INFORMATION SECURITY MANAGER
DISTINGUISHING FEATURES OF THE CLASS
The Information Security manager is responsible to ensure the security, confidentiality, integrity and availability of electronic information, both at rest and in transmission. This is accomplished by creating, maintaining and enforcing appropriate security policies and procedures; communicating and mitigating identified risks; developing and administering security educational strategies; and evaluating, recommending and deploying security software and hardware. Work is performed under general supervision of an administrative superior with a considerable amount of latitude for exercising independent judgment. Does related work as required.
TYPICAL WORK ACTIVITIES
Leads in the development and enforcement of information security policies, procedures and standards.
Identifies, recommends and plans security software/hardware implementation and enhancements.
Coordinates and is responsible for the implementation of security systems, including enhancement of already implemented systems and processes.
Maintains technical proficiency in current and new releases of security software.
Maintains appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and/or transmitted data.
Ensures protections are in place, such as intrusion detection and prevention systems, firewalls etc.
Consults with users, management, vendors and technicians to assess computing needs and system requirements as they relate to security software systems.
Stays up-to date on advancements in the latest security practices and protocols.
Directs and oversees ongoing risk assessment and security monitoring of information systems.
Develops and conducts security awareness training and education programs.
Evaluates security incidents and determines appropriate response in the event of a security breach.
Actively remains current on security systems, issues and protocols
Conducts user meetings for implementation and enhancement processes.
Coordinates and/or facilitates work efforts between users and technical staff.
Performs daily operational real-time monitoring and analysis of security events from multiple sources.
Identifies anomalous traffic, monitor login activity, search for indicators of compromise, and respond to detected events as appropriate.
Handles security incidents from identification through containment, eradication, recovery, and reporting.
Actively monitors emerging threat intel, plans and implements detective and preventive measures as appropriate.
Conducts information security risk reviews for prospective technology acquisitions.
Responds to audit and examination findings.
Ensures compliance of IT policies and procedures (security, backup, access control, documentation, disaster recovery, etc.) in system implementation.
Develops ongoing needs assessment to identify type and content of security training.
Communicates risks and recommendations to mitigate risks to senior administration.
Coordinate remediation of vulnerability scan and pen testing findings.
When applicable, assists other departments to ensure regulatory compliance specific to that department/agency
FULL PERFORMANCE KNOWLEDGES, SKILLS, ABILITIES AND PERSONAL CHARACTERISTICS
Thorough knowledge of information cyber security best practices.
Good knowledge of software, hardware and network protocols and operations.
Strong interpersonal and organizational skills.
Ability to express ideas clearly and concisely using strong written and verbal communication skills.
Ability to relate Information Technology concepts, products and services to the user community in a non-technical, understandable manner.
Excellent analytical and problem solving skills
Good communication and presentation skills
Teamwork and cooperation with colleagues
Graduation from a regionally accredited college or university or one accredited by the New York State Board of Regents to grant degrees with a baccalaureate degree or higher and four (4) years of work experience, or its part time equivalent, supporting information security software and systems for an organization, at least two (2) years of which must have been in a project management capacity
Graduation from a regionally accredited college or university or one accredited by the New York State Board of Regents to grant degrees with an associate’s degree and six (6) years of work experience, or its part time equivalent, supporting information security software and systems for an organization, at least two (2) years of which must have been in project a management capacity;
Eight (8) years of work experience supporting information security software and systems for an organization, at least two (2) years of which must have been in a project management capacity; or
An equivalent combination of training and experience as defined by the limits of (A), (B) and (C).
01/2020 Date of Original Composition