Under general direction, is responsible for information security policy development and the maintenance and design of security policy education, training, and awareness activities. Defines, documents, and implements security strategies, architectures, and procedures, and verifies that voice and data computing infrastructure is properly protected from internal and external threats. Designs business processes to ensure a secure environment and compliance with applicable law. Coordinates, investigates and reports on security incidents. This position is in Salary Grade T: $76,440.00 - $96,574.40 - $116,688.00 per year. The hiring range is from $76,440.40 to $101,403.12 per year.
This position will remain open until filled.
- Develops and implements strategies to balance security recommendations with business needs; defines solutions that balance both business and security requirements.
- Defines global security policies, standards, guidelines and procedures to ensure ongoing maintenance of security.
- Conducts information security risk assessments and risk management services, providing security risk evaluation, mitigation, and solutions to projects and initiatives.
- Performs security audits of off-the-shelf and custom applications and infrastructure.
- Stays abreast of industry best practices in risk management techniques and integrates new methods and tools as appropriate.
- Monitors vendor and third party security reports/lists in assisting staff in proactively applying security patches.
- Provides in-depth support for information security incidents including internal violations, hacker attacks, viruses, and system outages. Assists with the investigation of security breaches, policy violations, and other security incidents.
- Identifies methods to enhance existing security services. Researches, designs, schedules, and implements new security technologies into the current operating environment.
- Any combination of education and experience equivalent to a bachelor’s degree in Computer Science, Mathematics or Business, with approximately five to eight years of related experience in computer security analysis in business and accounting environments, three of which are at the journey level in computer security analysis in business and accounting environments.
- Hands on experience with various network security services including Cisco firewalls, Virtual Private Network (VPN) and Public Key Infrastructure (PKI).
- Current and/or previously held security related certifications are required (e.g., CISA, GSNA, GSAE).
- Security practices on current releases of Windows server, Windows desktop, Linux, and HP/UX server operating systems.
- Security concepts.
- Remote access protocols.
- Security practices on current releases of VMware, ESX, and Citrix XenServer Hypervisors.
- Anti-virus tools, specifically Microsoft Forefront.
- Cisco switches and routers.
- Patch management tools, specifically Microsoft System Center Configuration Manager.
- Familiarity with Citrix VPX AccessGateway Server.
- Internet filtering tools, specifically Websense.
- COBIT best practices, HIPAA, and PCI security requirements.
- Intrusion detection/prevention systems
- Define, analyze, and develop security solutions.
- Develop and prepare effective documentation covering system security, policies, and procedures.
- Work in a multi-disciplinary team.
- Develop and implement long range security management solutions.
- Adapt to technological advancements within the industry.
The above statements are intended to indicate the general nature and level of work performed by employees within this classification. They are not designed to contain or be interpreted as an exhaustive list of all duties, responsibilities, skills, and qualifications required of employees assigned to this job.
ORANGE COUNTY TRANSPORTATION AUTHORITY
An Equal Opportunity/Affirmative Action Employer
Orange County Transportation Authority - 23 months ago