City of Tucson

Under general direction of the Network Services Manager, the Lead Security Administrator is responsible for the development and delivery of a comprehensive information security and privacy program for the City. The scope of this program is City wide and includes information in electronic, print and other formats. The purposes of this program include: to assure that information created, acquired or maintained by the City and its authorized users, is used in accordance with its intended purpose; to protect City information and its infrastructure from external or internal threats, and to assure that the City complies with statutory and regulatory requirements regarding information access, security and privacy.

The Lead Security Administrator develops and administers processes and standards for information security within the City's defense in depth information security architecture. The position validates that security policies are implemented and that monitoring and testing is in place, and maintains awareness of new threats and counter measures. This individual directs the work of staff responsible for computer and IT security inside the organization. The Lead Security Administrator performs the role of Disaster Recovery Manager for incidents that result from unauthorized access.

This is a lead position affording guidance to other positions performing the same tasks. This lead position also reviews workloads, assigns work and coaches employees with specialized instructions and practices for job accomplishments.

Lead personnel may contribute to other employees' performance evaluations, assist with the hiring process by interviewing and making recommendations and providing input to supervisory staff.

Function as the overall information security officer for technical matters for the City.

Coordinate development of City information security policies, standards and procedures. Ensure that City policies support compliance with external requirements such as HIPAA, HITECH, Red Flag, PCI, etc.

Develop and implement an incident report and response system to address City security incidents (breaches), respond to alleged policy violations or complaints from external parties. Serve as official IT contact point for information security, privacy incidents. Conducts investigation, analysis and review following breaches of security controls, and prepares incident reports recommendations for appropriate improvements.

Develop, implement and manage an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation.

Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to City.

Plan and manage the work of small teams of security staff on complex IS security projects.

Determine appropriate levels of security controls and systems monitoring at all levels of the security architecture.

Conduct periodic vulnerability and security risk assessment of the assets of the City, and administers firewalls, IPS, IDS, application firewalls, SIMS, router and switch ACL's, VPN remote access servers, and point-to-point encryption routers.

Identify new and recurring potential security threats and vulnerabilities, assess the risks of these to the City and implement appropriate corrective or preventative action.

Identify foreseeable information security risks in order to comply with privacy and information security regulations, policies and procedures.

Monitor compliance of information security procedures and policies and report infringements to top management.

Audit and review Information Security issues in the organization.

Cooperates with other Organizations on Information Security Issues.

Minimum Education Level & Type: Bachelor's Degree

Minimum Experience Qualifications: At least 5 years experience in information security administration, including experience in policy, management, and technology

Driver's License

FLSA Status: Exempt

Occupational Group Code: 06

Occupational Group Description: Data Processing

EEO Job Category Code: B

EEO Job Category Description: Professionals

Organizational Level: Lead

NCCI: 8810

Bargaining Unit: No Representation

The following information pertains to driving requirements for this classification with the City of Tucson. Under "Driving Level" None, Secondary or Primary, refers to the driving responsibility as it relates to the essential functions of the classification. License Type, is just that, the type of Arizona Driving License required for the classification. If the position requires a Commercial Drivers License (CDL), the endorsements will be listed under "Endorsements." Under Safety Sensitive a "Yes" means employees with this classification are subject to pre-employment and random drug testing. License Type A,B,C,D,or M may require the use of personal or City vehicles on City business. Individuals must be physically capable of operating the vehicles safely, possess a valid license and have an acceptable driving record. Use of a personal vehicle for City business will be prohibited if the employee is not authorized to drive a City vehicle or if the employee does not have personal insurance coverage. Exceptions to classification driving requirement's may exist based on position.

Driving Level: Secondary

License Type: Valid and Unrestricted Class D - Driver

CDL Endorsements: None

Safety Sensitive: No