Job Description
Job Overview
Responsible for the performance of highly complex information technology security functions related to the design, installation, maintenance, auditing, investigation, and assessment of software applications, networks, and the County's enterprise level information systems. Responsible for managing the vendor vetting process, evaluating, and monitoring risk factors, and to proactively identify and implement security measures to prevent emerging vulnerabilities, utilizing a diverse array of tools and methodologies. Incumbent will use sound judgement to assess risk, conduct audits and inventories, collect and review data, collaborate with other technology divisions, and write reports to advise leadership.
Salary
$71,593 - $136,427
Benefits
Click HERE to view our Benefits at a glance
Core Competencies

• Customer Commitment - Proactively seeks to understand the needs of the customers and provide the highest standards of service.
• Dedication to Professionalism and Integrity - Demonstrates and promotes fair, honest, professional and ethical behaviors that establishes trust throughout the organization and with the public we serve.
• Organizational Excellence - Takes ownership for excellence through one's personal effectiveness and dedication to the continuous improvement of our operations.
• Success through Teamwork - Collaborates and builds partnerships through trust and the open exchange of diverse ideas and perspectives to achieve organizational goals.

Duties and Responsibilities
Note: The following duties are illustrative and not exhaustive. The omission of specific statements of duties does not exclude them from the position if the work is similar, related, or a logical assignment to the position. Depending on assigned area of responsibility, incumbents in the position may perform one or more of the activities described below.

• Exceptional analytical and problem-solving skills with meticulous attention to detail.
• Exceptional critical thinking and situational awareness skills to identify systemic security issues through vulnerability and configuration data analysis.
• Extensive knowledge of cybersecurity best practices, including familiarity with CIS Critical Controls, NIST Cybersecurity Framework (CSF), MITRE ATT&CK Framework, and CMMC.
• Ability to identify and assess the potential risks associated with third-party relationships and evaluate their impact on the organization's cybersecurity posture.
• Proficient in evaluating third-party vendors, including assessing their security protocols, compliance with regulations, and overall reliability.
• Capable of serving as a Cyber Security Subject Matter Expert (SME) for externally managed technology projects from various departments.
• Proficient communication skills to effectively collaborate with both technical and non-technical stakeholders.
• In-depth understanding of process engineering and continuous improvement methods.
• Strong expertise in industry-leading operating systems, cyber security tools, network protocols, and web application technologies.
• Hands-on experience in incident response and recovery, utilizing MITRE and security best-practice assessment methodologies.
• Skilled in creating workflow and process documents using Visio.
• Commitment to continuous learning to remain updated on emerging cybersecurity threats, vulnerabilities, and best practices.
• Demonstrates high personal integrity and the ability to handle confidential matters with sound judgment and professionalism.

Job Specifications

• Critical Thinking - Exceptional critical thinking and situational awareness skills to identify systemic security issues through vulnerability and configuration data analysis.
• Decision Making - Demonstrates high personal integrity and the ability to handle confidential matters with sound judgment and professionalism.
• Communication - Proficient communication skills to effectively collaborate with both technical and non-technical stakeholders. Skilled in creating workflow and process documents using Visio.
• Strategic Planning - In-depth understanding of process engineering and continuous improvement methods. Commitment to continuous learning to remain updated on emerging cybersecurity threats, vulnerabilities, and best practices.
• Managerial/Operational Skills - Ability to establish and maintain effective working relationships with others within and outside the organization and work collaboratively in a team environment.
• Leadership - Capable of serving as a Cyber Security Subject Matter Expert (SME) for externally managed technology projects from various departments.
• Analytical Ability - Exceptional analytical and problem-solving skills with meticulous attention to detail. Strong expertise in industry-leading operating systems, cyber security tools, network protocols, and web application technologies.
• Managing Complexity - Extensive knowledge of cybersecurity best practices, including familiarity with CIS Critical Controls, NIST Cybersecurity Framework (CSF), MITRE ATT&CK Framework, and CMMC.
• Ability to identify and assess the potential risks associated with third-party relationships and evaluate their impact on the organization's cybersecurity posture.
• Proficient in evaluating third-party vendors, including assessing their security protocols, compliance with regulations, and overall reliability.
• Other - Hands-on experience in incident response and recovery, utilizing MITRE and security best-practice assessment methodologies.

Physical Requirements

• Tasks involve the ability to exert light physical effort in sedentary to light work, but which may involve some lifting, carrying, pushing and/or pulling of objects and materials of light weight (5-10 pounds).
• Tasks may involve extended periods of time at a keyboard or workstation.
• Work is usually performed in an office environment.

Work Category

• Sedentary work - Exerting up to 10 pounds of force occasionally, and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Minimum Qualifications Required

• Bachelor's degree from an accredited college or university with a major in information technology or related cyber security field; AND
• Five years of experience in information security system administration and risk assessment within an enterprise environment, encompassing third-party risk, risk analysis, risk mitigation, and residual risk management
• Five years of experience in business analysis from a technological perspective, collaborating with stakeholders including procurement teams, and IT professionals to integrate security considerations into the purchasing process.
• Three years of experience leveraging industry-leading cybersecurity tools (SIEM, EDR, vulnerability scanning, and web application security) for comprehensive threat detection and mitigation.
• Possession of a valid State of Florida Driver's License may be required based on area of assignment.

Emergency Management Responsibilities
In the event of an emergency or disaster, an employee may be required to respond promptly to duties and responsibilities as assigned by the employee's department, the County's Office of Emergency Management, or County Administration. Such assignments may be for before, during or after the emergency/disaster.