Cybersecurity Administrator- IT at Dona Ana County in Las Cruces, New Mexico

Posted in Other 22 days ago.

Type: full-time





Job Description:

Job Description

PURPOSE SUMMARY. Responsible for oversight and administration of information security and IT risk management programs based on industry-accepted security and risk management frameworks. Tasked with improving the maturity levels of information security, state of cybersecurity and enhancing IT risk practices across the county. The Cybersecurity Administrator will play a crucial role in protecting the organization's valuable data and assets from cyber threats. They will be responsible for monitoring, analyzing, and responding to security incidents, implementing, and maintaining security controls, and collaborating with other teams to ensure a comprehensive security posture.

ESSENTIAL DUTIES.

1. Develop, implement, and update IT security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with local, state and federal regulations.

  • Create and maintain IT security and privacy policies, procedures, and standards.
  • Assess computer systems and security risks by investigating potential threats, vulnerabilities; execute and coordinate contingency plans, preventive measures and control techniques, and communicate information to IT Director.
  • Design, coordinate and implement security procedures and plans.
  • Provide project leadership and management for security projects, including leading others in the IT department and outside departments, providing cost estimates, managing schedules, and providing technical leadership to ensure the project is completed successfully.
  • Assist IT managers and staff in integrating risk and compliance management into their projects, initiatives and operations.
  • Identify acceptable levels of residual information security risk and develop action plans, policy and procedural changes for risk mitigation.

2. Monitor, configure, and maintain security software and hardware to ensure optimal functionality.

  • Monitor security logs, network traffic, and email systems for anomalies and suspicious activities that might indicate a potential attack.
  • Monitor industry security updates, changes, technologies, emerging threats and best practices for continuous improvement.
  • Implement and maintain security controls, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and access controls.
  • Implement and maintain email security gateways and filtering solutions to block spam, phishing attempts, malware, and other malicious content.
  • Configure and manage email encryption solutions (e.g., S/MINE, PGP) to ensure the confidentiality of sensitive information.
  • Stay up-to-date on the lates email security threats and trends, and adapt configurations accordingly.

3. Proactively identify and mitigate IT risks, respond to audit and examiner findings and respond to security incidents as they occur.

  • Implementation of security procedures/controls. Monitor networks, systems, and applications for conformance to the security requirements and policies.
  • Run periodic security scans and work with IT teams to address identified weaknesses.
  • Respond to security incidents, including availability to respond to system problems and incidents after hours. Coordinate security incident responses.
  • Lead the IT department's internal SIRT (Security Incident Response Team)
  • Work with law enforcement and other agencies in response to detected incidents.
  • Initiate, facilitate and promote activities to create information security awareness within the organization.

4. Facilitate security education, training, and awareness.

  • Develop and deliver training programs to educate employees on security best practices, including phishing awareness and how to identify suspicious emails.
  • Promote a culture of security by encouraging employees to report suspicious emails and potential security breaches.
  • Facilitates regular information security training for county employees.

5. Track and report on key metrics indicating the level of controls compliance and current IT risk posture.

  • Identify and track information security metrics.
  • Create and maintain reports and dashboards for key metrics indicating the level of controls compliance and IT risk posture for the county.
  • Generate reports on email security activities, trends, and threats.

ADDITIONAL DUTIES. Other duties may be assigned.

QUALIFICATIONS.

A. Education. Bachelor's degree in Computer Science or related field.

B. Experience. Four (4) years of experience managing security technologies in an enterprise environment. One (1) year experience managing projects.

C. Education/Experience substitution. In accordance with County policy.

D. Licenses/Certifications. CompTIA Security+ is required or able to obtain within 2 months of hire. PenTest+ and Cloud+ certifications is preferred. Other security-related certifications are desirable, such as CISSP, SANS GSEC/GCIA/GCIH, etc. Project Management certification is also desirable (PMP, CAPM, PPM, Project+, etc.)

E. Other (e.g., post-offer medical exam, polygraph, background check, driver's license record, etc.). Must Pass NCIC and background checks.

KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED BY THE POSITION:

Knowledge of:

  • Incident response, threat modeling, and mitigation
  • Firewalls, Intrusion Prevention, 802.1X, web filtering, antivirus and malware protection
  • OS hardening techniques for Windows and Linux environments
  • Access logging, centralized logging, and monitoring/alerting of security log events using tools such as Syslog, Splunk and NetWrix
  • Windows and Linux server management
  • Common internet protocols such as DNS, SMTP, LDAP, etc.
  • Network hardware and software theory and operations (including layer 2 through 7 protocols as well as hardware architecture)
  • Microsoft 365 security, compliance and cloud-app security platform.
  • Email security layers (e.g., SPF, DKIM, DMARC, etc.).

Ability to:

  • Prioritize tasks, manage time effectively, and work independently in a fast-paced environment.
  • Implement and enforce security technologies and methodologies including: Firewalls, VPN, Cisco ISE and Enterprise anti-virus software.
  • Understand and communicate (written and verbal) effectively with staff, users and vendors.
  • Provide excellent customer service.

Skilled in:

  • Enterprise level IT infrastructure administrative techniques
  • Excellent analytical and problem-solving skills.
  • Project planning and management.
  • Email security solutions (e.g., email gateways, encryption solutions).

Compensation Range

$58,176.96 - $96,213.06

Doña Ana County is an Equal Employment Opportunity Employer. It is our policy to abide by all federal and state laws prohibiting employment discrimination on the basis of a person's race, color, religion, age, national origin, sex, disability, serious medical condition, genetic information, ancestry, spousal affiliation, gender identity, sexual orientation or any other unlawful criteria, except where a reasonable Bona Fide Occupational Qualification exists.

Doña Ana County will make reasonable accommodation(s) for the known physical or mental limitations of an applicant with a disability, upon request, unless the accommodation(s) would cause an undue hardship on the operation of the County. Please see http://www.donaanacounty.org/ada/ for our Public Notice and to get the Testing/Interview Accommodation Request Form or call 575-647-7210 for assistance.

recblid 7z3xamdhpbwdm7hbbgyjbvec6pvs0k
More jobs in Las Cruces, New Mexico

Other
about 9 hours ago

Circana
Other
1 day ago

Outlier
Other
1 day ago

Outlier
More jobs in Other

Other
about 1 hour ago

Gorbel
Other
about 1 hour ago

Gorbel
Other
about 1 hour ago

Gorbel