| Job Title |
|
Job Family |
|
Job Code |
|
Job Exempt |
|
IT/OT Security Architect
|
|
Non_Bargaining
|
|
ITSAO2
|
|
Y
|
| |
| |
|
|
|
Pay Grade |
|
Pay Rate Type |
|
Minimum |
|
Midpoint |
|
Maximum |
| |
|
|
|
NB114
|
|
Salary
|
|
$37.88
|
|
$48.30
|
|
$58.72
|
|
| |
|
Job Description
|
| |
|
Performs technical and administrative work that focuses on designing, implementing, and maintaining security architecture patterns that meet regulatory obligations and data protection requirements as well as aligns with the business and organizational security strategy of SCADA systems. Works collaboratively with Water Reclamation System and Information Technology (IT) staff to build security controls and solutions compliant with approved architecture frameworks and standards. Participates in new projects, analysis of new requirements from platform teams, and technical discussions. Suggests best practices in development and operations areas including best security practices. Mentors and trains junior staff members on security protocols. Work is performed under limited supervision of the Wastewater Systems Manager. Work is evaluated while in progress and upon completion through direct observation, discussion, review of established procedures, and achievement of desired results. Minimum Qualifications:
Bachelor’s Degree in Computer Science, Engineering, or related field and five (5) years of progressive IT experience, including experience in security architecture; or an equivalent combination of education, training, and experience. SCADA, ICS, PLC, CISSP, CISA, CISM, or other relevant security-related designation desired. Certified Information Systems Security Professional (CISSP) and Information Systems Security Architecture Professional (ISSAP) certifications are preferred. Valid Florida Driver's License required. Must pass a background investigation which includes a polygraph.
|
| |
|
Responsibilities
|
| |
Knowledge, Skills, and Abilities:
Knowledge of industrial control systems (ICS) and data acquisition (SCADA systems, as well as the protocols and communication methods used in these systems.
Knowledge of computer networking concepts and protocols (e.g. TCP/IP, DNS) and network security methodologies.
Knowledge of network access, identity, and access management (e.g. public key infrastructure, OAuth, OpenID, SAML, SPML).
Knowledge of ISA/IEC 62443 and/or the NIST Cybersecurity Framework.
Knowledge of capabilities and applications of network equipment including routers, switches, servers, transmission media, and related hardware.
Knowledge of remote access technology concepts.
Knowledge of application firewall concepts and functions (e.g. single point of authentication enforcement, data anonymization, DLP scanning, SSL security).
Knowledge of risk management processes and experience in conducting risk assessments.
Knowledge of the application of privacy principles to organizational requirements.
Knowledge of identity and access management methods.
Knowledge of business continuity and disaster recovery operation plans.
Skilled in the application of cybersecurity designs for systems, networks, and multi-level security requirements or requirements for processing multiple classification levels of data.
Skilled in managing projects that drive business objectives.
Skilled in written, oral, and interpersonal communication.
Strong analytical and problem-solving skills.
Ability to identify gaps in existing architectures.
Ability to design security architectures to mitigate threats.
Ability to work in team environments and to negotiate with multiple stakeholders.
Ability to meet tight deadlines and to prioritize tasks.
Ability to think critically and creatively when identifying and addressing security issues.
Ability to analyze threat intelligence and assess risks to OT systems.
Ability to work effectively with IT security teams and all City staff.
Example of Work Performed: Note: The listed duties are only illustrative and are not intended to describe every function that may be performed by this job class. The omission of specific statements does not preclude management from assigning specific duties not listed if such duties are a logical assignment to the position.
Performs support functions to adhere to the fundamental principles of information security, confidentiality, and integrity.
Performs security readiness reviews.
Perform security assessments, identify gaps in existing security architecture, and recommend changes or improvements.
Conducts periodic security and system audits for internal audit and regulatory compliance.
Performs a variety of technical tasks to support the protection of systems and digital assists involving the design, selection and implementation, tuning, and maintenance of security monitoring appliances.
Periodically reviews solutions and hardware to ensure secure configuration has been deployed.
Design security architecture elements to mitigate threats.
Identify possible vulnerabilities and work with functional areas to eliminate or mitigate risks.
Create solutions that align enterprise security architecture frameworks and standards with overall business and security strategy.
Participate in risk assessments for new technologies and projects
.
Employ secure configuration management processes
.
Assist in developing a disaster recovery and business continuity plan. Identify and prioritize system functions required to promote continuity and availability of critical business processes such that in the circumstance of system failure critical business functions are restored or recovered promptly.
Planning, implementing, managing, monitoring, and upgrading security measures for the protection of the organization's data, systems, and networks.
Testing and identifying network and system vulnerabilities.
Document security requirements and controls for protecting information, systems, and technology assets.
Define and document how the implementation of a new technology impacts the security posture of the current environment.
Document and update as necessary all definition and architecture activities.
Provide input on security requirements to be included in request for proposals (RFPs), statements of work (SOWs), and other procurement documents.
Communicate current and emerging security threats to project team members.
Trains Water Reclamation staff through in-person training, a Learning Management System, or the writing and implementation of new policies and procedures.
Performs other related duties as assigned.
|
| |
|
|
|