Information Security Specialist

FRANKLIN COUNTY VACANCY ANNOUNCEMENT

Applications must be submitted to the Franklin County Personnel Office if applying for this position. Applying online through really is not sufficient.

Applications are available at https://www.franklincountyny.gov/departments/administrative/personnel_self-insurance_office/index.php

Please submit applications to:

Franklin County Personnel Department
355 W. Main Street, Suite 311
Malone, NY 12953

Last Date To File: Open until filled.

Application to this vacancy does not serve as application for the title’s civil service exam.
If Civil Service exam is announced at the same time, you will need to apply separately.

If a candidate has previously held this title permanently in a competitive status and wishes to ask for reinstatement, contact the Personnel Department for instructions.

Franklin County residency is required.

*Provisional Appointment Pending Civil Service Exam to be announced at a later date*

Title: Information Security Specialist

Department: Franklin County Data Processing

Base Salary or Hourly:

$55,808-2025

$57,762-2026

Minimum Qualifications:

On or before the date of the exam or appointment, to be eligible, applicants must meet the following minimum qualifications:

(Copy of college transcript (unofficial is accepted) must accompany completed application)

A) Graduation from a regionally accredited or New York State registered college or university with a Bachelor’s degree in cybersecurity, information assurance, informational technology, or a related field with a minimum of 15 college credit hours of cybersecurity coursework* and one and a half (1½) years of paid technological information security experience; or

B) Graduation from a regionally accredited or New York State registered college or university with an Associate’s degree in cybersecurity, information assurance, informational technology, or a related field with a minimum of 9 college credit hours of cybersecurity coursework* and three (3) years of paid technological information security experience.

*Certification in Security or an equivalent cybersecurity training certificate may be substituted for the college credit hours.

(If you are using a Security or equivalent cybersecurity training certificate to meet the qualification requirements in place of college credit hours, please include a copy of the certificate with your completed application.)

Anticipated Eligibility – Age & Educational Requirements

Per amendment to Civil Service Law, Section 54, which became effective 9/4/24, applicants who are within 12 months of meeting the minimum age or attaining the minimum educational requirements following the date of examination, may take the civil service exam, but will be restricted from canvass and/or certification until such time that the minimum age or educational requirements are met. Proof of educational requirements must be submitted prior to the restriction being removed.

Special Note: Education: Your degree must have been awarded by a college or university accredited by a regional, national, or specialized agency recognized as an accrediting agency by the U.S. Department of Education/U.S. Secretary of Education. If your degree was awarded by an educational institution outside the United States and its territories, you must provide independent verification of equivalency. A list of acceptable companies who provide this service can be found on the Internet at http://www.cs.ny.gov/jobseeker/degrees.cfm. You must pay the required evaluation fee.

If applicable: 1Salary/Hourly will follow the relative collective bargaining agreement/contract.

TYPICAL WORK ACTIVITIES: (Illustrative only)

Implements information security and compliance programs:

Participates in the development, interpretation, review and communication of information security policies, procedures and standards;

Monitors information security compliance and recommends improvements;

Supports the implementation of information security procedures and protocols and participates in security risk reviews and remediation activity including producing written reports;

Works with internal departments and external partners on information security issues;

Plans and conducts outreach programs and activities to increase cybersecurity awareness;

Assists in developing business continuity and disaster recovery documentation;

Tracks and reports out on all security related project portfolio tasks;

Administers or verifies training to agency employees, contractors, and third parties, as appropriate, on their responsibilities to protect the County’s IT and information assets;

Develops and champions information security awareness activities.

Supports the management and resolution of security threats to agency information systems:

Participates in information security risk analysis and risk management processes with business and IT units;

Performs vulnerability scanning and analysis to help determine scope of risk and prioritization of remediation;

Collects and maintains risk register, including reporting and tracking of remediation;

Monitors external data sources to maintain currency of threat condition and potential impact on enterprise;

Participates in the identification and modeling of new threat scenarios to provide proactive defensive measures to technical teams for mitigation of risk;

Disseminates threat and vulnerability intelligence products;

Characterizes and analyzes network traffic to identify anomalous activity and potential threats to network resources;

Participates in the continuous monitoring and protection of technology resources and determines events that require investigation and response.

Participates in cyber incident response:

Supports the implementation and improvement of information security incident response plans and reports;

Participates in the investigation of alleged information security violations, following established procedures for referring the investigation to other investigatory entities (e.g., law enforcement, and State and federal oversight agencies), and responds to requests for information from external investigators;

Performs analysis (e.g., logs, packet capture, reverse engineering) during cyber investigations to establish root cause and provides remediation recommendations. Collects, seizes, handles and analyzes digital evidence, identifies elements discovered during investigations for their potential use as evidence in criminal or other investigations, and produces forensic reports with findings documented;

Serves as information security expert and evaluates systems and contracts for alignment with County’s information security policies:

Reviews relevant contract, service level agreement, memorandum of understanding language and other documents to verify that they meet information security needs and requirements and align with the County’s information security policies;

Provides information security expertise, advice and recommendations to County administration on a broad range of information security matters;

Monitors information security trends, tools and techniques: Keeps abreast of relevant laws and regulations that could affect the security controls and classification of information assets and communicates legal and regulatory requirements;

Researches, administers and utilizes specialized cybersecurity tools, techniques, and procedures; May represent the department at internal and external information security meetings and conferences to maintain awareness and evaluates the applicability of the latest information security techniques and tools to the County's security program;

Participates in creation and maintenance of dashboard and reports that present information security data in an intuitive manner. May perform other duties related to the IT department’s services.

Pay: From $55,808.00 per year

Benefits:

• Dental insurance
• Employee assistance program
• Health insurance
• Paid time off
• Parental leave
• Retirement plan
• Vision insurance

Work Location: In person

Salary : $55,808