Job Summary
Implement, monitor, and maintain Salt Lake County’s enterprise-wide Information Technology (IT) security programs which are designed to protect the confidentiality, integrity, and availability of all County systems and resources, including but not limited to voice, data, network, applications, and computer infrastructure, and their associated information assets.
Minimum Qualifications
Bachelor’s degree from an accredited college or university in Information Technology or a closely related field, plus 1 year of related experience; OR an equivalent combination of five (5) years of related education and experience.
Professional certifications related to information security or computer networking are preferred.
Essential Functions
- Be able to work independently or as part of a larger security team.
- Act in an advisory role to other teams both internal to IT and throughout the county.
- Stays current with technical knowledge in information systems, security and privacy technologies, best practices, and use of appropriate security controls and methods
- Deploys, as instructed, the Information Security plans and short-term and long-term strategies for the IT organization and the County.
- Deploys and integrates IT security and privacy-related programs designed to protect the County’s systems, applications, and data.
- Identifies and communicates security issues and their impact on the IT organization and the County and assists with executing successful solutions while tracking and achieving measurable results.
- Complies with and promotes all IT security policies, processes, procedures, and best practices. Establishes and maintains positive business relationships with users countywide to actively market and educate them on the importance of security cooperation and compliance.
- Designs, develops, implements, and monitors information security systems and controls.
- Documents processes and monitors systems that report on the effectiveness of systems and controls necessary to protect the County’s information technology systems, assets, and interests.
- Monitors compliance with the organization's information security policies and procedures among employees, contractors, partners, and other third parties and resolves potential issues as needed. Assists with information security risk assessments and serve as information security subject matter expert to countywide customers.
- Responds, as directed, to information security incidents and follow up to ensure that proper protection and corrective measures have been taken.
- Participates, as instructed, in forensics investigations and audits as required.
- Implements, as instructed, security controls for systems that accept payment card data.
- Implements, as instructed, the County’s cloud security strategy to protect County IT systems and data in PaaS, SaaS, and IaaS environments.
- Embraces managed security service options as they are considered.
- Maintains required certifications as specified by the Information Security Officer
Knowledge, Skills And Abilities (ksa)
Knowledge of
- Security concepts, principles, and best practices for voice and data networks; applications and architecture; design and testing; hosting and cloud-based services; Internet/Intranet technology and mobile devices.
- Information security architecture, technologies, tools, practices, and controls.
- Operations, services, concepts, terms, and activities common to a comprehensive, state-of-the-art information systems security program and current regulatory requirements.
- Current and emerging security technologies including by not limited to Firewalls, Remote Access Methods, Email Security, Encryption Methods, Vulnerability Management, Traffic Management, Security Event Information Management, Endpoint Detection and Response, Identity and Access Management.
- Understanding PCI-DSS, HIPAA, and CJIS compliance requirements and how to protect PII.
- Methods and techniques for evaluating information security and developing appropriate resolutions.
Skills and Abilities to
- Communicate effectively both verbally and in writing.
- Think logically and systematically; solve complex problems; apply general principles to specific conditions effectively.
- Facilitate projects and meetings as assigned, comfortable working with all levels of the organization.
- Analyze business and technical processes and determine ways of making them more efficient.
- Remain calm under stress and can quickly adjust, evolve and multi-task between several competing priorities at once.
- Maintain confidentiality and professionalism.