Under the direction of the Director, Information Technology, the IT Security & Risk Officer is responsible for the design, configuration, deployment, enforcement and maintenance of the Town's technical security infrastructure with responsibility for day-to-day operation of current security solutions and the identification, investigation, and resolution of security breaches detected by those systems. Leads or participates in the implementation of new IT technology security solutions, including the creation/maintenance of policies, standards, and procedures. Works closely with internal and external stakeholders to ensure that robust IT technology security solutions are implemented, maintained, and up to date. Investigates and remedies any potential security breaches. Ensures that all security technology platforms, and solutions are implemented in accordance with the Town's corporate objectives.
Completion of a University Degree in Computer Science, Computer Engineering, Management Information Systems or related field, or an equivalent combination of education and work experience. Certified Information Systems Security Professional (CISSP) or Associate CISSP designation preferred.
Demonstrated progressive senior experience as an Information Security Administrator in an enterprise level technical environment preferably in a municipal environment with a strong understanding of municipal business functions, policies and requirements.
Advanced knowledge of and skill with operationalizing Information Security Operations practices, approaches and best practices
Industry recognized security operations and incident management certifications from an accredited provider and / or relevant experience and/ or relevant training from an academic institution in the fields of Information Technology Security Operations and Incident Response preferred.
Demonstrated understanding of diverse operating systems (Microsoft Windows, Mac OSx, Linux, Unix, IBM ZOS), service-oriented architectures and middleware, firewalls, scanners, security policies, physical security, encryption, PKI, directory services, RDP, VPN, and all aspects of infrastructure security.
Demonstrated extensive experience in network protocol and firewall knowledge with in-depth understanding of VLAN and tunneling configurations, in addition to training in security related technology, risk mitigation, and techniques.
Excellent knowledge of security operational and incident response tools and approaches.
Demonstrated knowledge of up-to-date IT security technology to ensure the enterprise security policies and practices meet operational needs.
Strong communication and interpersonal skills to present information, conduct meetings, and the development of reports; communicate with all levels of staff, elected officials, and the public.
Demonstrated organizational, analytical, problem solving, and time management skills to handle multiple deadlines and priorities in a fast-paced environment.
Ability to work in a team environment, liaise with key external and internal stakeholders and work effectively with minimal supervision.
Ability to work outside of regular business hours when necessary.
Class G Driver's License and reliable vehicle for use on corporate business.