Company Description
The City of Philadelphia values inclusion, integrity, innovation, empowerment, and hard work above all else. We offer a vibrant work environment, comprehensive health care and benefits, and the experience you need to grow and excel. If you’re interested in working with a passionate team of people who care about the future of Philadelphia, start here.
The Office of Innovation & Technology (OIT) is the central IT agency for the City of Philadelphia headed by the Chief Information Officer (CIO). OIT oversees all major information and communications technology initiatives for the City of Philadelphia - increasing the effectiveness of the information technology infrastructure, where the services provided are advanced, optimized, and responsive to the needs of the City of Philadelphia’s businesses, residents, and visitors. OIT responsibilities include: identifying the most effective approach for implementing new information technology directions throughout city government; improving the value of the city’s technology assets and the return on the city’s technology investments; ensuring data security continuity; planning for continuing operations in the event of disruption of information technology or communications services; and supporting accountable, efficient and effective government across every city department, board, commission and agency.
Job Description
The City of Philadelphia is seeking a highly motivated and experienced Information Security Manager - Public Safety to join our team in support of the Chief Information Security Officer (CISO) and the Deputy CIO – Public Safety (DCIO Public Safety). This critical role will be responsible for ensuring the confidentiality, integrity, and availability of our information systems, with a strong focus on compliance with the Criminal Justice Information (CJI) Security Policy and the NIST Cybersecurity Framework. The ideal candidate possesses a deep understanding of security best practices, regulatory requirements, and technical expertise in implementing and maintaining security controls within a public safety context.
Essential Functions:
- Assists the CISO and DCIO - Public Safety on cybersecurity issues, policies and practices within the OIT 911 and Public Safety functions.
- Assists the CISO and DCIO - Public Safety in directing and approving security system designs within the OIT 911 and Public Safety functions.
- Maintains relationships with other localities, state and federal law enforcement and other related government agencies including the Pennsylvania Emergency Management Agency and PEMA 911 advisory board.
- Schedules periodic security audits and works with outside consultants as appropriate for independent security audits.
- Implement and maintain security controls in accordance with CJIS Security Policy and the NIST CSF framework, specifically tailored for public safety environments.
- Conduct regular security assessments, vulnerability scans, and penetration testing to identify and mitigate risks.
- Develop and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&Ms).
- Respond to security incidents and implement corrective actions.
- Monitor security logs and alerts to identify suspicious activity and potential threats.
- Collaborate with IT teams and public safety personnel to ensure secure system configurations and deployments.
- Provide security awareness training to employees, with a focus on public safety specific threats and vulnerabilities.
- Participate in security audits and compliance reviews.
- Perform risk assessments and identify mitigation strategies.
- Evaluate and recommend security tools and technologies suitable for public safety environments.
QUALIFICATIONS
- Completion of a bachelor’s degree program at an accredited college or university, which has included major course work in computer science, information science, system analysis, software engineering, or a closely related field.
- Minimum of eight years of work experience, which must include at least three years of direct IT security-related experience, including exposure to the NIST Framework.
- Experience performing information security risk assessments including identifying threats, vulnerabilities, and risk.
- Experience with Vulnerability Management programs.
- Experience working with common information security tools including Endpoint Detection and Response, network filtering technologies (Web, DNS), Identity and Access Management solutions, and SIEM technologies required.
- Experience managing a team of professionals and demonstrated project management skills.
- Knowledge and familiarity with CJIS Security Policy and NIST 800-53 rev. 5 framework.
- Valid Certified Information Systems Security Professional (CISSP) credential, such as CISSP-ISSAP, CISSP-ISSEP or CISSP-ISSMP, is preferred but not required.
- Should have experience with planning, auditing, and risk management, as well as contract and vendor negotiation.
- Ability to develop requests for and evaluate proposals in reference to leading-edge information services technology.
Additional Information
Salary Range: $110,000 - $120,000
Important: To apply, candidates must provide a cover letter and a resume.
Linked-in
Google