Job Type: Non-Union
Job Posting: COP-00117-23
Salary: $104,810 – $114,559
Job Grade Level: A24
Department: Information Technology
The City of Providence welcomes and encourages diversity in our workforce at all levels of the organization. We provide equal employment opportunities to all employees and applicants for employment and prohibit hiring discrimination of any type. All City hiring decisions are made without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
PLEASE NOTE:
All persons employed by the City of Providence are required to have achieved a fully vaccinated status against the COVID-19 virus. “Fully vaccinated status” shall be defined as having received the full number of doses required to complete the vaccination series of one of the currently recognized COVID-19 vaccines. Proof of vaccination completion will be required before beginning employment with the City.
Job Summary
Under the general oversight of the Deputy Director of IT Operations, the Information Security Project Manager is the technical expert supporting the Information Technology Division’s security policies, projects and practices. In this role, you will be responsible for shaping and overseeing the information security policies and procedures that safeguard our organization’s data assets. The ideal candidate will possess a deep understanding of information security frameworks, compliance standards, and risk management, with a strong emphasis on translating technical requirements into effective and comprehensive policies.
Duties & Responsibilities
Develop and maintain a robust set of information security policies and procedures that align with industry standards, regulatory requirements, and organizational goals.
Assist senior security staff with the development and implementation of continuity of operations plans. Test incident response plans using tabletop and real-time exercises.
Research security enhancements and make recommendations to management. Stay up-to-date on information technology trends and security standards.
Lead security projects to perform tests and uncover network vulnerabilities, secure credentials, protect digital assets and hardware, and secure web-based software solutions. Administer assigned projects, and collect and review aggregated log data for potential breaches and security issues.
Provide expert-level guidance for new projects by anticipating potential issues and determining feasible solutions. Assist in the selection of security solutions to protect city assets.
Be able to communicate security issues with senior management or end-users. Serve as a security expert and conduct training briefings when needed.
Develop and maintain an incident response plan to ensure a timely and effective response to security incidents. Conduct regular drills and exercises to test the effectiveness of the incident response plan.
Develop and deliver training programs to educate employees on information security policies, procedures, and best practices to foster a culture of security awareness throughout the organization.
Collaborate with IT, legal, compliance, and other relevant departments to ensure a cohesive and integrated approach to information security. Represent IT security interests in developing and reviewing RFPs across all departments.
Performs other related duties as assigned.
Minimum Qualifications
Currently hold a Bachelor’s degree in Computer Science, Information Security, Information Technology, or similar. A Master’s degree in Cyber Security is preferred. Real-life work experience will be considered as a substitution for education requirements.
The ideal candidate will hold at least one active industry certification such as CISSP, SANS GCIH, Security +, or equivalent.
The ideal candidate will have five (5) years of progressive experience in information security, cyber threat operations, or incident management.
Solid knowledge and understanding of firewalls, proxies, SIEM, HBSS/antivirus, and IDS/IPS systems. Actual hands-on experience preferred.
Hands-on experience identifying and mitigating network vulnerabilities. Work experience in developing and implementing mitigation strategies to avoid future vulnerabilities.
Firm understanding of the patch management processes, deploying patches quickly, being mindful of the business impact.
Experience in developing policies and procedures, documenting workflows and leading testing programs.
Possess the ability to create and define a process that may not exist.
Knowledge of information security technologies, compliance and regulatory matters, information governance, and privacy best practices.
Familiarity with security frameworks (e.g. NIST Cybersecurity framework) and risk management methodologies
Must possess and maintain a valid state driver’s license.
Must be able to perform all essential functions of the job.
Posting expires when position is filled.
