REQUIRED EDUCATION AND EXPERIENCE

Bachelor’s degree in Information Systems or related field; CompTIA Security+ and CISSP, or 15+ years in IT security and operations in lieu of education/certifications. Experience in municipal and government systems and workflows a plus.

KNOWLEDGE AND SKILLS

• Knowledge of data backup and recovery.
• Knowledge of business continuity and disaster recovery continuity of operations plans.
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Knowledge of controls related to the use, processing, storage, and transmission of data.
• Knowledge of encryption algorithms.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles.
• Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
• Knowledge of network traffic analysis methods.
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Knowledge of server and client operating systems.
• Skill in creating policies that reflect system security objectives.
• Knowledge of new and emerging information technology and cybersecurity technologies.
• Knowledge of current and emerging threats/threat vectors.
• Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
• Knowledge of penetration testing principles, tools, and techniques.
• Strong ability to communicate with staff of varying technical abilities.
• Strong technical, analytical, and problem-solving skills, as well as good written and oral communications skills.
• Ability to communicate and disseminate information within the organization as appropriate.
• Ability to work on multiple assignments; be an effective collaborator, exercise good judgment in decision-making and discretion with the routine access to confidential information; meet deadlines, work independently, demonstrate an attention to detail and be flexible.
• Self-starter with ability to work independently, as a leader of a team, and as a member of a team.

PHYSICAL REQUIREMENTS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Moderate physical effort is generally required to perform duties. The employee is frequently required to operate equipment, walk, stand, sit, speak, and hear, lift, reach, balance, crouch, crawl, and stoop. Tasks may involve extended periods of time at a keyboard or workstation. Must be able to communicate verbally. Light lifting and carrying of work materials, including files, microcomputers and peripheral equipment or other items weighting between 15-20 pounds.
Position requires the ability to operate a keyboard for extended periods of time. Position requires the ability to view computer screens for an extended period of time. Position requires the ability to walk around to access Town offices on a regular basis including traversing flights of stairs in various buildings. Position requires fully correctable close vision, color vision and depth perception.

ADDITIONAL REQUIREMENTS

Valid driver’s license
This job description does not constitute an employment agreement between the employer and employee, and is subject to change by the employer, as the needs of the employer and requirements of the job change.
The Arlington Public Schools are committed to creating an inclusive and safe learning and working environment that reflects a diversity of perspectives, values, and experiences. We welcome staff who are aware of the role that bias and prejudice play in society, are creative and willing to try new approaches, and are reflective about their daily practice. We are looking for candidates who welcome a challenge, are eager to collaborate and contribute to the success of students, are ready to engage in two-way partnership with families, and who will contribute their diverse talents to the organization as a whole

SUPERVISORY RESPONSIBILITIES

No direct reports. Manages vendors and consultants. Coordinates activities with other senior IT managers and teams internally and across departments to ensure consistency in goals, policies, technical and administrative procedures and management direction.

ESSENTIAL DUTIES AND RESPONSIBILITIES

The essential functions or duties listed below are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related, or a logical assignment to the position.

• Advise Chief Information Officer on risk levels and security posture.
• Monitor for possible security violations and take appropriate action to respond to incidents (going through alerts and logs in order to monitor Town and School’s digital footprint).
• Manager the Town and School’s cyber security and incident response program. Responsible for protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Provide after action reports (identify lessons learned and recommend improvement) for cyber incidents to Chief Information Officer, Town Manager and Superintendent of Schools.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Evaluate and evolve end point detection, internal scanning and email security programs and best practices.
• Oversee the information security training and awareness program.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Collaborate with other departments to identify practices and procedures for new and existing services that align with Arlington’s cybersecurity program.
• Identify security requirements specific to an information technology system in all phases of the system life cycle.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Collect and maintain data needed for reporting, analyze patterns and trends and produce dashboards for internal and external consumption.
• Lead cybersecurity inspections, tests, and reviews for the network environment.
• Identify information technology security program implications of new technologies or technology upgrades.
• Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of application and network system operations.