City of Tucson

This job reports to: Chief Information Officer

Leads the development and promotion of security and privacy awareness training and education for all levels of the organization.

Oversees the development and implementation of citywide information related security policies, guidelines, and governance models to protect the city from internal and external threats and vulnerabilities.

Sets city-wide roles and processes for electronic and physical environment protection, and data governance with detailed cross-departmental processes for responding to identification and handling of process violations and compromised data.

Prepares short and long-term strategies for optimizing the city’s information security plan and formulates and recommends city-wide policies for detecting, deterring, and mitigating information security threats.

Participates in the development and implementation of disaster recovery and business continuity plans, with a focus on holistic operational effectiveness and comprehensive Information Technology engagement.

Serves as a subject matter expert and internal consultant on the data security implications of proposed new major information technology projects and programs, making recommendations to the Chief Information Officer, City Manager's Office, and affected departments.

Designs & enacts architecture and governance for secured limited access to information through technical infrastructure, including processes to monitor, manage, and evaluate ongoing performance of security. Ensure new solutions adhere to policy and standards and solutions are properly controlled and isolated given risk to systems and network.

Leads the handling of information security breaches and related incidents, including overseeing the activation of the City's cybersecurity insurance company, departmental incident response teams, and joint task force response teams pre-arranged with external partners / governmental agencies.

Knowledge of standard security practices, network architecture, routing and Transmission Control Protocol/Internet Protocol (TCP/IP), general business processes and standards associated with areas of assignment, Risk and Threat assessment processes and practices; project planning and management; business continuity planning, documentation and evaluation; managing the evidentiary process; the use of Third Party Applications and native scripts and languages; maintaining the chain-of-custody process and procedures; strong working knowledge of pertinent laws and the law enforcement community, and knowledge of the principles and methods used in the analysis and development of information security systems and procedures; currently accepted information security standards, guidelines, and theories; advanced computer technology equipment operational capacity & capability.

Ability to analyze and interpret complex data, effectively supervise personnel, and motivate and direct the work of others, prepare and present effective, clear, and concise reports and correspondence, identify and recommend information security needs for the city, analyze problems and identify alternative solutions, deal effectively and harmoniously with city executives, department and assigned staff, customers, and the public.

Experience: Ten years in information technology or security management with five years in concentrated information security. Must have experience and working knowledge with firewalls, routers, anti-virus, virtual private networks (VPN), Multi-factor authentication, public key infrastructure (PKI), encryption, governance, risk and compliance management (including policy and procedure management); zero-trust infrastructure (design, setup and ongoing assurance).

Driver’s License & Type: Valid and Unrestricted Class D - Driver's License

The following information pertains to driving requirements for this classification with the City of Tucson. Under "Driving Level" None, Secondary or Primary, refers to the driving responsibility as it relates to the essential functions of the classification. License Type is just that, the type of Arizona Driving License required for the classification. If the position requires a Commercial Driver’s License (CDL), the endorsements will be listed under "Endorsements." Under Safety Sensitive a "Yes" means employees with this classification are subject to pre-employment and random drug testing. License Type A, B, C, D, or M may require the use of personal or City vehicles on City business. Individuals must be physically capable of operating the vehicles safely, possess a valid license and have an acceptable driving record. Use of a personal vehicle for City business will be prohibited if the employee is not authorized to drive a city vehicle or if the employee does not have personal insurance coverage. Exceptions to classification driving requirements may exist based on position.

Driving Level: Incidental

License Type: Valid and Unrestricted Class D - Driver

CDL Endorsements: None

Safety Sensitive: No