(Illustrative Only) Protects information technology assets (i.e., hardware, software, data, etc.) by executing and enforcing system access controls, policies and procedures; monitors and audits IT systems to ensure authorized access occurs and any unauthorized access attempts are detected; based on severity level within established procedural guidelines immediately revoking access; reporting the violations and recommending corrective actions to management; monitors and analyzes IT systems for unusual behavior or breaches; Responds to security incidents; performs security audits and report status to management; works with various information technology divisions to ensure network security devices and measures exist and function correctly; performs security monitoring, testing, prevention, and recommend remediation activities across the environment taking a proactive approach to mitigate risks; provides reports, audits and monitors internet usage compliance and reports violations of County policy; works with networking, applications, desktop and geospatial information systems personnel to analyze, audit, and mitigate any risks; this includes compiling formal networking and security reports to present to Information Technology (IT) management as requested; develops and administers information security and risk management awareness training programs for all employees, contractors and approved system users; develops a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection; ensures that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings; develops, implements, tests, documents, evaluates, and modifies IT Compliance controls (i.e., Data Loss Prevention, Mobile Data Management, Encryption, etc.) for all Information Technology Resources; works with stakeholders to ensure IT Security and Compliance deliverables are achieved; evaluates and assists in the selection of new technologies in related IT security and compliance; assists with Request for Proposals (RFP) development, proposal evaluations, vendor negotiations, and contract management; prepares and conducts information security risk assessments, forensic, and security policy violation; investigations and recommends corrective action; maintains absolute confidentiality of work-related issues and County information; provides on-call services as predetermined by the agency head; regular and reliable attendance is required; perform other duties as required or assigned.

Sixty (60) semester hours of post high school coursework from an accredited college or university in computer science, management information systems, or closely related field; AND Three (3) years progressively responsible experience in an enterprise information technology security environment; functioning knowledge of Cisco, Mitel, Microsoft, Linux, VMWare, and ITIL Foundation. Working knowledge of security fundamentals in an enterprise environment. Operational knowledge of Microsoft Active Directory and Outlook e-mail (Exchange); OR an equivalent combination of education and experience.

Knowledge of: County policies and procedures; enterprise level computer hardware and software use, installation, and configuration; principles and practices of IT Security and IT Compliance Standards; information security management framework and processes based on ISO27001/ISO27002 standards and the NIST Cybersecurity Framework; risk-based process model creation for vendor risk management, analysis including the assessment and mitigation of risks that may result from collaboration with partners, consultants and other service providers; hardware and software used in a converged voice/data network; network security principles and IT security best practices is important; familiarity with server virtualization technology; development, implementation and monitoring of strategic, and comprehensive enterprise information security program objectives to ensure the integrity, confidentiality and availability of information that is owned, controlled or processed by the organization.