Information Systems Security Officer (Grade 18) Job Opening

Information Systems Security Officer (Grade 18)

City of Huntsville, AL

Huntsville, Alabama
$56,576.00 - $86,674.00 a year — Full-time, Part-time

Nature of Work

This is advanced technical and professional cyber security work involving system design, development and maintenance. Work involves providing network and systems security and support for the installation, analysis and maintenance of City of Huntsville local area network (LAN), wide area network (WAN), Internet/intranet interfaces, SCADA, wireless and other networks. Acts as a liaison with internal and external entities, developing policies and procedures. Proactively monitors standards and regulatory requirements. Partners with staff to support security compliance and audit programs, establish assessments, manage and track risk mitigation and remediation activities. Reports directly to the Director of Information Technology Services. Defines, creates, and maintains the documentation for assessment and authorization of information systems in accordance with requirements. Assess the impacts of system modifications and technological advances on security profiles. Reviews systems in order to identify and mitigate vulnerabilities, validates the success of changes implemented, and documents system modifications. Researches, develops, implements, tests and reviews the organization's information assurance and security controls in order to ensure confidentiality, integrity and availability of city systems and data. Administers threat management HW/SW for computer networks and systems. Works closely with Network and System Administrators and other personnel to develop, implement and monitor all aspects of cyber security for all current and planned networks to include system security log collection and review. Designs and recommends network and systems changes. Identifies appropriate information assurance and security controls. Makes recommendations on appropriate physical and technical security controls and partners with internal staff to apply and monitor these controls. Develops information security policies and procedures in accordance with NIST, ISO or other internal or external standards and regulations. Develops or assists the system owners with the creation of System Security Documentation including but not limited to Systems Security Plan, Risk Management Plan, Continuity of Operations Plan, System Policies, Incident Response Plan and System Boundary Documentation. Performs security audits and conducts other functions independently or jointly with technical assistance from other ITS employees or city departments. Acts as liaison with internal and external Auditors and management staff regarding information security issues. Monitors the legal and regulatory landscape to proactively address information assurance and security requirements including PCI-DSS, HIPAA and the Criminal Justice Information System (CJIS). Reviews latest technical publications and other documents and standards to remain current on new technology and equipment related to information assurance and security. Provides guidance and liaises among the various program teams and city departments. Develops and delivers appropriate end-user presentations, documentation and awareness training to promote information security awareness city-wide. Monitors network devices, servers and personal computing devices for compliance with all information technology related policies. Maintains working knowledge of TCP/IP suite of protocols. Performs periodic audits of security risk assessments for all functions within the city. Tracks the status of vulnerabilities discovered to closure. Utilizes Unified Security Management (USM) and Security information and event management (SIEM) solutions. Requires regular and prompt attendance plus the ability to work well with others and work well as a team.

Minimum Education, Training and Experience

Bachelor's degree from a college accredited by a regional accrediting agency recognized by the U.S. Department of Education in computer science, information assurance, engineering or related field is preferred or at least five years of progressively responsible IT Security assessment and authorization related responsibilities that demonstrates the above listed knowledge, skills, and abilities. Knowledge of NIST SP 800 publications and related standards. Considerable knowledge of Federal, State, and local laws, codes, ordinances, regulations, procedures, statutory provisions, and Departmental and City policies and procedures in area assigned. Extensive knowledge of computer systems and/or telecommunications operations and principles. Extensive knowledge of information security systems, software, methods, techniques and practices. Extensive knowledge of regulatory compliance requirements and risk management, including methodologies and tools including NIST SP 800 series, PCI-DSS and HIPAA requirements. Knowledge of CJIS requirements. Knowledge of the following technologies: Windows, LDAP, Active Directory Domain Administration. Knowledge of and experience in IT Audit, IT Risk, system administration, network and application security concepts. Knowledge of and experience with vulnerability scanning, penetration testing and assessments. Ability to solve business problems through technology. Ability to correlate raw data from Automated Scan tools and /or system/security logs. Ability to develop and present, both verbally and in writing, highly technical information and presentations to non-technical audiences.

Physical and Environment Factors:

Work is performed in an office environment and involves everyday risks or discomforts which requires normal safety precautions. Work is essentially sedentary with occasional walking, standing, bending, and carrying items less than 25 pounds such as books, papers, office supplies, and file folders. Work requires the physical ability to sit in confined seating for extended periods of time and operate a computer keyboard.

Necessary Special Requirements:

Valid Driver's License

Certified Information Systems Security Professional (CISSP) within twelve months of employment

Must have the ability to become CJIS certified within six months of employment.

Desired Special Requirements:

Certified Information System Auditor (CISA)

Certification and Authorization Professional (CAP)
Applicants May Obtain a Copy of the City of Huntsville's EEOP Short Form Upon Request


The City of Huntsville offers a competitive benefits package for its regular, full-time employees, such as medical, dental, vision, life, accidental death & dismemberment, cancer, off-the-job accident, as well as annual leave, sick leave, holiday and retirement.

Below is a summary of the City's benefit offerings:

Medical Insurance:

The City offers all regular, full-time employees a medical insurance plan administered by Blue Cross Blue Shield of Alabama. There is one option available: BlueCard PPO. The BlueCard PPO plan utilizes a national Preferred Provider Organization. There is a 30 day waiting period from date of hire.

Voluntary Dental Plan:

The City offers a voluntary dental plan for all regular, full-time employees administered by Delta Dental Insurance Company. This is a PPO plan which offers a network of providers who have agreed to accept reduced fees for their services. Any provider may be utilized; however, significantly less out-of-pocket expense is realized when using a PPO provider. There is one level of coverage available: Level 2 plan. The Level 2 plan offers 100% coverage for Preventive and Diagnostic Services, 80% coverage for Basic Services and 50% coverage for Major Services and Orthodontic, if a PPO provider is utilized. There are no individual/family deductibles for Preventive and Diagnostic Services and deductibles for Basic, Major and other Covered Services are $50 per person or $150 per family per calendar year. The plan maximum is $1,000 and Preventive and Diagnostic Services do not count toward the annual maximum. There is a 30 day waiting period from date of hire.

Voluntary Vision Plan:

This is a voluntary vision plan that provides benefit coverage for eye examinations, frames, and eyeglass lenses with applicable copay. There is also an allowance for contact lenses. The plan is administered by VSP. There is a 30 day waiting period from date of hire.

Mental Health/Substance Abuse Program:

A mental health and substance abuse program is offered through Behavioral Health Systems, Incorporated (BHS). It is available to all employees and covered dependents currently enrolled and participating in the Group Medical Insurance. All treatment must be pre-certified and approved through BHS. To arrange for an evaluation, call the City's Employee Assisted Services Coordinator or BHS prior to treatment being rendered. There is a 30 day waiting period from date of hire.

Life Insurance:

The City provides a $20,000 life insurance policy. There are additional benefits for accidental death & dismemberment, seat belt, airbag rider and common carrier. Coverage begins after completing one full day of work. Coverage is provided at no-cost to the employee.

Disability Insurance:

The City provides a limited long term disability policy for eligible employees with one year of service, but less than ten years of service. After ten years of service, disability benefits are coordinated by the Retirement System of Alabama (RSA).

Retirement:

The retirement plan is administered by the Retirement System of Alabama (RSA). Participation is mandatory for all regular, full-time and part-time employees. Tier II Employees contribute 6% of salary to the plan (7% of salary for certain positions in the Police and Fire & Rescue divisions). Tier I Employees contribute 5% of salary to the plan (6% of salary for certain positions in the Police and Fire & Rescue divisions). The City contributes a percent as determined by RSA.

Voluntary Life / AD&D Insurance:

The City offers regular, full-time employees an optional voluntary term life insurance plan. Employees may purchase additional term life insurance for self and spouse and/or eligible dependents. Premiums are based upon age for the employee and spouse. Premiums for children are based upon a flat rate. Also, the City offers an optional voluntary accidental death & dismemberment insurance plan. Employees may purchase insurance for self or family. The minimum level of coverage on both plans is $20,000. The plans are administered by Lincoln Financial Group. There is a 30 day waiting period from the date of hire. Please refer to the plan brochure for additional information.

Voluntary Supplemental Insurance:

The City offers an optional supplemental Cancer plan and an Off-The-Job Accident plan. The Cancer plan provides a first occurrence, hospital confinement, radiation & chemotherapy and other benefits. The Off-The-Job Accident plan pays benefits for injuries occurring off the job. These supplemental plans are administered by Allstate. Please refer to the brochure for an explanation of covered benefits. There is a 30 day waiting period from date of hire.

Flexible Spending Accounts:

The City provides two flexible spending accounts: medical reimbursement and dependent care accounts. Reimbursements from these pre-taxed accounts require a proper receipt. The plans are administered by Wage Works. There is a 30 day waiting period from date of hire.

Voluntary Deferred Compensation Plans:

The City provides two optional voluntary deferred compensation plans. One plan is administered by RSA-1 and the other is administered by Nationwide Retirement Solutions. Employees may defer portions of salary for a later date, such as retirement. Please see the Payroll Division of the Finance Department for further details.

College 529 Savings Program:

The City provides an opportunity for employees to set aside funds for education through payroll deductions. For additional information, contact the City's Insurance and Benefits Office.

Holidays:

The City recognizes the following holidays: New Years Day, Martin Luther King, Memorial Day, Independence Day, Labor Day, Veterans Day, Thanksgiving Day, and Christmas Day. Three additional floating holidays are given each year as authorized by the Mayor.

Sick Leave:

Sick leave accrual is 4 hours per pay period for all eligible City employees. There is no maximum amount of sick leave an employee may accrue.

Annual Leave:

Annual leave is accrued as follows: less than 10 years = 4 hours per pay period; 10 to 15 years = 5 hours per pay period; 15 to 20 years = 6 hours per pay period; 20 or more years = 7 hours per pay period. Employees may accrue and carry forward 260 hours to the next calendar year.

Military Leave:

The City provides a military leave plan that pays regular salary for not more than twenty-one days per year. Also, employees, called into active service, may receive compensation in an amount equal to the difference in the lower military pay and the higher public employment salary as provided by City Council Ordinance.

Longevity Pay:

The City pays eligible employees compensation based upon the number of months of continuous regular full-time service as of October 1st of each year.

Other Benefits:

Please refer to the City of Huntsville Personnel Policies and Procedures Manual.