Deputy Director of IT - Security

Deputy Director of IT - Security

Vacancy expired!

The Deputy Director of IT - Security assists the Director of Information Technology in the management and administrative oversight of the County s central information technology/data processing agency. Incumbent will be responsible for strategic planning, policy formulation, financial administration/budget, system/network security, and supervision of the department s day-to-day operations and activities staff. Person hired directs and manages the County's information/cybersecurity program; ensures County's compliance with all federal and state information security regulations (including homeland defense security initiatives); coordinates privacy and security requirements with HIPAA coordinator, Department of Finance for Payment Card Industry (PCI) and County agencies using Personally Identifiable Information (PII) and other privacy standards to ensure integrity, sensitivity and confidentiality of data. Works with law enforcement and legal authorities in investigations of digital files; provides architectural oversight, direction and recommendations for enterprise-wide information/cybersecurity technology; and performs other duties as required.

Essential Functions
The requirements for this position include, but are not limited to, those outlined below. All job qualifications and physical requirements are subject to possible modification to reasonably accommodate individuals with disabilities to enable them to perform the essential functions of the job. This document does not create an employment contract, implied or otherwise. It is the employer's discretion to add or change the duties or requirements of this position at any time.

• Directly supervises employees involved in network engineering, network security, server and data center planning and operations, end-user support, and service desk operations.
• Develops and manages all information security policies, standards, procedures, and internal controls which includes establishing procedures and requirements with key stakeholders to ensure compliance with local, state, and federal laws. Possesses knowledge of information security best practices and baseline security configurations for operating systems, applications and networking, and telecommunications equipment.
• Drafts strategies and plans to enforce security requirements and addresses identified risks.
• Develops, documents, and implements the enterprise security program by assessing residual risks, vulnerabilities and other security exposures including the misuse of information assets, and noncompliance with security policies and procedures.
• Compiles and manages disaster recovery plans and procedures including managing security incidents, providing 'after-action' reports and analysis of information security breaches, violations, malicious activity and incidents to management. Recommends corrective technical options and revisions to Information Technology (IT) security initiatives and policies to prevent future occurrences.
• Represents the County with local, regional, state and federal agencies on issues related to cybersecurity and protection of local government's critical IT infrastructure assets. Works with counterparts in other jurisdictions and external agencies to continuously evaluate and address emerging security threats.
• Provides guidance and direction while working with all facets of management within the County in developing secure and confidential technical solutions. Investigates and recommends new technologies that reduce the risk of cyber security threats and provides potential cost savings for the County.
• Delivers the IT Security awareness program through structured training and staff communications. Provides written or verbal communication to all levels of staff, leadership and elected officials on security issues and recommendations.
• Assists in the development of security architecture and security policies, procedures and standards. Evaluates all third-party systems that directly or indirectly access the County's network and reviews terms and conditions for vendor solutions and or new technology acquisitions.
• Performs other duties as assigned.

Education:
Bachelor's degree in a relevant IT field.

Experience:
Five years of experience in risk management, information security and IT of which three years are in a leadership role and developing IT security policies and procedures; or any equivalent combination of experience and training which provides the required knowledge, skills and abilities.

Knowledge/Skills

:
Comprehensive knowledge of information security management and technology (audit compliance, regulatory compliance, disaster recovery, vulnerability assessment, firewalls, and endpoint security); comprehensive knowledge of security administration in a Windows based network environment; comprehensive knowledge of server administration as applied to network and internet security; thorough knowledge of information protection standards, guidelines, and applied procedures (i.e. industry "best practices"); thorough knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from National Institute of Standards and Technology (NIST), including 800-53 and Cybersecurity Framework; thorough knowledge of business needs with the ability to establish and maintain a high level of customer trust and confidence in the security team's concern for customers; the ability to work independently; the ability to establish and maintain effective working relationships with coworkers, representatives of other county departments and agencies, and the public; and the ability to communicate clearly and effectively, both verbally and in writing.

Physical Demands:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; and talk or hear. The employee frequently is required to reach with hands and arms. The employee is occasionally required to stand; walk; and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 40 pounds unassisted. Specific vision abilities required by this job include close vision for extended periods of viewing a computer screen or screens, distance vision, color vision, depth perception, and ability to adjust focus.

Number of Employees Supervised: 12
Number of Subordinate Supervisors Reporting to Job: 2

All positions are subject to a criminal background check for any convictions that relate to the job duties and responsibilities.
The County's EEO Utilization Report has been available at www.fcva.us/jobs.