Information Security Specialist

Position overview / Statement of Work

The OIT Information Security Group is recruiting an experienced Information Security Specialist to support the City s current efforts to improve its Cyber Security maturity. The Information Security Specialist should be able to work across a number of key areas of information security to enhance the City s enterprise security program. The Information Security Specialist will be familiar with industry standards and best practices for enterprise security programs in areas including incident response, security risk review, and validation and testing of controls. They will be able to perform independently and in close collaboration with other members of the Information Security Group and key stakeholders.

Work activities:

• Contribute to the City s cybersecurity maturity efforts through aligning the City s information security program activities with industry standards.
  
• Contribute to the development of an enhanced incident response program including response to escalations from SOC, incident investigation, tracking and reporting.
  
• Perform industry standard security risk reviews and validate, test, and report on the effectiveness of information security controls
  
• Perform technical testing including infrastructure, system and application vulnerability testing and penetration testing and produce clear reports on vulnerabilities and risks
  
• Lead or contribute to vulnerability management program
  
• Communicate effectively with stakeholders on key security initiatives
  
• Lead security awareness training initiatives including phishing simulations
  
• Manage and administrate security tools operated by the Information Security Group
  
• Produce effective reporting to management and stakeholders on security risks
  
• Stay up to date on industry trends and emerging threat landscape
  
• Other security duties as assigned
  

Skills/experience of the assigned staff:

• Bachelors s or Master s degree in Computer Science, Cybersecurity or a related field (for example Information Science, Information Security) OR a relevant industry certification such as CISA, CGEIT, CISM, CISSP, or CEH.
  
• Familiarity with NIST policy and control frameworks, particularly NIST Risk Management Framework and NIST Cyber Security Framework
  
• At least 2-3 years of experience working in an Information Security, IT Risk, or Cybersecurity Role
  
• Experience with Rapid 7 suite of vulnerability management tools or equivalent and experience performing vulnerability testing
  
• The candidate should have a strong working knowledge of enterprise security principles and best practices. Strong understanding of security risks in Windows enterprise environments
  
• Ability to pass a CJIS background check
  

Highly Desired/Preferred:

• Experience in HIPAA, CJIS or other highly regulated environments
  
• 3-5 Experience in a security role in government and/or large enterprise environments
  
• Strong understanding of security controls and risks in AWS and Azure Cloud Environments
  

About Us:

Requirements