Security and Operations Manager
Security and Operations Manager
Salary
$102,105.00 - $132,556.00 Annually
Location
NE 68046, NE
Job Type
Full-Time
Job Number
01191
Department
Information Systems
Opening Date
11/08/2024
Closing Date
11/24/2024 11:59 PM Central
JOB OVERVIEW
GENERAL PURPOSE
Under the general direction of the CIO or designee, this position is responsible for establishing and maintaining enterprise-wide information technology infrastructure, operations, and information security for the County and supported/contracted agencies. Duties require extensive responsibility and independent judgment.
SUPERVISION EXERCISED
This position is responsible for management of both the Information Security division and the Information Technology (I.T.) Operations division of the Technology Services Department.
**Please attach your most recent resume to provide a comprehensive overview of your qualifications and work experience**
ESSENTIAL FUNCTIONS, DUTIES AND RESPONSIBILITIES
ESSENTIAL FUNCTIONS
Establish, maintain, and promote effective professional and cooperative working relationships with elected officials, supervisors, employees, law enforcement, judges, attorneys, vendors, consultants, contractors, other governmental agencies, and the public.
Keep current with regulatory and professional advances.
Report to assigned worksite with regular, predictable, and consistent attendance.
Management Functions
Oversee the daily operation of the Information Security and Operations Divisions by providing supervision, guidance, mentoring, coaching, motivation, training, recognition, and discipline to staff.
Prepare work schedules and expedite workflow; assign duties and monitor performance and evaluate and standardize procedures to improve efficiency and effectiveness of operations.
Direct complex work assignments, ensuring proper training and support; provide direction to subordinate staff based on comprehensive knowledge of policy and procedures.
Ensure division compliance with all applicable laws, regulations, and contractual agreements, overseeing and reviewing policies, procedures, and operations.
Review and ensure compliance with all applicable laws, regulations, and service level agreements /contracts for Information Security and I.T. Operations divisions.
Develop, establish, review, and implement administrative/operating policies, procedures, and standards pertaining to the day-to-day operations; implement changes in policies/procedures to enhance efficiency/performance.
Coordinate the recruitment and selection process for staff vacancies by participating in job description review, posting, screening applications, interviewing candidates, wages, and hiring candidates.
Participate in the review, selection, and ongoing management of vendors as assigned.
Perform project management for IT projects responsible to Information Security and I.T. Operations divisions.
Prepare, compile and maintain a variety of studies, reports, and statistical information for grant writing and decision-making purposes, budget planning, and implementation.
Information Security Functions
Define, document, and implement Information Security policies, procedures, and standards for the County and supported agencies.
Utilize the three principles of information security: confidentiality, integrity, and availability.
Identify and provide guidance on regulatory, legal and audit security related issues.
Perform assessments on cloud services, applications, systems, and databases for security risks and compliance.
Manage and maintain an Employee Security Awareness program.
Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
Develop and maintain an Incident Response Plan to reliably detect and respond to security incidents.
Investigate security incidents and recommend actions needed to resolve situations to include monitoring emerging cyber and information security risks.
Oversee and assume responsibility for the implementation and operation of information security controls.
Ensure security events are collected, retained, analyzed, and investigated.
Research, recommend, and implement risk mitigation strategies that are aligned with business goals and objectives.
Coordinate with key stakeholders to define disaster recovery objectives and business continuity plan.
Work with project teams to ensure deliverables are deployed in a secure and consistent manner.
Provide information security guidance and recommendations to various agencies; explain and articulate potential security risks.
Evaluate and verify the vulnerability and patch management processes across all platforms.
Identify and interpret vulnerabilities discovered during operational scanning activities.
Lead and facilitate the remediation process with, but not limited to, Operations and Application teams.
Organize penetration testing to arrange activities for both internal and external networks, analyze output, work with application owners to remediate weaknesses.
Complete a Security Architecture and Network Security Design review annually.
Keep current in Information Security trends, tools, and processes.
Operations Functions
Provide systems engineering of cloud and virtual infrastructure.
Administer entire WAN/LAN communications and all networking components.
Assume responsibility for the planning, configuration, installation, and maintenance of complex systems.
Confer with supervisors and representatives of departments and organizations concerned with network communications and computer system needs.
Define computer system and network communications strategies and advise leadership of need/implementation strategy.
Design, organize and implement computer systems and/or network communications and components.
Monitor, upgrade, and tune Operating Systems on a multitude of platforms.
Recommend changes to established processes, or development of new process required because of hardware, software, or networking technology changes.
Direct the planning and design of technical support systems.
Supervise the provision of hardware diagnostics and coordinate repairs.
Manage the installation and testing of personal computers, printers, configuration of operating systems, and other peripherals.
Peripheral Duties
Participate in meetings.
Participate as a member of various committees, as assigned.
Perform other duties, as assigned.
MINIMUM QUALIFICATIONS
Education and Experience
Bachelor’s Degree from a college or university in Information Technology or related field required*.
Five (5) years of increasingly responsible bona fide work experience in Information Technology required, which includes three (3) years’ experience in information security*.
Five (5) years of work experience supervising/managing paid subordinates required.
CISSP or CISM security certification preferred; security certification(s) are desirable (examples include Security+, GSEC, CEH, CISA, SSCP), but practical/field experience is rated highest.
*Approved education or work experience beyond that required which provides equivalent knowledge, skills, and abilities may be considered and substituted for the stated education.
Necessary Knowledge, Skills and Abilities
Extensive knowledge of industry security frameworks such as ISO and NIST.
Advanced knowledge of securing and use of various desktop, server, mobile operating systems.
Advanced knowledge of securing local area networks (LANs), wide area networks (WANs) and networking components.
Working knowledge of and ability to use a large variety of security tools.
Strong project management skills.
Well-developed communication skills.
Significant strategic planning and organizational skills.
Skill in and ability to direct, monitor, and oversee the activities of assigned personnel to ensure conformance with established policies and procedures.
Ability to exercise discretion and independent judgment.
Ability to conduct verbal presentations and training.
Ability to analyze complex problems and interpret technical information as well as draw logical conclusions and recommend alternative solutions.
Ability to apply problem solving methods and techniques to resolve organizational and interdepartmental issues.
Ability to process and maintain confidential and sensitive information and materials.
Ability to manage multiple and changing priorities, exercise considerable judgment, work under time constraints, and function during stressful situations.
Ability to prioritize work and carry out assigned projects to completion.
Ability to work under pressure and/or frequent interruptions.
Ability to perform tasks with attention to detail and a high degree of accuracy.
Ability to work independently and as part of a team.
Ability to strive for success.
Ability to understand and follow exacting verbal and written instructions.
Ability to communicate effectively, in English, both verbally and in writing and exchange information effectively in person, and via telephone, email, and other electronic means.
Ability to operate standard equipment including, but not limited to, multiline phone, computer, printer, scanner, copier, laptop/notebook, tablets, smart-phone, and fax, and operate department-specific software.
PHYSICAL DEMANDS AND WORKING CONDITIONS
The physical demands and work environment described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential tasks.
While performing the duties of this job, the employee is frequently required to sit/remain stationary, talk, and hear (i.e. communicate / exchange information), and operate/manipulate equipment (e.g. use hands to finger, handle, or feel objects, tools, or controls), reach, and change position. The employee is occasionally required to walk/move about, stand (i.e. remain upright), stoop, bend, kneel, crawl, climb stairs (i.e. position self). The employee must occasionally lift, maneuver, and/or move up to 30 pounds.
Required sensory abilities include vision and hearing. Visual abilities, correctable to normal ranges include close, distance, and color vision as well as depth perception and the ability to adjust focus. Communication abilities include the ability to exchange information within normal ranges.
Work is typically performed indoors in an office setting. Due to the nature of the position, duties may involve occasional exposure to moving parts and outside environment. Work hours may include evenings, early mornings, weekends, call-ins, holidays, and on-call assignments. Work may be fast paced when dealing with multiple priorities and time constraints. The noise level is typically moderate.