Responsible for testing, documenting, evaluating, remediating, and improving internal IT audit controls for effectiveness and operational efficiency. Collaborates with internal and external audit teams, IT management, business units, consultants, and other stakeholders to ensure compliance project deliverables are met.
Essential Job Functions
Essential job functions are fundamental, core functions common to positions in a classification. They are not intended to be an exhaustive list of all job duties for any one position in the class. Since class specifications are designed to be descriptive and not restrictive, incumbents may complete one or all of the job duties listed or tasks of similar kind not specifically listed here.
Plans and coordinates computer security measures with information technology staff and District management; presents recommended security policies and programs for District-wide adoption; conducts security testing as needed.
Develops, implements, maintains, and oversees enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.
Monitors and analyzes use of the computer network; conducts investigations related to violations of computer policies and other computer-related incidents; recommends suspension of computer privileges.
Reviews new computer applications, network modifications and expansions for compliance with established policies and presents recommendations for security components.
Monitors and enforces software license compliance; ensures compliance with information technology reporting requirements such as GASB-51.
Advises on security policies and procedures; develops SAP security documentation.
Manages Information Technology budget for security; administers contracts for software licenses and maintenance renewals.
Designs and implements disaster recovery plan for operating systems, databases, networks, servers and software applications.
Keeps current with emerging security alerts and issues.
Assigns, supervises and reviews work; ensures staff compliance with District policies and procedures including Personnel Rules and Administrative Procedures; completes performance reviews; addresses employee complaints and grievances; may recommend employment actions such as hiring, transfer, suspension, promotion or discharge.
Other Job Functions
Performs other duties as assigned.
Work is performed in a typical office environment and requires the use of standard office equipment including computers.
Desirable Knowledge, Skills and Abilities
Thorough knowledge of governance frameworks.
Thorough knowledge of computer security systems and internal controls.
Knowledge of computer operating systems, programming languages and relational database management.
Knowledge of information security frameworks, standards and regulations.
Knowledge of the principles and methodologies relating to systems analysis and systems design.
Ability to develop security requirements aligned with business needs.
Ability to plan and supervise the work of subordinate technical and administrative staff.
Ability to communicate effectively, orally and in writing.
Minimum Qualification Requirements
Graduation from a four-year accredited college or university majoring in information technology, computer science or a closely related field and six years of experience in developing, implementing and/or administering system security standards and procedures.
Graduate study in computer science or a closely related field may be substituted for the required experience on a year-for-year basis to a maximum of two years. Full-time paid experience in developing, implementing and/or administering system security standards and procedures may be substituted for the required education on a year-for-year basis. A CISSP certification may be substituted for one year of the required education or experience.
One year of service with the District as an IT Security Administrator or Computer Systems Administrator.
Civil service status in one of the foregoing classifications.