Cybersecurity Manager

Salary : $123,768.00 - $178,332.00 Annually Location : Boulder County, CO Job Type: Full-time Job Number: 06101-1 Department: Information Technology Division: ITD ITE Information Technology Opening Date: 11/14/2024 Closing Date: 11/19/2024 11:59 PM Mountain FLSA: Exempt Description Boulder County is seeking to hire a Cybersecurity Manager to join our Information Technology leadership team. The Cybersecurity Manager's role is to provide vision and leadership for developing, implementing, and supporting county-wide security initiatives while ensuring legal compliance. The Cybersecurity Manager is the lead responder to security breaches and incidents, developing and planning security solutions and policies, and ensuring implementation. Further, the Cybersecurity Manager is responsible for ensuring security meets all requirements of local, state and federal law. This is a full-time, benefited position that will work Monday - Friday from 8:00am - 4:30pm. This position will work out of Downtown Boulder, Colorado. Under Fair Labor Standards Act (FLSA) guidelines, this position is exempt. Boulder County requires its employees to reside in the state of Colorado as of the first day of work. 2024 Hiring Salary Range: $114,588.00 - $165,000.00 Annually 2025 Hiring Salary Range: $123,768.00 - $178,332.00 Annually Tentative Hiring Timeline: Phone Screening: November 21st First Round Interviews: November 23rd Reference Check: November 23rd New employees receive an 80-hour bank of vacation at the time of hire, in addition to 8 hours of both vacation and medical leave accruals each month. Boulder County offers bountiful benefits, including pension contributions. Boulder County employees may qualify for Public Service Loan Forgiveness (PSLF). Visit studentaid.gov for more information. Examples of Duties Manages the design, development, implementation, and operation/maintenance of information security programs and controls which are designed to protect the confidentiality, integrity and availability of voice, data network, application and computer infrastructure and their associated information assets Responsible for building a comprehensive security program and an accountable, information security-conscious culture and a security infrastructure based on policies and procedures that are compliant with federal, state and local laws, ordinances and guidelines. This includes (but is not limited to) compliance with regulations such as Criminal Justice Information Services (CJIS), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry (PCI) Provides strategic and operational IT security leadership county-wide and establishes, supports, and continuously improves information security technology, policies, practices and standards. Oversees vulnerability assessments and penetration testing, development and implementation of IT disaster recovery and business continuity plans, performs incident response and security analyses, provides forensic investigation, assists with internal and external audits, and supports departments/offices with e-discovery activities Ensures timely and effective dissemination of security information, designs, and informs /coaches senior management, staff and teams on potential and emerging IT security threats, vulnerabilities, and control techniques Coordinates any security investigations/audits and executes preventive measures Delivers and monitors IT security awareness training May be reassigned in emergency situations for larger incident response needs Performs related work, as required May be reassigned in emergency situations Required Qualifications PLEASE NOTE: When completing your application describe all relevant education and experience, as applications are assessed based on the required qualifications listed. Resumes and other attachments are not accepted in lieu of completed applications and will not be reviewed in the initial screening process. Any personally identifiable information (PII) such as name and address will be redacted from applications that meet the minimum screening requirements and are forwarded to the hiring manager. If the hiring manager selects you to advance in the hiring process, your attachments will then be shared with the hiring team. EDUCATION & EXPERIENCE: Boulder County is looking for well qualified candidates to fill our positions. Any combination of relevant education and experience is encouraged. In this position, we are looking for a minimum of 8 years of combined education and experience, including two years in a lead or management capacity as well as experience with Boulder County Systems. Training certifications are also factored into the combination of experience. BACKGROUND CHECK & FINGERPRINTING: A job offer is contingent on passing a background investigation with fingerprinting Supplemental Information PREFERRED QUALIFICATIONS: Proven experience in planning, organizing, and developing IT security system technologies Experience in planning and executing security policies and standards Experience with the NIST 800-53 control family and NIST CSF Experience in guiding and advising IT software development teams on security configurations Excellent knowledge of existing and emerging technology environments (e.g. networks, computing platforms, operating systems, etc.) Substantial exposure to system administration, data processing, hardware platforms, enterprise software applications and cloud systems Experience with systems design and development from business requirements analysis through day-to-day management Demonstrated ability to apply technology in the resolution of security issues In-depth knowledge of applicable laws and regulations as they relate to security, including HIPAA, CJIS and other compliance requirements Skills in management administration and supervision Strong communications skills (written and oral) Ability to establish effective working relationships with those contacted in the course of work KNOWLEDGE, SKILLS, & ABILITIES: Knowledgeable in security management practices for enterprise-level computer and communications networks Able to perform thorough system risk assessments, develop mitigating solutions, and present results in a credible manner Requires proven ability to provide technical solutions to a wide range of complex networking security problems Thorough knowledge of operating systems, open system architecture, networks across multi-platforms, relational databases, two and three-tier client server architecture, utilities, programming languages Ability to recognize, analyze and recommend solutions to technical integration problems and requirements at the architectural level Ability to troubleshoot a variety of problems Ability to establish effective working relationships with those contacted in the course of work Understanding of, and/or lived experience with principles and practices that would support Boulder County Policy 1.06 (Fully Inclusive, Anti-Racist & Multicultural Organization) Boulder County is a workplace dedicated to supporting individuals and families of all types and to fostering a diverse, inclusive, and respectful environment for all employees. We prohibit unlawful discrimination against applicants and employees on the basis of race, color, religion, gender, gender identity, national origin, age, disability, socio-economic status, sexual orientation, genetic information, or any other status protected by applicable federal, state, or local law. As well as offering competitive pay and a caring work environment, Boulder County offers employees an array of benefits. For all FTE and Term employees, we provide: Outstanding options of comprehensive health plans that include vision and dental coverage. Information can be found Additional Benefits can be found Including: Family-forming benefits- infertility treatment, adoption and surrogacy reimbursements 12 weeks Paid Caregiver leave Breast feeding friendly-work environment Sick child care, an infants-at-work policy Access to LifeMart discount hub, including discounts on childcare centers, event tickets, travel and more Access to a nationally-recognized wellness program Employee Assistance Program PERA 401k Social Security retirement plans Additional Life and Disability Insurance Critical Illness and Accidental Insurance County-paid tuition assistance Eligible for PSLF- Free EcoPass Hospital Indemnity ID Theft Protection Pet Insurance 8 Hours of Paid Public Service Leave Generous paid time off Holidays New Year's Day January 1 Martin Luther King's Birthday January Presidents' Day February Memorial Day May Juneteenth June 19 Independence Day July 4 Labor Day September Indigenous People's Day General Election Day November (first Tuesday after the first Monday, even years) Veterans' Day November 11 Thanksgiving Day November Friday after Thanksgiving Christmas Eve- day (full day off depends on day of the week) Christmas Day December 25 New Year's Eve- day (full day off depends on day of the week) Vacation 80-hour bank of vacation at the time of hire Eight hours of vacation per month for the first year of continuous service, then accrue twelve hours of vacation per month after the first year of continuous service. Medical Eight hours of medical leave for each month employed. PERA- The County and all employees pay into both Social Security and PERA Employer contribution to Social Security: 7.65% of salary Employer contribution to PERA (Local Government Division- most county employees: 14.76% The District Attorney's Office observe Francis Xavier Cabrini Day on the first Monday in October and omit the Friday after Thanksgiving Vacation and Medical leave are based off of full time FTE accruals. Part-time FTE/term employees accrue leave based on the percentage of time they work. More in depth information regarding our benefits can be found 01 Please describe how you meet the minimum of 8 years of combined education and experience in Information Technology security (required)? Describe your education and experience in these areas of security work: data, systems, network, server, endpoint, monitoring, identity management, and individual user? 02 Please describe your experience working with Boulder County systems (required)? 03 Describe your experience with establishing and ensuring compliance with data security standards, particularly in relation to regulations surrounding Criminal Justice Information Services (CJIS), protected health data (HIPAA), Personally Identifiable Information (PII), and elections. 04 How would you define a successful cybersecurity program for Boulder County? How would you measure that success? 05 Describe your experience with, and approach to, security incident response. Please detail any experience you may have in emergency response working for a government organization. 06 What kinds of experiences have you had working with others with different backgrounds than your own? 07 What educational, volunteer, and life experiences demonstrate your ability to contribute to Boulder Countys goals of achieving racial equity and social justice? Required Question