get escalated to this position due to complexity.

Performs other duties as assigned.

KNOWLEDGE, SKILLS AND ABILITIES:

Knowledge of mini and mainframe computers and various computer programs, system analysis procedures and computer operations.

Knowledge of Windows, AS/400, Linux, and UNIX operating systems.

Knowledge of modern information systems and data processing concepts, techniques and operating principles.

Knowledge of the capabilities, limitations and uses of electronic computers and peripheral equipment and techniques of translating user requirements into structured applications and programs utilizing available resources.

Knowledge of security implementations and auditing in the mid-range computer environment.

Ability to operate personal computer for extended periods of time.

Ability to analyze and modify configuration of the main computer systems and modify system values to optimize machine utilization and performance.

Ability to troubleshoot and resolve system problems and malfunctions.

Ability to establish and maintain effective working relationships with employees, and vendors.

ADDITIONAL REQUIREMENTS FOR PROMOTION:
Last performance evaluation must have resulted in an overall meets standards rating or better with no goal rating of less than meets standards.

Promotions are not to be considered as an automatic function of longevity. Requests for promotion are to be initiated by the program manager, considered in view of employee performance evaluations, and are subject to the review and authorization of the Manager.