Marion County, OR
IT Security Administrator
Marion County, OR, Salem, Oregon, us, 97308
Salary:
$49.86 - $66.77 Hourly
Location :
Salem, OR
Job Type:
Full-time Regular
Job Number:
560-2024-2
Department:
Information Technology
Opening Date:
09/27/2024
Closing Date:
10/11/2024 11:59 PM Pacific
FLSA:
Exempt
Bargaining Unit:
02
Information Technology (IT) provides technical services, manages the county's technical resources, and provides consulting services for technology improvements through three programs: Administration, Operations, and Technology Solutions. These programs provide a complete range of technology services, which include strategic planning, new service design, business analysis, project management, security risk management, data security, applications delivery and support networks, servers and storage, desktop and mobile management, database administration, and end-user support through the service desk.
GENERAL STATEMENT OF DUTIES
Plan, organize, manage, and administer information security, operations, and functions; develop and implement program and strategic planning; implement and assist in the development of information security program policies, procedures, and business practices; evaluate goals, objectives, priorities, and activities to improve performance and outcomes; recommend and establish administrative controls and improvements; develop procedures to implement new and changing regulatory requirements; serve as an advisor to the management team.
SUPERVISION RECEIVED
Under general supervision of the IT Director, who assigns work, establishes goals, and reviews the results obtained for overall effectiveness through analyzing work products, observations, and meetings.
SUPERVISION EXERCISED
Full supervision, including employee selection and training, performance evaluation, complaint response, and personnel recommendations.
DISTINGUISHING CHARACTERISTICS
Develop and maintain the framework for the organization's IT information security. Evaluate and recommend new information security technologies and countermeasures against threats to information or privacy. Identify information technology security initiatives and standards for the enterprise. Manage the development, implementation, and maintenance of information security policy, standards, guidelines, and procedures. Set the access and authorization controls for everyday operations and emergency procedures for data. Set the standards for access controls, audit trails, event reporting, encryption, and integrity controls. Keep abreast of the latest security and legislation, regulations, advisories, alerts, and vulnerabilities about IT assets.
Typical Duties - Duties include, but are not limited to the following
Monitor and maintain security tools/systems (not limited to)Endpoint Threat Protection Monitoring (Devices with Antivirus)Cloud Security Monitoring, alerts & reportsAdvanced Threat Protection (ATP)SIEM or other logging and correlation technologiesVulnerability Scans for security and complianceVulnerability remediation assessment and planningImplement new security configurations
Research security configuration enhancements and make recommendations to managementSecurity Risk and Prevention :
Monitor data access: ensure the internal control systems are monitored and that appropriate access levels are maintained following the principle of least privilege.Conduct security assessments through vulnerability testing and risk analysis using available vulnerability scanning tools.Assist with internal and external security audits.Ensure adopted security policies, procedures, and best practices are followed.Contribute to weekly security status reports to IT leadershipSecurity Incident and Authoritative Contact :
Analyze security breaches to identify the root cause.Respond to potential security policy violations or complaints from external parties.Assist in oversight and activities for intrusion detection and response.Investigate security incidents and develop after-action reports.Serve as a point of contact for external security auditors, survey requests, and for department security/privacy matters.Assists in facilitating and promoting activities to create information security awareness and training.Other duties as assigned.Requirements for the Position
EXPERIENCE AND TRAINING
Bachelor's degree in computer science, information technology, or related field;
ANDFive years of progressive experience in computing, information security, and internet technology, including two years of supervisory experience;
ORAny satisfactory combination of work, education, training, or experience relevant to the position, as determined by Marion County.
SPECIAL REQUIREMENTS
The finalist for this position will be required to pass a criminal history background check, including finger printing; however, conviction of a crime may not necessarily disqualify an individual for this position.Must possess a current driver's license in the applicant's state of residence and an acceptable driving history. Marion County will obtain a copy of the driving record for all qualified applicants from Driver and Motor Vehicle Services and review the driving record according to the Marion County policy and procedure for Driving on County Business. The policy can be found at:This assignment is represented by a union.This is a full-time position, which is eligible for overtime.Typical Work Schedule: Monday through Friday, 8:00 A.M. - 5:00 P.M., with flexibility depending upon the needs of the department and program.Must be available to perform assigned rotating after-hour duties.
PREFERENCES
Certified Information Systems Security Professional (CISSP), or formal security certifications from International Information System Security Certification Consortium (ISC)², Global Information Assurance Certification (GIAC), Computing Technology Industry Association (CompTIA), Information Systems Audit and Control Association (ISACA).Information security principles and practices, including any of the following: security risk assessment standards, risk assessment methodologies, and vulnerability assessments.Senior level knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security software.
KNOWLEDGE, SKILLS, AND ABILITIESKnowledge of technology hardware and software which includes, but is not limited to systems, application languages, server based systems, cloud computing, personal computers, local and wide area network configurations and management, information and data management software and state-of-the-art system development and maintenance technologies; local, state, and federal laws, rules, policies, and regulations affecting information security and related technology and systems; strategic planning, preparation, and projection; and effective leadership and organizational communication principles and practices. Working knowledge of prevailing industry security standards and common body of knowledge gained by way of CISSP, SANS, or CISA Certifications.
Skills and abilities to manage and oversee comprehensive information security; lead diverse technologies, employees, and customer groups; communicate effectively in writing and orally, including the ability to make public or staff presentations; establish and maintain effective working relationships with a variety of individuals and groups, including customers in high-stress situations; and assist in confidential investigations. Skill in identifying information security problem areas, formulating diagnoses, and proposing practical solutions. Deep understanding of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Ability to establish and maintain effective working relationships with employees, systems users, outside consultants, and vendors.
PHYSICAL REQUIREMENTS
Sees using depth perception; stands; sits; moves about the work area; bends forward; stoops; climbs 1 floor of stairs; crawls; reaches overhead; lifts up to 40 lbs.; pushes, pulls, and carries up to 25 lbs.; moves carts weighing up to 100 lbs.; operates a keyboard; speaks clearly and audibly; reads a 12 pt. font; distinguishes colors and shades; hears a normal level of speech; and works in areas that may be exposed to dust.
PUBLIC SERVICE LOAN FORGIVENESSMarion County is a qualifying public employer for the Public Service Loan Forgiveness Program. Through the Public Service Loan Forgiveness Program, full-time employees working at the County may qualify for forgiveness of the remaining balance on Direct Loans after 120 qualifying monthly payments under a qualifying repayment plan. Questions about your loan eligibility should be directed to your loan servicer or the US Department of Education.
VETERANS' PREFERENCEApplicants are eligible to use Veterans' Preference when applying with Marion County in accordance with ORS 408.225, 408.230, and 408.235 and OAR 105-040-0010 and 105-040-0015. Preference will be awarded only if the applicant meets the minimum requirements of the position and attaches the required documentation at the time of application.
VISA SPONSORSHIPMarion County does not offer VISA sponsorship. Within three days of hire, you will be required to complete the US Department of Homeland Security's I-9 form confirming authorization to work in the United States. Marion County is an E-Verify employer and will use E-Verify to confirm that hires are authorized to work in the United States.
DOCUMENTS REQUIRED FOR VETERANS' PREFERENCE
One of the following:
MEMBER COPY 4 of the Certificate of Release or Discharge from Active Duty (DD Form 214 or 215); ORLetter from the US Department of Veterans Affairs indicating receipt of a non-service connected pension; ORCertification that discharge or release from active duty under honorable conditions will take place not later than 120 days after the submission of the certificate.
In addition to one of the above documents, Disabled Veterans must also submit one of the following:
A copy of their Veterans disability preference letter from the Department of Veterans Affairs; ORCertification that medical separation from active duty under honorable conditions will take place not later than 120 days after the submission of the certificate.
You can request copies of your military service record through the National Archives website at
Marion County is an Equal Opportunity, Affirmative Action, Veteran and Disability employer committed to increasing the diversity of its workforce.
Marion County offers a generous benefits package to regular employees working 50% or more of the regularly scheduled work week and their eligible dependents. Temporary employees and part-time regular employees working less than 50% of the regularly scheduled work week are not eligible for benefits.
For a summary of benefits, For a complete and detailed overview of the benefits package for management and supervisory employees, , and select Management Benefits from the left menu or Management Employees from the page links.
Benefits are defined based on position and are approved by the Marion County Board of Commissioners.
01
In order to receive credit for your supplemental questions, your answers must be supported by details in the education and/or work experience section of your application form. "See resume" is not an acceptable answer. Do you understand this statement?
YesNo
02
Describe your technical knowledge and experience developing, using, and applying enterprise security policies, processes, procedures, and standards. Identify the level of expertise with each known security standards, as well as where and how it was used.
03
Describe your technical knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Identify the level of experience with network topologies, as well as the type and how it was used.
04
Describe your technical knowledge of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, logging tools, EDR, XDR, or other AI themed security appliances. Identify the level of expertise with each known operating system and security technology, as well as where and how it was used.
05
List the formal Information Security training or certification(s) held and identify the associated provider or certifying organization. Enter "None" if you do not have formal Information Security training or certification.
06
Describe your experience developing and implementing a risk management program targeting information security and privacy matters.
07
Describe your experience leading the oversight and activities for intrusion detection systems or intrusion prevention systems.
08
Describe your experience building, managing, and overseeing a comprehensive information security program with diverse technologies, employees, and customer groups.
09
Describe your skills in identifying information security problem areas, formulating diagnoses, and proposing practical solutions.
10
Describe your experience in threat hunting, what software and processes did you use.
11
Describe how you communicate effectively in writing and orally, including the ability to make public or staff presentations.
Required Question
$49.86 - $66.77 Hourly
Location :
Salem, OR
Job Type:
Full-time Regular
Job Number:
560-2024-2
Department:
Information Technology
Opening Date:
09/27/2024
Closing Date:
10/11/2024 11:59 PM Pacific
FLSA:
Exempt
Bargaining Unit:
02
Information Technology (IT) provides technical services, manages the county's technical resources, and provides consulting services for technology improvements through three programs: Administration, Operations, and Technology Solutions. These programs provide a complete range of technology services, which include strategic planning, new service design, business analysis, project management, security risk management, data security, applications delivery and support networks, servers and storage, desktop and mobile management, database administration, and end-user support through the service desk.
GENERAL STATEMENT OF DUTIES
Plan, organize, manage, and administer information security, operations, and functions; develop and implement program and strategic planning; implement and assist in the development of information security program policies, procedures, and business practices; evaluate goals, objectives, priorities, and activities to improve performance and outcomes; recommend and establish administrative controls and improvements; develop procedures to implement new and changing regulatory requirements; serve as an advisor to the management team.
SUPERVISION RECEIVED
Under general supervision of the IT Director, who assigns work, establishes goals, and reviews the results obtained for overall effectiveness through analyzing work products, observations, and meetings.
SUPERVISION EXERCISED
Full supervision, including employee selection and training, performance evaluation, complaint response, and personnel recommendations.
DISTINGUISHING CHARACTERISTICS
Develop and maintain the framework for the organization's IT information security. Evaluate and recommend new information security technologies and countermeasures against threats to information or privacy. Identify information technology security initiatives and standards for the enterprise. Manage the development, implementation, and maintenance of information security policy, standards, guidelines, and procedures. Set the access and authorization controls for everyday operations and emergency procedures for data. Set the standards for access controls, audit trails, event reporting, encryption, and integrity controls. Keep abreast of the latest security and legislation, regulations, advisories, alerts, and vulnerabilities about IT assets.
Typical Duties - Duties include, but are not limited to the following
Monitor and maintain security tools/systems (not limited to)Endpoint Threat Protection Monitoring (Devices with Antivirus)Cloud Security Monitoring, alerts & reportsAdvanced Threat Protection (ATP)SIEM or other logging and correlation technologiesVulnerability Scans for security and complianceVulnerability remediation assessment and planningImplement new security configurations
Research security configuration enhancements and make recommendations to managementSecurity Risk and Prevention :
Monitor data access: ensure the internal control systems are monitored and that appropriate access levels are maintained following the principle of least privilege.Conduct security assessments through vulnerability testing and risk analysis using available vulnerability scanning tools.Assist with internal and external security audits.Ensure adopted security policies, procedures, and best practices are followed.Contribute to weekly security status reports to IT leadershipSecurity Incident and Authoritative Contact :
Analyze security breaches to identify the root cause.Respond to potential security policy violations or complaints from external parties.Assist in oversight and activities for intrusion detection and response.Investigate security incidents and develop after-action reports.Serve as a point of contact for external security auditors, survey requests, and for department security/privacy matters.Assists in facilitating and promoting activities to create information security awareness and training.Other duties as assigned.Requirements for the Position
EXPERIENCE AND TRAINING
Bachelor's degree in computer science, information technology, or related field;
ANDFive years of progressive experience in computing, information security, and internet technology, including two years of supervisory experience;
ORAny satisfactory combination of work, education, training, or experience relevant to the position, as determined by Marion County.
SPECIAL REQUIREMENTS
The finalist for this position will be required to pass a criminal history background check, including finger printing; however, conviction of a crime may not necessarily disqualify an individual for this position.Must possess a current driver's license in the applicant's state of residence and an acceptable driving history. Marion County will obtain a copy of the driving record for all qualified applicants from Driver and Motor Vehicle Services and review the driving record according to the Marion County policy and procedure for Driving on County Business. The policy can be found at:This assignment is represented by a union.This is a full-time position, which is eligible for overtime.Typical Work Schedule: Monday through Friday, 8:00 A.M. - 5:00 P.M., with flexibility depending upon the needs of the department and program.Must be available to perform assigned rotating after-hour duties.
PREFERENCES
Certified Information Systems Security Professional (CISSP), or formal security certifications from International Information System Security Certification Consortium (ISC)², Global Information Assurance Certification (GIAC), Computing Technology Industry Association (CompTIA), Information Systems Audit and Control Association (ISACA).Information security principles and practices, including any of the following: security risk assessment standards, risk assessment methodologies, and vulnerability assessments.Senior level knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security software.
KNOWLEDGE, SKILLS, AND ABILITIESKnowledge of technology hardware and software which includes, but is not limited to systems, application languages, server based systems, cloud computing, personal computers, local and wide area network configurations and management, information and data management software and state-of-the-art system development and maintenance technologies; local, state, and federal laws, rules, policies, and regulations affecting information security and related technology and systems; strategic planning, preparation, and projection; and effective leadership and organizational communication principles and practices. Working knowledge of prevailing industry security standards and common body of knowledge gained by way of CISSP, SANS, or CISA Certifications.
Skills and abilities to manage and oversee comprehensive information security; lead diverse technologies, employees, and customer groups; communicate effectively in writing and orally, including the ability to make public or staff presentations; establish and maintain effective working relationships with a variety of individuals and groups, including customers in high-stress situations; and assist in confidential investigations. Skill in identifying information security problem areas, formulating diagnoses, and proposing practical solutions. Deep understanding of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Ability to establish and maintain effective working relationships with employees, systems users, outside consultants, and vendors.
PHYSICAL REQUIREMENTS
Sees using depth perception; stands; sits; moves about the work area; bends forward; stoops; climbs 1 floor of stairs; crawls; reaches overhead; lifts up to 40 lbs.; pushes, pulls, and carries up to 25 lbs.; moves carts weighing up to 100 lbs.; operates a keyboard; speaks clearly and audibly; reads a 12 pt. font; distinguishes colors and shades; hears a normal level of speech; and works in areas that may be exposed to dust.
PUBLIC SERVICE LOAN FORGIVENESSMarion County is a qualifying public employer for the Public Service Loan Forgiveness Program. Through the Public Service Loan Forgiveness Program, full-time employees working at the County may qualify for forgiveness of the remaining balance on Direct Loans after 120 qualifying monthly payments under a qualifying repayment plan. Questions about your loan eligibility should be directed to your loan servicer or the US Department of Education.
VETERANS' PREFERENCEApplicants are eligible to use Veterans' Preference when applying with Marion County in accordance with ORS 408.225, 408.230, and 408.235 and OAR 105-040-0010 and 105-040-0015. Preference will be awarded only if the applicant meets the minimum requirements of the position and attaches the required documentation at the time of application.
VISA SPONSORSHIPMarion County does not offer VISA sponsorship. Within three days of hire, you will be required to complete the US Department of Homeland Security's I-9 form confirming authorization to work in the United States. Marion County is an E-Verify employer and will use E-Verify to confirm that hires are authorized to work in the United States.
DOCUMENTS REQUIRED FOR VETERANS' PREFERENCE
One of the following:
MEMBER COPY 4 of the Certificate of Release or Discharge from Active Duty (DD Form 214 or 215); ORLetter from the US Department of Veterans Affairs indicating receipt of a non-service connected pension; ORCertification that discharge or release from active duty under honorable conditions will take place not later than 120 days after the submission of the certificate.
In addition to one of the above documents, Disabled Veterans must also submit one of the following:
A copy of their Veterans disability preference letter from the Department of Veterans Affairs; ORCertification that medical separation from active duty under honorable conditions will take place not later than 120 days after the submission of the certificate.
You can request copies of your military service record through the National Archives website at
Marion County is an Equal Opportunity, Affirmative Action, Veteran and Disability employer committed to increasing the diversity of its workforce.
Marion County offers a generous benefits package to regular employees working 50% or more of the regularly scheduled work week and their eligible dependents. Temporary employees and part-time regular employees working less than 50% of the regularly scheduled work week are not eligible for benefits.
For a summary of benefits, For a complete and detailed overview of the benefits package for management and supervisory employees, , and select Management Benefits from the left menu or Management Employees from the page links.
Benefits are defined based on position and are approved by the Marion County Board of Commissioners.
01
In order to receive credit for your supplemental questions, your answers must be supported by details in the education and/or work experience section of your application form. "See resume" is not an acceptable answer. Do you understand this statement?
YesNo
02
Describe your technical knowledge and experience developing, using, and applying enterprise security policies, processes, procedures, and standards. Identify the level of expertise with each known security standards, as well as where and how it was used.
03
Describe your technical knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Identify the level of experience with network topologies, as well as the type and how it was used.
04
Describe your technical knowledge of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, logging tools, EDR, XDR, or other AI themed security appliances. Identify the level of expertise with each known operating system and security technology, as well as where and how it was used.
05
List the formal Information Security training or certification(s) held and identify the associated provider or certifying organization. Enter "None" if you do not have formal Information Security training or certification.
06
Describe your experience developing and implementing a risk management program targeting information security and privacy matters.
07
Describe your experience leading the oversight and activities for intrusion detection systems or intrusion prevention systems.
08
Describe your experience building, managing, and overseeing a comprehensive information security program with diverse technologies, employees, and customer groups.
09
Describe your skills in identifying information security problem areas, formulating diagnoses, and proposing practical solutions.
10
Describe your experience in threat hunting, what software and processes did you use.
11
Describe how you communicate effectively in writing and orally, including the ability to make public or staff presentations.
Required Question