Works under the direction of the Systems Security Officer to execute, monitor, and assess the Shelby County Government (SCG) Information Security Program. Acts in a lead capacity to plan, research, specify, engineer, and implement highly complex security solutions. Administers and maintains systems critical to the function of the Information Security Program and develops procedures and policies for implemented solutions. Responsible for carrying out comprehensive security processes, risk assessments, and assessments of third-party vendors, and works with groups inside and outside of SCG to ensure the successful operation of the Information Security Program.

Pay Grade: 57
Salary Commensurate with Experience and Education

1. Five (5) years of cybersecurity/compliance experience, including three years of cybersecurity experience within a medium to large organization; AND

2. Bachelor’s degree from an accredited college or university in cybersecurity, computer science, or a closely related field; OR

3. An equivalent combination of related experience and/or training.

4. Security credentials such as ISC2 CISSP, ISC2 CCSP, ISACA CISA, ISACA CISM, or a closely related certifications preferred.

5. PROOF OF EDUCATION, TRAINING, AND/OR EXPERIENCE IS REQUIRED.

1. Leads proactive threat-hunting initiatives using advanced security tools and methodologies, while overseeing daily monitoring of system audit log feeds.

2. Manages the generation and analysis of detailed incident reports, threat analysis reports, and compliance status reports to facilitate strategic decision-making and risk management.

3. Oversees the processing of security office requests, including user access requests, access control changes, and responses to security advisories, ensuring timely and efficient resolution of security concerns.

4. Develops and oversees the organization's cybersecurity training program, tailored to different roles and departments, ensuring its effectiveness, relevance, and compliance with industry standards.

5. Leads the management of security incidents using the approved IT incident response solution, coordinating remediation efforts across IT sections, and enhancing incident response plans through regular tabletop exercises and risk assessment updates.

6. Creates, updates, and maintains comprehensive cybersecurity incident response playbooks, outlining steps for identifying, analyzing, and responding to security incidents effectively.

7. Provides leadership in supporting IT Application Services by conducting security quality assurance reviews, vulnerability scans, and collaborating with DevOps and Applications Services to integrate secure coding practices into the development lifecycle.

8. Adheres to new security technology developments relevant to business and IT requirements, leads the evaluation and recommendation of security solutions, and oversees pilot tests to enhance the organizational security posture.

9. Leads the development, deployment, and regular update of IT security policies and procedures, ensuring alignment with current best practices, legal requirements, and compliance standards.

10. Demonstrates strong interpersonal and communication skills to foster collaboration with management, peers, customers, and non-IT departments, promoting a culture of security awareness and cooperation across the organization.

11. Exemplifies a strong passion for information technology and cybersecurity, driving continuous exploration, learning, and adoption of new technologies and security practices within the team and organization.

12. Upholds strict adherence to ethical guidelines and legal requirements in all cybersecurity activities, including compliance with privacy laws, data protection regulations, and ethical hacking standards.

13. Provides leadership and mentorship to junior security analysts, fostering their professional growth and development within the team and organization.

14. Performs other related duties as assigned or directed.

1. Advanced knowledge of cybersecurity principles, including risk management, threat modeling, security architectures, and incident response strategies.

2. Proficiency knowledge in key legal and regulatory requirements such as HIPAA, PCI-DSS, and frameworks like ITIL, NIST CSF, and CIS Controls, and zero trust for compliance efforts.

3. Proficiency knowledge of a broad spectrum of advanced security technologies and tools, including SIEM, firewalls, IDS/IPS, DLP, endpoint protection, privileged access management, and threat intelligence platforms.

4. Advanced knowledge of critical IT infrastructure technologies, including virtualization, server architectures, containerization, and network infrastructure for secure implementations.

5. Proficiency knowledge in secure coding practices, understanding common application security vulnerabilities (OWASP Top 10), and guiding development teams to mitigate risks.

6. Ability to identify, analyze, and resolve complex security threats and vulnerabilities, providing strategic direction for incident response.

7. Skilled in communicating complex security concepts to non-technical audiences, fostering collaboration across departments, and providing strategic guidance to senior management.

8. Ability to drive innovation and proactive approaches to emerging security challenges.

9. Ability to lead enterprise-sized cybersecurity projects from inception to completion.