IT Security Administrator
Company: Marion County
Location: Salem
Posted on: November 10, 2024
|
|
Job Description:
This recruitment has been reopened for additional applicants. If
you have already applied for recruitment #560-2024-2, you do not
need to reapply.
Information Technology ( I T) provides technical services, manages
the county's technical resources, and provides consulting services
for technology improvements through three programs: Administration,
Operations, and Technology Solutions. These programs provide a
complete range of technology services, which include strategic
planning, new service design, business analysis, project
management, security risk management, data security, applications
delivery and support networks, servers and storage, desktop and
mobile management, database administration, and end-user support
through the service desk.
G E N E R A L S T A T E M E N T O F D U T I E S
Plan, organize, manage, and administer information security,
operations, and functions; develop and implement program and
strategic planning; implement and assist in the development of
information security program policies, procedures, and business
practices; evaluate goals, objectives, priorities, and activities
to improve performance and outcomes; recommend and establish
administrative controls and improvements; develop procedures to
implement new and changing regulatory requirements; serve as an
advisor to the management team.
S U P E R V I S I O N R E C E I V E D
Under general supervision of the I T Director, who assigns work,
establishes goals, and reviews the results obtained for overall
effectiveness through analyzing work products, observations, and
meetings.
S U P E R V I S I O N E X E R C I S E D
Full supervision, including employee selection and training,
performance evaluation, complaint response, and personnel
recommendations.
D I S T I N G U I S H I N G C H A R A C T E R I S T I C S
Develop and maintain the framework for the organization's I T
information security. Evaluate and recommend new information
security technologies and countermeasures against threats to
information or privacy. Identify information technology security
initiatives and standards for the enterprise. Manage the
development, implementation, and maintenance of information
security policy, standards, guidelines, and procedures. Set the
access and authorization controls for everyday operations and
emergency procedures for data. Set the standards for access
controls, audit trails, event reporting, encryption, and integrity
controls. Keep abreast of the latest security and legislation,
regulations, advisories, alerts, and vulnerabilities about I T
assets.
Typical Duties - Duties include, but are not limited to the
following
Monitor and maintain security tools/systems (not limited to)
Endpoint Threat Protection Monitoring ( Devices with Antivirus)
Cloud Security Monitoring, alerts & reports Advanced Threat
Protection ( A T P) S I E M or other logging and correlation
technologies Vulnerability Scans for security and compliance
Vulnerability remediation assessment and planning Implement new
security configurations Research security configuration
enhancements and make recommendations to management Security Risk
and Prevention: Monitor data access: ensure the internal control
systems are monitored and that appropriate access levels are
maintained following the principle of least privilege. Conduct
security assessments through vulnerability testing and risk
analysis using available vulnerability scanning tools. Assist with
internal and external security audits. Ensure adopted security
policies, procedures, and best practices are followed. Contribute
to weekly security status reports to I T leadership Security
Incident and Authoritative Contact: Analyze security breaches to
identify the root cause. Respond to potential security policy
violations or complaints from external parties. Assist in oversight
and activities for intrusion detection and response. Investigate
security incidents and develop after-action reports. Serve as a
point of contact for external security auditors, survey requests,
and for department security/privacy matters. Assists in
facilitating and promoting activities to create information
security awareness and training. Other duties as assigned.
Requirements for the Position
E X P E R I E N C E A N D T R A I N I N G Bachelor's degree in
computer science, information technology, or related field; A N D
Five years of progressive experience in computing, information
security, and internet technology, including two years of
supervisory experience; O R Any satisfactory combination of work,
education, training, or experience relevant to the position, as
determined by Marion County.
S P E C I A L R E Q U I R E M E N T S The finalist for this
position will be required to pass a criminal history background
check, including finger printing; however, conviction of a crime
may not necessarily disqualify an individual for this position.
Must possess a current driver's license in the applicant's state of
residence and an acceptable driving history. Marion County will
obtain a copy of the driving record for all qualified applicants
from Driver and Motor Vehicle Services and review the driving
record according to the Marion County policy and procedure for
Driving on County Business. The policy can be found at: A P A P/.
This assignment is represented by a union. This is a full-time
position, which is eligible for overtime. Typical Work Schedule:
Monday through Friday, 8:00 A. M. - 5:00 P. M., with flexibility
depending upon the needs of the department and program. Must be
available to perform assigned rotating after-hour duties.
P R E F E R E N C E S Certified Information Systems Security
Professional ( C I S S P), or formal security certifications from
International Information System Security Certification Consortium
( I S C)--, Global Information Assurance Certification ( G I A C),
Computing Technology Industry Association ( Comp T I A),
Information Systems Audit and Control Association ( I S A C A).
Information security principles and practices, including any of the
following: security risk assessment standards, risk assessment
methodologies, and vulnerability assessments. Senior level
knowledge of mainstream operating systems and a wide range of
security technologies, such as network security appliances,
identity and access management ( I A M) systems, anti-malware
solutions, automated policy compliance tools, and desktop security
software. K N O W L E D G E, S K I L L S, A N D A B I L I T I E
S
Knowledge of technology hardware and software which includes, but
is not limited to systems, application languages, server based
systems, cloud computing, personal computers, local and wide area
network configurations and management, information and data
management software and state-of-the-art system development and
maintenance technologies; local, state, and federal laws, rules,
policies, and regulations affecting information security and
related technology and systems; strategic planning, preparation,
and projection; and effective leadership and organizational
communication principles and practices. Working knowledge of
prevailing industry security standards and common body of knowledge
gained by way of C I S S P, S A N S, or C I S A Certifications.
Skills and abilities to manage and oversee comprehensive
information security; lead diverse technologies, employees, and
customer groups; communicate effectively in writing and orally,
including the ability to make public or staff presentations;
establish and maintain effective working relationships with a
variety of individuals and groups, including customers in
high-stress situations; and assist in confidential investigations.
Skill in identifying information security problem areas,
formulating diagnoses, and proposing practical solutions. Deep
understanding of network infrastructure, including routers,
switches, firewalls, and the associated network protocols and
concepts. Ability to establish and maintain effective working
relationships with employees, systems users, outside consultants,
and vendors.
P H Y S I C A L R E Q U I R E M E N T S
Sees using depth perception; stands; sits; moves about the work
area; bends forward; stoops; climbs 1 floor of stairs; crawls;
reaches overhead; lifts up to 40 lbs.; pushes, pulls, and carries
up to 25 lbs.; moves carts weighing up to 100 lbs.; operates a
keyboard; speaks clearly and audibly; reads a 12 pt. font;
distinguishes colors and shades; hears a normal level of speech;
and works in areas that may be exposed to dust.
Marion County offers a generous benefits package to regular
employees working 50% or more of the regularly scheduled work week
and their eligible dependents. Temporary employees and part-time
regular employees working less than 50% of the regularly scheduled
work week are not eligible for benefits.
For a summary of benefits, click here. For a complete and detailed
overview of the benefits package for management and supervisory
employees, click here, and select Management Benefits from the left
menu or Management Employees from the page links.
Benefits are defined based on position and are approved by the
Marion County Board of Commissioners. Pando Logic. Category:
Technology, Keywords: Security Administrator
Keywords: Marion County, Eugene , IT Security Administrator, Other , Salem, Oregon
Click
here to apply!
|