We are looking for an IT Security Director who will be accountable for ensuring appropriate controls are in place for the security of information assets. This role safeguards information by seeing that security risks are accurately identified, assessed, reported, and mitigated. The IT Security Director will serve as Information Security Officer and is charged with ensuring internal IT security policies, procedures, guidelines, standards, and activities that comply with all local, state, and federal regulatory requirements.
ESSENTIAL JOB FUNCTIONS:
- Maintain policies, procedures, and standards to protect the privacy and integrity of data.
- Manage development and application of IT security procedures and protocols.
- Create a strategic plan for the deployment of information security technologies and program enhancements.
- Collaborate with key stakeholders to establish, grow, and maintain an IT security risk management program.
- Audit existing systems and provide comprehensive risk assessments.
- Prioritize and allocate IT security resources correctly and efficiently.
- Develop contingency plans and manage security breaches.
- Integrate IT systems development with IT security policies and information protection strategies.
- Monitor security vulnerabilities, threats, and events in network and host systems.
- Lead IT security investigations with recommended courses of action.
- Develop and guide a team of IT security experts.
- Provide on-the-job training.
RELATED JOB FUNCTIONS:
- Provide organizational-wide information and training regarding IT security systems.
- Present periodic status updates to the Executive Leadership Team and the Board of Directors as appropriate.
- Anticipate new security threats and stay up to date with evolving infrastructures and cyber security best practices.
- Participate in local, state, and federal cyber forums including but not limited to the Department of Homeland Security’s Security Cyber and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC).
- Develop strategies to handle security incidents and coordinate investigative activities.
- Prepare financial forecasts for security operations and proper maintenance cover for information assets.
- Work with IT Leadership to ensure IT security protection policies are being implemented, reviewed, maintained, and governed effectively.
- Lead education programs focused on user awareness and security compliance.
- Perform related work duties as assigned.
REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES
- Operations, services, and activities of a comprehensive, information system and services program
- Current technologies and the ability to retrieve and analyze principles of data integration, and, information sharing methodologies
- Computer, geographical information, and database systems design, programming, management analysis tools
- Best practices related to wired and wireless security methodologies
- Internet Protocol subnet technologies
- Computer hardware and software systems planning and technical support functions
- Principles and processes involved in business and organizational leadership, planning, coordination of people and resources
- Customer service quality management and process improvement standards, procedures, and principles
- Effective conflict management and resolution principles, styles, and strategies between individuals and groups; negotiation and persuasion techniques to garner the support of project initiatives and goals
- Project management
- Present ideas and concepts verbally (including public speaking) and in writing; and respond to inquiries in effective, clear, and concise verbal and written communications
- Specify issues through creative problem-solving and decision-making
- Collaborate with IT Leadership team members to create, and maintain robust and effective systems and confidentiality of information
- Provide prompt and accurate investigation of system use/abuse, while working with a support group
- Collaborate with IT Infrastructure Manager and other IT teams as appropriate to evaluate and implement security solutions that enhance our security posture.
- Develop, implement, and evaluate process improvement initiatives; prepare cost projections and monitor/control budgetary compliance
- Acquire additional training and knowledge of contemporary principles and best practices
- Act independently and know when to refer situations to higher-level authority
- Understand and apply contract terms and provisions
- Organize, analyze, and evaluate tangible data soundly and impartially
- Understand, interpret, and apply rules, standards, or procedures and persuade others to accept or adopt recommendations; while remaining service-oriented and professional
- Train, supervise, or evaluate assigned staff and their work; interact with people of different social, economic, and ethnic backgrounds; motivate and unite staff through
- Communicate effectively, both verbally and in writing
- Understand and follow verbal and written instructions
- Establish and maintain effective working relationships with others
- Communicate frequently with team members and other areas across the Organization about the process, equipment, or potential problems
- Develop proficiency in unit specific operations and software
- Direct team activities or work as a team member
REQUIRED EDUCATION AND EXPERIENCE:
- Bachelor’s degree from an accredited college or university with significant course work in information systems, information technology, computer science, or in a field focused on the application of cyber security technology
- Master’s degree preferred
- A minimum of seven (7) years of progressively responsible cyber security experience in the field
- Certified Information Security Professional (CISP) certification and/or Certified Information Security Manager (CISM) certification
- Certified Cloud Security Professional (CCSP) certification preferred
- An equivalent combination of formal education, certifications, and appropriate related experience may be considered at the discretion of the Chief Information Officer
The physical demands described here are representatives of those that must be met by an employee to successfully perform the essential duties of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
Environmental Working Requirements:
Work is performed in an office or remote environment. Work is sedentary. May require light to moderate lifting, reaching, pulling, and carrying. Manual dexterity and audiovisual/linguistic acuity are required.
- Valid Driver’s License
- The ability to work irregular hours, commute to GLWA facilities and worksites, and respond to after-hour emergencies and on-call responses.