Definition: Under general supervision of the IT Director/CIO, performs configuration, administration and maintenance duties for the Salt River Pima-Maricopa Indian Community (SRPMIC) Information Technology (IT) environments from a security perspective. Provide vision and leadership for developing and supporting cybersecurity initiatives. Assesses and implements effective cybersecurity measures and technology for the Community's current and future needs. This individual directs the planning and implementation of policies and systems in defense against security breaches and vulnerability issues in support of operations and systems. This individual is also responsible for auditing existing systems, while directing the administration of cybersecurity policies, activities, and standards. This individual will oversee operations of the enterprise's cybersecurity solutions through management of the organization's cybersecurity analysts.
 
The Cyber Security Manager is expected to interface with peers in the organization's departments and Infrastructure/Network departments as well as with the leaders of the tribal government departments to both share the government's cybersecurity vision with those individuals and to solicit their involvement in achieving higher levels of enterprise cybersecurity through information sharing and cooperation. This job class is treated as FLSA Exempt.
 

• Establishes staff personal development goals and objectives aligned with the skills necessary to ensure personal, departmental and Community success.
• Ensures cross functional training of staff to ensure that primary and secondary support personnel are properly trained to support division services.
• Assists with the routine supervision of assigned staff. Prioritizes and coordinates staff workflow and provides training and assistance as needed.
• Helps establish criteria for employee performance evaluations based on division and department goals and objectives.
• Helps prioritize and coordinate staff workflow and provides training and assistance as needed.
• Prepares Employee Performance Appraisal assigned employees for review by the Assistant IT Director and IT Director.
• Manages resources to fulfill division and departmental operational objectives.
• Provides leadership and promotes shared responsibility among the cybersecurity team and the extended security team.
• Provides senior leadership to the Cybersecurity Team staff and works closely with other IT divisions to establish and enforce IT standards. Evaluates and recommends best in class standards and processes. 
• Develop and communicate cybersecurity strategies and plans to the management team, staff, partners, customers, and stakeholders.

2.Cybersecurity Governance: Provides leadership to the organizations Cybersecurity boards responsible for framework of standards, processes and activities to ensure the Community is protected from cyber risks.

• Performs cyber risk assessments and completes analysis and recommendations
• Provide cybersecurity consultation services
• Provides cybersecurity training
• Works collaboratively with the Cybersecurity Compliance division to develop and maintain Cybersecurity policies.
• Ensures organizational adherence to cybersecurity audit standards. 

• Create and maintain the Community’s security architecture design. 
• Provides the expertise, leadership and ownership of the Community’s IT infrastructure and data security strategy and implementation planning.
• Provides expertise and makes recommendations regarding security architecture based on experience, independent research and industry knowledge.
• Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements. 

4. Cybersecurity Risk Program: Manages a risk assessment program.

• Provides reports to the IT Director/CIO and the senior leadership team.
• Review compliance with the information cybersecurity policy, controls, and associated procedures.
• Ensures new risks are identified and mitigated in a timely manner;
• Continuously monitors systems and addresses any incidents.
• Ensure the Community systems and users are in adherence to required cybersecurity standards and agreements made with other entities. 

• Provides direction and consulting to the Subject Matter Experts (SMEs) supporting infrastructure, applications and data systems.
• Performs cybersecurity reviews and guidance to infrastructure, applications, databases and desktop services staff for multiple IT/business projects.

• Develops and administers the Community’s cybersecurity awareness training programs.
• Provides cybersecurity education and awareness programs and training to the SRPMIC Government user community.
• Consults with businesses and IT to understand and agree on potential risks and agree on mitigation plans.
• Perform regular cybersecurity awareness training for all employees to ensure consistently high levels of compliance with enterprise cybersecurity commitments documented in agreements.
• Develop cybersecurity self-assessment tools and consultation on results.
• Responsible for cybersecurity training and monitoring for IT personnel for adherence to cybersecurity standards and protocols.

• Act as advocate and primary liaison for the company’s cybersecurity vision via regular written and in-person communications with the IT management team, departments’ leadership, and end users. 
• Work closely with IT Infrastructure and Enterprise Systems departments on corporate technology development to fully secure information, computer, network, and processing systems.
• Manage the administration of all computer security systems and their corresponding or associated software, including intrusion prevention/detection systems, DLP systems, SEIM systems and related systems/technologies. 
• Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
• Supervise all investigations into problematic activity and provide on-going communication with senior management. 
• Supervise the design and execution of vulnerability assessments, penetration tests and cybersecurity audits.
• Develop and audit firewall and anti-virus deployment policies. 
• Recommend and implement changes in cybersecurity policies and practices in accordance with changes in local or federal law. 
• Assess and communicate any and all cybersecurity risks associated with purchases or practices performed by the company. 
• Remain informed on trends and issues in the cybersecurity industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact. 
• Select and acquire additional cybersecurity solutions or enhancements to existing security solutions to improve overall enterprise cybersecurity as per the enterprise’s existing procurement processes.
• Meets Key Performance Indicators (KPI’s) for the security system program as required.

• Formulates plans to address security vulnerabilities documented in the penetration test report.

9. Investigations: Coordinatethe completion of approved investigation requests.

• Leads approved personnel and incident investigations.
• Train members of the investigations team from multiple IT disciplines.
• Ensure appropriate protocols and tools utilized to complete security reviews.
• Complete security findings reports.

10. Miscellaneous: Other IT job related tasks as required by the IT Assistant Director – Enterprise Architecture, Custom Development & Cyber Security, or IT Director/Chief Information Officer.

Knowledge, Skills, Abilities and Other Characteristics:

• Knowledge of the history, culture, laws, customs and traditions of the SRPMIC.
• Knowledge of IT security system configuration, administration and maintenance.
• Knowledge of up-to-date cybersecurity system architecture, technical cybersecurity standards and industry best practices.
• Strong technical knowledge of current network hardware, protocols, and standards
• Knowledge of testing and implementing security patches and version upgrades processes.
• Extensive knowledge in enterprise security architecture design and enterprise security document creation. 
• Knowledge of system firewall configuration and functionality.
• Knowledge of, and practical application experience with, network penetration testing.
• Knowledge of Control, Program and Risk Frameworks such as NIST, CIS Controls, ISO 27001, FEDRAMP or FAIR.
• Knowledge of SAS Controls and Audit procedures.
• Knowledge of the development and maintenance of an organizational Cybersecurity Plan.
• Knowledge of cybersecurity best practice standards.
• Knowledge of HIPPA and HIPPA HiTech compliance.
• Knowledge of PCI compliance.
• Working technical knowledge of Intrusion Prevention (IDP), Intrusion Detection (IDS) and Data Loss Prevention (DLP) technologies. 
• Knowledge and understanding of project management principles.
   
• The skill to learn and adapt to the Community needs, style and organizational expectations for conduct and responsiveness
• Digital leadership skills – capable of empowering and leading an IT team to meet business and IT security goals
• Solid people management skills – providing direction, monitoring performance, motivating staff and building a positive working environment
• Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
• Skill developing Requests for Proposals (RFP).
• Skill developing and writing procedures.
• Skill Monitoring and managing vendor performance.
• Skill providing and presenting cybersecurity education and awareness programs and training.
• Skill assessing the impact of new service requests on network security.
• Skill providing system security problem investigation, troubleshooting and problem resolution.
• Skill establishing and maintaining effective working relationships with peers, business partners, customers, vendors and supervisors.
• Skill with excellent verbal and written communication.
• Skill in conducting investigations and ensuring chain of custody.

• Ability to communicate to all levels of the organization from executives to technical staff.
• Ability to develop and enhance IT cybersecurity policies, procedures and best practices.
• Ability to provide leadership in developing, maintaining and improving the IT security architecture.
• Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
• Ability to manage a team on a daily basis.
• Ability to perform IT infrastructure planning and development.
• Ability to perform cybersecurity reviews and take proper, effective and timely corrective action.
• Ability to provide enterprise cybersecurity strategy, cybersecurity risk and data privacy information and education in a concise and comprehensible manner.
• Ability interpreting the applicability of local and federal laws/regulations as applies to secure company operations. In particular, experience with FedRamp and NIST 800 requirements. 
• Ability to utilize problem solving techniques, improvisation and creativity to accomplish goals.
• Ability to analyze data, draw logical conclusions and make sound decisions and recommendations.
• Ability to understand human resource management principles, practices, and procedures.
• Ability to work in a team environment.

• Education and Experience: A Bachelor’s degree from accredited college or university in Information Systems, Management Information Systems, Computer Science or a related discipline.

• Other combinations of experience and education that meet the minimum requirements may be substituted for a Bachelor’s degree.
• Seven (7) years of direct work experience in Infrastructure Security Management and IT Cybersecurity Industry Best Practices required.

• Seven (7) years full time experience demonstrating expertise performing the following tasks required:

1. Senior member on the executive team providing IT Network and Data Systems cybersecurity direction, planning and oversight.

2. Establishing the objectives and overseeing the implementation of a comprehensive corporate or government cybersecurity program.

3. Establish the objectives and overseeing the implementation of corporate or government data privacy policies and associated training/infrastructure to support privacy policies.

• One or more of the following certifications is preferred:

1. International Information Systems Security Certification Consortium(ISC)2Certifications
   1. Certified Information Systems Security Professional (CISSP) 
2. Certified Information Systems Auditor (CISA)
3. Certified Information Security Manager (CISM)
4. SANS Global Information Assurance Certifications (GIAC)
5. Information Systems Audit and Control Association (ISACA)

• May be required to work outside normal business hours including nights, weekends and holidays. All applicants applying for jobs will be subject to Pre-Employment Drug Test and extensive Fingerprint and Background Check. In addition, all employees providing services to a campus with children will be subject to the “Community Code of Ordinances”, Chapter 11 “Minors”, Article X. “Investigation of Persons Working with Children”, random drug testing and completion of a background check every five (5) years.

Prior to hire as an employee, applicants will be subject to drug and alcohol testing. Will be required to pass a pre-employment background/fingerprint check. 

"SRPMIC is an Equal Opportunity/Affirmative Action Employer" Preference will be given to a qualified: Community Member Veteran, Community Member, Spouse of Community Member, qualified Native American, and then other qualified candidate.

In order to obtain preference, the following is required: 1) Qualified Community Member Veteran (DD-214) will be required at the time of application submission 2) Qualified Community Member (must provide Tribal I.D at time of application submission),3) Spouse of a Community Member (Marriage License/certificate and spouse Tribal ID or CIB is required at time of application submission), and 4) Native American (Tribal ID or CIB required at time of application submission).

Documents may be submitted by one of the following methods: 

1) attach to application

2) fax (480) 362-5860

3) mail or hand deliver to Human Resources.

Documentation must be received by position closing date. 

The IHS/BIA Form-4432 is not accepted. 

Your Tribal ID/CIB must be submitted to HR-Recruitment-Two Waters.