Information Technology Security Administrator

Education: A bachelor’s degree from an accredited institution of higher education in a technical field. [Work experience can be considered in lieu of a degree]

Preferred Certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) and/or other related professional designation(s).

Experience:

• 5 years of experience in administering security controls - 2 years of experience in project and change management - 2 years of experience in networking, database design, programming and scripting, or server administration.
• Proven experience managing IT compliance within regulated environments
• Extensive background in monitoring system logs, managing threat intelligence, and responding to real-time security alerts.
• Hands-on experience coordinating enterprise-wide security patching and managing threat/vulnerability assessment tools.
• Demonstrated ability to assist in the containment and resolution of security breaches and technical gaps.
• Practical experience with security platforms such as Proofpoint, Checkpoint, eSet, and Active Administrator.
• Experience collaborating with stakeholders to identify and prioritize process improvements based on organizational risk.
• Proficiency in mapping data flows, maintaining application metadata inventories, and monitoring critical vendor security.
• Ability to interpret complex security data to produce automated reports and high-level metrics for agency leadership.

Responsibilities:

• Provide gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions to the agency.
• Assist in establishing, documenting, and managing processes and supporting tools used to accomplish information technology (IT) compliance with regulatory and best practice security and compliance frameworks (e.g., Criminal Justice Information Services (CJIS), Statement on Standards for Attestation Engagements no. 16 (SSAE 16), International Organization for Standardization (ISO 27001)).
• Work with agency and information technology (IT) owners to establish priorities for process improvements to remediate or mitigate risk.
• Execute problem determination and resolution for security gaps.
• Assist agency functions in the event of incidents or breaches.
• Train and assist security administration functions when necessary.
• Interact with other IT staff/agency personnel in meetings to enhance the understanding security issues and discuss solutions.
• Assist with IT asset security control coverage and metrics reporting regarding security and compliance data using existing tools as appropriate.
• Assist with threat and vulnerability management processes and tools.
• Review and respond to all system logs, alerts, and notifications from agency systems.
• Monitor and verify that all Sheriff’s Office systems receive security patches and updates in a timely manner.
• Conduct periodic security assessments and tests to develop action items.
• Monitor and respond to cybersecurity intelligence and alerts from a variety of sources.
• Prepare automated and ad hoc reports and/or interpret data from various security sources (e.g., eSet, Proofpoint, Checkpoint, Active Administrator).
• Assist with application meta-data inventory, mapping, and the development of data flow process documentation.
• Assist in monitoring critical vendors.
• Promote activities to foster information security awareness within the organization.