Description

The main purpose of the of the Specialist, Systems Security is to develop and implement enterprise security and compliance policy and monitor its adoption by IT Department including architectures and security solutions, frameworks, and roadmaps as well as the physical and electronic protection of data by determining security requirements, planning, implementing, and testing security controls, adopting security standards, policies, and procedures. This position works closely with both the CSSO and IT Manager.

Duties and Responsibilities:

• Lead role in defining the appropriate architecture, technical requirements, and standards necessary to address information security needs for the organization. 
• Responsible for the development and evolution of an in-depth information security strategy for AMHEC’s.
• Support IT Manager in the improvement of the IT management processes and policies and building the enterprise architecture for the information technology services for AMHEC’s.
• Conduct design and engineering processes to ensure that security architecture solutions maintain the confidentiality, integrity, and availability of information assets. 
• Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems. 
• Develop and maintain a portfolio of enterprise security standards for applications, systems, and data. 
• Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; and preparing cost estimates. 
• Work with internal and external technical teams to define and document controls necessary to ensure the confidentiality, integrity, and availability of computer systems, data, and network resources. 
• Evaluate security controls employed by external service providers to ensure information assets are adequately protected, and couple them with additional security controls including firewalls, intrusion prevention systems, and monitoring/event correlation solutions. 
• Address security requirements within cloud architectures, creating new and evolving security services and standards pertaining to cloud services, consulting with internal and external stakeholders, and developing and documenting strategies, standards, and roadmaps for cloud security components and architectures. 
• Lead the development and implementation of security technology solutions for complex environments and architecture including cross-platform interoperability. 
• Participate in the risk assessments of new and existing technology solutions to identify opportunities for improvement, and engineering solutions to adequately mitigate associated risks. 
• Oversee and review the ongoing documentation, development, implementation, and maintenance of processes, procedures, and services associated with architecture functions including ensuring that requirements and deliverables are clearly defined. 
• Conduct research, monitor new product developments, and make recommendations regarding technologies that have the potential to benefit the security of information assets. 
• Develop and implement an Information Security Incident Response Plan and support the security incidents response team.
• Develop and maintain an Information Security Policy and monitor the adherence of that policy with all stakeholders.
• Assist with maintaining a company-wide Information Security awareness training and education program that includes processes, tools, policies, and technologies that help reduce risk to the city’s information assets.
• Drafts and develops AMHEC’s Control Requirements Manual (CRM) policies and procedures and monitor IT Department implementation of the same.
• Serves as a liaison to the company’s security office for local and network security issues.
• Ensures proper computer and network access for system users; assigns passwords and user IDs to new users.
• Collaborates with users to discuss computer data access needs, to identify security threats and violations, and to identify and recommend needed programming or process changes.
• Develop data encryption, firewalls, and other appropriate security policies and procedures to conceal and protect transfers of confidential digital information.
• Reviews violations of security procedures; provides training to ensure violations do not recur.
• Develops and implements plans to safeguard digital data from accidental or unauthorized modification, destruction, or disclosure; adheres to emergency data processing needs.
• Monitors system usage to confirm that employees have the proper level of information access.
• Investigates improper use and reports violations to the Director of Information Systems.
• Ensures that the physical location of computer and related hardware is secured.
• Oversees backup of company information in case of disaster or data loss.
• Conducts information systems audits to ensure system information is secure from breach and unauthorized access.
• Conducts offsite audits to assess the efficiency and efficacy of data recovery programs.
• Plans and conducts user training to provide overviews of systems security and improve mainframe efficiency.
• Identifies and monitors key Systems Security functional KPIs, and devises plans and initiatives for improvement.
• Performs miscellaneous tasks as assigned by his/her direct manager.