Information Technology Section Manager - IT Cybersecurity Officer

Major Functions

Illustrative Duties

• Manages a service area including personnel (staffing, discipline, hiring, evaluations, and schedules); budget, goals and priorities; purchasing, etc.
• Develops and maintains curricula and training records to enhance staff effectiveness through education programs, seminars, cross training, and classes.
• Participates in developing, implementing, reviewing, and updating Information Technology's overall strategic and tactical plans, goals, priorities, and missions.
• Develops and provides strategic, tactical, and operational plans for section.
• Plans, organizes, coordinates, and directs the analysis, procurement, implementation and support of computer systems and services.
• Develops bid specifications, RFQs, RFPs, and the criteria to evaluate vendor proposals for new products and services.
• Oversees vendor selection.
• Serves as a liaison between county and outside communications, software, and computer hardware vendors.

• Ensures proper functioning of the county's computer systems and keeps hardware and software systems updated to meet organizational needs.
• Establishes operating service levels and ensures schedules are met and quality of service achieved.
• Coordinates activities with other IT section managers to provide consistent and efficient level of service to the County as a whole or to the various departments.
• Develops, recommends, and maintains software and hardware standards, guidelines, and procedures for section, division, and county.
• Designs, plans, and manages complex and specialized technology and non-technology projects to include funding, staffing, resources, and project plans.
• Remains current on changes in technologies, current trends, and developments in the industry relative to section.
• Reviews and evaluates new and existing information systems and services; provides analysis to ensure operational and maintenance effectiveness, timeliness and level of benefit.
• Analyzes present and future technology needs and issues for county departments; prepares recommendations and specifications accordingly.
• Reviews solutions on how best to use information technology to solve business problems.
• Compiles, analyzes, and summarizes information from various sources; prepares reports on applicability of information to the county and makes recommendations.

• Develops and recommends section budgets and participates in development of the overall division budget; manages and monitors approved section budget.
• Establishes and maintains section processes for compliance with division and countywide fixed asset tracking requirements.
• Develops and manages relationships between the County and outside agencies.
• Meets with county staff, senior management, officials, and the public to explain various projects and work programs and to report on progress and issues.
• Represents the County on behalf of Information Technology in negotiations or other official functions.
• May be assigned to other county locations based upon operational needs.
• Attends work on a regular and consistent basis.
• Must adhere to Federal, State, County and Local ordinances.
• Responds to emergency situations.
• Performs other duties as assigned.

• Collaborates with other IT section managers and senior management to integrate security considerations into all aspects of IT operations, including application support, infrastructure management, and project planning. Provides guidance and oversight to all IT staff on the implementation and management of security controls.
• Designs, implements, maintains, and monitors various cybersecurity controls including threat detection and response systems, endpoint and extended detection and response (EDR and XDR) solutions, and identity and access management (IAM) solutions.
• Develops and implements cybersecurity policies, procedures, and standards to protect county systems and ensure compliance with relevant laws, regulations, and standards.
• Monitors and triages cybersecurity incidents and directs the incident response team throughout the response and recovery efforts.
• Designs, implements, and maintains access controls for users and systems, including multi-factor authentication and virtual private network (VPN) access.
• Conducts cybersecurity audits, risk assessments, and vulnerability testing to evaluate the effectiveness of security controls and identify potential security threats and weaknesses in the IT infrastructure and applications. Manages IT staff and resources to mitigate all identified deficiencies.
• Develops, administers, and facilitates a countywide employee cyber-security awareness training and testing program.

Minimum Requirements

Knowledge, Skills & Abilities

General

• Knowledge of administrative procedures, such as budgeting, hiring, and supervision.
• Knowledge of effective supervisory and management practices and procedures.
• Knowledge of systems analysis and information processing.
• Knowledge of the operating characteristics, capabilities, and limitations of computing systems and related equipment for large, multi-platform sites.
• Knowledge of the complexities of a full-service Information Technology operation.
• Knowledge of computer system evaluation, selection, and implementation practices.
• Knowledge of principles, practices, terminology, and trends in information technology services.
• Skilled in administering and managing multiple technical programs and projects simultaneously.
• Skilled in conducting needs assessments.
• Skilled in technical supervision and training of subordinate staff.
• Skilled in developing and implementing operational processes and work plans to ensure the delivery of secure and reliable information technology services.
• Skilled in addressing operational issues quickly and effectively.
• Ability to lead teams of people from different organizations as required to accomplish specific goals and overcome operational problems.
• Ability to establish and control workflow of projects through completion.
• Ability to plan, coordinate and direct activities of a group of employees with a wide range of occupational skills.
• Ability to develop and maintain procedures and policies.
• Ability to interpret and communicate user's needs and requests.
• Ability to set differing priorities in the establishment and adjustment of time schedules.
• Ability to work under, and adjust to, time constraints and strict schedules.
• Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, agreement, contracts, or government regulations.
• Ability to write reports, business correspondence and procedure manuals.

• Ability to respond to emergency situations.
• Ability to communicate effectively both orally and in writing.
• Ability to establish and maintain effective working relationships.
• Ability to work under stressful conditions.
• Must be able to relocate to other county locations based upon operational needs.

• Knowledge of cybersecurity frameworks, principles, strategies, and best practices including the National Institute of Standards and Technology (NIST) Cybersecurity framework and the Center for Internet Security (CIS) Controls Framework.
• Knowledge of cybersecurity standards, laws, and regulations.
• Knowledge of various cybersecurity technologies and tools such as next-generation firewalls, threat detection and response systems, endpoint and extended detection and response (EDR and XDR) solutions, and identity and access management (IAM) solutions.
• Knowledge of common cybersecurity threats, vulnerabilities, and attack vectors.
• Knowledge of risk management and business continuity planning.
• Skilled in providing guidance and oversight to IT staff on the implementation and management of cybersecurity controls.
• Skilled in triaging cybersecurity incidents and directing an incident response team.
• Skilled in conducting cybersecurity assessments, audits, and investigations.
• Skilled in managing and responding to cybersecurity incidents and breaches.
• Ability to serve as the County’s Information Technology Security Officer responsible for establishing and evaluating countywide cybersecurity strategies.
• Ability to think strategically and align cybersecurity initiatives with organizational goals.
• Ability to adapt to evolving cybersecurity threats and technologies.
• Ability to effectively communicate complex cybersecurity concepts to technical and non-technical audiences.

Physical Demands: Sedentary work. Ability to see, talk, finger dexterity. Ability to bend, stoop, and reach. Ability to push, pull and/or carry up to 40 pounds. Visual acuity (depth perception and peripheral vision) necessary to operate a motorized vehicle.