IT Cyber Security Manager

IT Cybersecurity Manager

Definition

This role is responsible for developing implementing and managing the Town of Arlingtons comprehensive cybersecurity strategy and framework. This includes risk assessments security policies incident response plans and compliance measures. This position proactively identifies mitigates and monitor cyber threats ensuring the protection of sensitive data and systems across Town and Schools and reduction of overall risk.

Supervision

Works under the direction of the Chief Information Officer. Makes IT policy recommendations to the CIO.

Performs highly technical and responsible duties requiring independent thought extensive judgment and initiative in planning for managing maintaining and supporting the use of information technology throughout the Town and Schools.

Supervisory Responsibilities

No direct reports. Manages vendors and consultants. Coordinates activities with other senior IT managers and teams internally and across departments to ensure consistency in goals policies technical and administrative procedures and management direction.

Work Environment

Work is performed under typical office conditions for an office directly involved with Information Technology. Regularly travels from building to building to perform job functions. Regularly works outside of normal working hours and is on call on evenings and weekends to respond to after-hours emergencies. Evening meetings and meetings outside normal working hours with elected and appointed boards is necessary in order to work out priorities and finalize objectives.

Has regular daily contact with personnel and offices throughout the Town and Schools in answering questions solving problems providing training implementing and supporting applications from vendors and developing implementing and supporting Town and School applications.

Has access to extensive confidential information throughout the Town government.

Errors in administration and judgment could significantly affect the municipalitys ability to deliver services could have financial and legal repercussions and could result in deterioration in public relations and confidence.

Essential Duties and Responsibilities

The essential functions or duties listed below are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar related or a logical assignment to the position.

• Advise Chief Information Officer on risk levels and security posture.
• Monitor for possible security violations and take appropriate action to respond to incidents (going through alerts and logs in order to monitor Town and Schools digital footprint).
• Manager the Town and Schools cyber security and incident response program. Responsible for protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Provide after action reports (identify lessons learned and recommend improvement) for cyber incidents to Chief Information Officer Town Manager and Superintendent of Schools.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Evaluate and evolve end point detection internal scanning and email security programs and best practices.
• Oversee the information security training and awareness program.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Collaborate with other departments to identify practices and procedures for new and existing services that align with Arlingtons cybersecurity program.
• Identify security requirements specific to an information technology system in all phases of the system life cycle.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments audits inspections etc.
• Collect and maintain data needed for reporting analyze patterns and trends and produce dashboards for internal and external consumption.
• Lead cybersecurity inspections tests and reviews for the network environment.
• Identify information technology security program implications of new technologies or technology upgrades.
• Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• Prepare distribute and maintain plans instructions guidance and standard operating procedures concerning the security of application and network system operations.

Minimum Qualifications

Required Education and Experience

Bachelors degree in Information Systems or related field; CompTIA Security and CISSP or 15 years in IT security and operations in lieu of education/certifications. Experience in municipal and government systems and workflows a plus.

Core Competencies

• Business Continuity
• Computer Network Defense
• Database Administration
• Encryption
• Enterprise Architecture
• Information Systems/Network Security
• Information Technology Assessment
• Network Management
• Operating Systems
• Policy Management
• Risk Management
• Technology Awareness
• Threat Analysis
• Vulnerabilities Assessment

Knowledge and Skills

• Knowledge of data backup and recovery.
• Knowledge of business continuity and disaster recovery continuity of operations plans.
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Knowledge of controls related to the use processing storage and transmission of data.
• Knowledge of encryption algorithms.
• Knowledge of network security architecture concepts including topology protocols components and principles.
• Knowledge of laws policies procedures or governance relevant to cybersecurity for critical infrastructures.
• Knowledge of network traffic analysis methods.
• Knowledge of network systems management principles models methods (e.g. end-to-end systems performance monitoring) and tools.
• Knowledge of server and client operating systems.
• Skill in creating policies that reflect system security objectives.
• Knowledge of new and emerging information technology and cybersecurity technologies.
• Knowledge of current and emerging threats/threat vectors.
• Knowledge of vulnerability information dissemination sources (e.g. alerts advisories errata and bulletins).
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of what constitutes a network attack and a network attacks relationship to both threats and vulnerabilities.
• Knowledge of penetration testing principles tools and techniques.
• Strong ability to communicate with staff of varying technical abilities.
• Strong technical analytical and problem-solving skills as well as good written and oral communications skills.
• Ability to communicate and disseminate information within the organization as appropriate.
• Ability to work on multiple assignments; be an effective collaborator exercise good judgment in decision-making and discretion with the routine access to confidential information; meet deadlines work independently demonstrate an attention to detail and be flexible.
• Self-starter with ability to work independently as a leader of a team and as a member of a team.

Physical Requirements

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Moderate physical effort is generally required to perform duties. The employee is frequently required to operate equipment walk stand sit speak and hear lift reach balance crouch crawl and stoop. Tasks may involve extended periods of time at a keyboard or workstation. Must be able to communicate verbally. Light lifting and carrying of work materials including files microcomputers and peripheral equipment or other items weighting between 15-20 pounds.

Position requires the ability to operate a keyboard for extended periods of time. Position requires the ability to view computer screens for an extended period of time. Position requires the ability to walk around to access Town offices on a regular basis including traversing flights of stairs in various buildings. Position requires fully correctable close vision color vision and depth perception.

Additional Requirements

Valid drivers license

This job description does not constitute an employment agreement between the employer and employee and is subject to change by the employer as the needs of the employer and requirements of the job change.

The Arlington Public Schools are committed to creating an inclusive and safe learning and working environment that reflects a diversity of perspectives values and experiences. We welcome staff who are aware of the role that bias and prejudice play in society are creative and willing to try new approaches and are reflective about their daily practice. We are looking for candidates who welcome a challenge are eager to collaborate and contribute to the success of students are ready to engage in two-way partnership with families and who will contribute their diverse talents to the organization as a whole.

Required Experience:

Manager