Employment Opportunity


Cyber Security Manager

Salt River Pima-Maricopa Indian Community, Scottsdale, Arizona

Salary: $103,109.00 - $149,508.00 Annually

Final Filing Date: February 27, 2018

Under general supervision of the IT Director/CIO, performs configuration, administration and maintenance duties for the Salt River Pima-Maricopa Indian Community (SRPMIC) Information Technology (IT) environments from a security perspective. Provide vision and leadership for developing and supporting cybersecurity initiatives. Assesses and implements effective cybersecurity measures and technology for the Community's current and future needs. This individual directs the planning and implementation of policies and systems in defense against security breaches and vulnerability issues in support of operations and systems. This individual is also responsible for auditing existing systems, while directing the administration of cybersecurity policies, activities, and standards. This individual will oversee operations of the enterprise's cybersecurity solutions through management of the organization's cybersecurity analysts.

The Cyber Security Manager is expected to interface with peers in the organization's departments and Infrastructure/Network departments as well as with the leaders of the tribal government departments to both share the government's cybersecurity vision with those individuals and to solicit their involvement in achieving higher levels of enterprise cybersecurity through information sharing and cooperation. This job class is treated as FLSA Exempt.

Duties and Requirements Click to read more

Duties:

1. Leadership, Mentoring & Supervision: Provides leadership and mentors the cybersecurity team staff so they attain the technical skills and customer service skills along with experience necessary to perform independently and attain further career progression goals. Leads strategic cybersecurity planning to achieve organizational goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future cybersecurity technologies using a risk-based assessment methodology.
  • Establishes staff personal development goals and objectives aligned with the skills necessary to ensure personal, departmental and Community success.
  • Ensures cross functional training of staff to ensure that primary and secondary support personnel are properly trained to support division services.
  • Assists with the routine supervision of assigned staff. Prioritizes and coordinates staff workflow and provides training and assistance as needed.
  • Helps establish criteria for employee performance evaluations based on division and department goals and objectives.
  • Helps prioritize and coordinate staff workflow and provides training and assistance as needed.
  • Prepares Employee Performance Appraisal Reports (EPARs) for assigned employees for review by the Assistant IT Director and IT Director.
  • Provides resources to fulfill division and departmental operational objectives.
  • Provides leadership and promotes shared responsibility among the cybersecurity team and the extended security team.
  • Provides senior leadership to the Cybersecurity Team staff and works closely with other IT divisions to establish and enforce IT standards. Evaluates and recommends best in class standards and processes.
  • Develop and communicate cybersecurity strategies and plans to the management team, staff, partners, customers, and stakeholders.
2. Cybersecurity Architecture: Works with the Senior IT Management team to establish, maintain and improve Security Architecture and technical security standards across all IT infrastructure and data systems.
  • Create and maintain the Community's security architecture design.
  • Provides the expertise, leadership and ownership of the Community's IT infrastructure and data security strategy and implementation planning.
  • Provides expertise and makes recommendations regarding security architecture based on experience, independent research and industry knowledge.
  • Meets Key Performance Indicators (KPI's) for the security system program as required.
  • Collaborates with internal IT organizations to develop and implement IT security policies and procedures in accordance with security industry best practices.
  • Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
  • Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
  • Establishes audit policies and procedures to ensure compliance to SRPMIC IT Cybersecurity Policies and Practices.
3. Cybersecurity Risk Program: Manages a risk assessment program.
  • Provides reports to the IT Director and other members of the senior leadership team.
  • Review compliance with the information cybersecurity policy, controls, and associated procedures.
  • Ensures new risks are identified and mitigated in a timely manner;
  • Continuously monitors systems and addresses any incidents.
  • Ensure the Community systems and users are adherence to required cybersecurity standards and agreements made with other entities.
4. Security Infrastructure: Provides audit oversight of cybersecurity services within the LAN, WAN, Internet and network infrastructure.
  • Provides direction and consulting to the Subject Matter Experts (SMEs) supporting infrastructure, applications and data systems.
  • Performs cybersecurity reviews and guidance to infrastructure, applications, databases and desktop services staff for multiple IT/business projects.
5. Cybersecurity Awareness: Monitors cybersecurity bulletins and notices from multiple organizations, determines applicability and coordinates action plans and responses to events.
  • Develops and administers the Community's cybersecurity awareness training programs.
  • Provides cybersecurity education and awareness programs and training to the SRPMIC Government user community.
  • Consults with businesses and IT to understand and agree on potential risks and agree on mitigation plans.
  • Perform regular cybersecurity awareness training for all employees to ensure consistently high levels of compliance with enterprise cybersecurity commitments documented in agreements.
  • Develop cybersecurity self-assessment tools and consultation on results.
  • Responsible for cybersecurity training and monitoring for IT personnel for adherence to cybersecurity standards and protocols.
6. Strategic Visioning, Cybersecurity and Data Privacy & Cybersecurity Roadmap: Advises senior IT and business executives on enterprise cybersecurity strategy, cybersecurity risks and data privacy.
  • Provides the vision, forward-looking insight and leadership to the IT department in the areas of technology infrastructure, data systems including database, and applications security best practices.
  • Provides the leadership in the development and maintenance of the organization's Cybersecurity Plan.
  • Provides strategic infrastructure and data security roadmap and keeps current with evolving technology.
7. Operations: Assesses cybersecurity threats and vulnerabilities of current and future government systems.
  • Act as advocate and primary liaison for the company's cybersecurity vision via regular written and in-person communications with the IT management team, departments' leadership, and end users.
  • Work closely with IT Infrastructure and Enterprise Systems departments on corporate technology development to fully secure information, computer, network, and processing systems.
  • Manage the administration of all computer security systems and their corresponding or associated software, including intrusion prevention/detection systems, DLP systems, SEIM systems and related systems/technologies.
  • Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
  • Ensure the enforcement of enterprise security documents.
  • Supervise all investigations into problematic activity and provide on-going communication with senior management.
  • Supervise the design and execution of vulnerability assessments, penetration tests and cybersecurity audits.
  • Develop and audit firewall and anti-virus deployment policies.
  • Recommend and implement changes in cybersecurity policies and practices in accordance with changes in local or federal law.
  • Creatively and independently provide resolution to cybersecurity problems in a cost-effective manner.
  • Assess and communicate any and all cybersecurity risks associated with purchases or practices performed by the company.
  • Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with corporate budgetary objectives and personnel policies.
  • Promote and oversee strategic cybersecurity relationships between internal resources and external entities, including government, vendors, and partner organizations.
  • Remain informed on trends and issues in the cybersecurity industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
  • Engage in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to ensure enterprise wide understanding of cybersecurity goals, to solicit feedback and to foster co-operation.
  • Define and communicate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new cybersecurity systems, equipment, software, and other technologies.
  • Select and acquire additional cybersecurity solutions or enhancements to existing security solutions to improve overall enterprise cybersecurity as per the enterprise's existing procurement processes.
  • Oversee the deployment, integration and initial configuration of all new cybersecurity solutions and of any enhancements to existing cybersecurity solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically.
8. Firewall Maintenance: Audits and reviews the security of the Community's Internet Firewall and ensures it is available to our customers.
  • Tests and implements security patches and version upgrades.
  • Provide guidance to modify the Firewall functionality as needed to support customer requirements.
  • Assess the impact of new service requests on network security and provides solutions balancing customer needs with network security best practices.
9. Network Penetration Testing: Schedules, coordinates and oversees penetration testing for the network, applications and any system that requires cybersecurity testing.
  • Formulates plans to address security vulnerabilities documented in the penetration test report.
10. Investigations: Coordinate the completion of approved investigation requests.
  • Leads approved personnel and incident investigations.
  • Train members of the investigations team from multiple IT disciplines.
  • Ensure appropriate protocols and tools utilized to complete security reviews.
  • Complete security findings reports.
11. Miscellaneous: Other IT job related tasks as required by the Operations and Infrastructure Division Manager or Chief Information Officer.

Knowledge, Skills, Abilities and Other Characteristics:
  • Knowledge of the history, culture, laws, customs and traditions of the SRPMIC.
  • Knowledge of IT security system configuration, administration and maintenance.
  • Knowledge of up-to-date cybersecurity system architecture, technical cybersecurity standards and industry best practices.
  • Strong technical knowledge of current network hardware, protocols, and standards
  • Knowledge of testing and implementing security patches and version upgrades processes.
  • Extensive knowledge in enterprise security architecture design and enterprise security document creation.
  • Knowledge of system firewall configuration and functionality.
  • Knowledge of, and practical application experience with, network penetration testing.
  • Knowledge of CIS Critical Controls.
  • Knowledge of SAS Controls and Audit procedures.
  • Knowledge of the development and maintenance of an organizational Cybersecurity Plan.
  • Knowledge of cybersecurity best practice standards.
  • Knowledge of HIPPA and HIPPA HiTech compliance.
  • Knowledge of PCI compliance.
  • Working technical knowledge of Intrusion Prevention (IDP), Intrusion Detection (IDS) and Data Loss Prevention (DLP) technologies.
  • Knowledge and understanding of project management principles.
  • Skill identifying and working with key system cybersecurity third-party vendors.
  • Skill developing Requests for Proposals (RFP).
  • Skill in designing and delivering employee cybersecurity awareness training.
  • Skill Monitoring and managing vendor performance.
  • Skill providing and presenting cybersecurity education and awareness programs and training.
  • Skill assessing the impact of new service requests on network security.
  • Skill providing system security problem investigation, troubleshooting and problem resolution.
  • Skill establishing and maintaining effective working relationships with peers, business partners, customers, vendors and supervisors.
  • Skill with excellent verbal and written communication.
  • Skill in conducting investigations and ensuring chain of custody.
  • Ability to develop and enhance IT cybersecurity policies, procedures and best practices.
  • Ability to provide leadership in developing, maintaining and improving the IT security architecture.
  • Ability to manage a team on a daily basis.
  • Ability to perform IT infrastructure planning and development.
  • Ability to perform cybersecurity reviews and take proper, effective and timely corrective action.
  • Ability to provide enterprise cybersecurity strategy, cybersecurity risk and data privacy information and education in a concise and comprehensible manner.
  • Ability interpreting the applicability of local and federal laws/regulations as applies to secure company operations. In particular, experience with FedRamp and NIST 800 requirements.
  • Ability to develop Business Continuity Plans and Disaster Recovery Plans.
  • Ability to administer and capture forensic images utilizing the Encase tool.
  • Ability to develop and administer the Community's data cybersecurity awareness program.
  • Ability to provide vision, forward-looking insight and leadership regarding strategic infrastructure and data security issues.
  • Ability to utilize problem solving techniques, improvisation and creativity to accomplish goals.
  • Ability to analyze data, draw logical conclusions and make sound decisions and recommendations.
  • Ability to understand human resource management principles, practices, and procedures.
  • Ability to work in a team environment.

Requirements:

Education and Experience:
  • A Bachelor's degree from accredited college or university in Information Systems, Management Information Systems, Computer Science or a related discipline.
  • Other combinations of experience and education that meet the minimum requirements may be substituted for a Bachelor's degree.
  • Seven (7) years of direct work experience in Infrastructure Security Management and IT Cybersecurity Industry Best Practices required.
  • Seven (7) years of demonstrated expertise performing the following 4 tasks required:
    • Setting up and managing Microsoft Active Directory authentication, Cisco router and security products and security firewalls.
    • Designing, implementing and operational management of local and wide-area networks design (WAN, LAN, and IP protocol).
    • Experience in the cybersecurity aspects of multiple platforms, operating systems, software applications and databases.
    • Excellent interpersonal, communication, organizational, and project management skills and strong judgment and analytical ability.
  • Five (5) years full time experience demonstrating expertise performing the following tasks required:
    • Senior member on the executive team providing IT Network and Data Systems cybersecurity direction, planning and oversight.
    • Establishing the objectives and overseeing the implementation of corporate or government cybersecurity awareness program.
    • Establish the objectives and overseeing the implementation of corporate or government data privacy policies and associated training/infrastructure to support privacy policies.
  • One or more of the following certifications is preferred:
    • International Information Systems Security Certification Consortium (ISC)2 Certifications
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Systems Auditor (CISA)
    • Certified Information Security Manager (CISM)
    • SANS Global Information Assurance Certifications (GIAC)
    • Information Systems Audit and Control Association (ISACA)

Do you have the Education Required? See available on-line and campus-based degree programs now!

How to apply: Apply online

Posted: January 29, 2018



NOTE: The crime-scene-investigator.net is not responsible for typographical errors or omissions in employment notices on this web site. Often, employers change final filing dates, change duties and/or requirements, or close employment openings without notice. If you are interested in a job posted on this site be sure to contact the employer to see if changes in the filing date or job announcement have been made. Employers can also provide more information about open positions that does not appear in the announcements on these pages.