Information Security & Compliance Supervisor

About The Position

Requirements

• Knowledge of: Principles, practices and methods of cybersecurity infrastructure and vulnerability management; Cybersecurity and Information Protection and Privacy principles and practices; evolving sources of security threats and vulnerabilities; principles and best practices for enterprise incident response programs; online systems security products and methodologies, applicable to both the enterprise infrastructure and its applications and data management systems; preventative security controls in general industry use including firewalls, IDS/IPS, VPN and others; common cybersecurity management frameworks and standards; PCI compliance requirements and standards; principles, practices and techniques of information technology management; operating system architectures, characteristics, components, uses and limitations applicable to the District information technology environment; network architectures and theory and principles of secure network design, integration, configuration and management; principles and methods of enterprise level data management and data storage solutions; project management methods, tools and techniques; troubleshooting principles and practices applicable to areas of responsibility; customer relationship management and internal consulting concepts and practices; District/SNWA functions and associated information security and compliance management issues and needs; principles and practices of effective supervision; District human resources policies and labor contract provisions.
• Ability to: Plan, organize, supervise and participate in administering a comprehensive cybersecurity protection framework including policies, standards and guidelines; build teamwork and collaboration with other IT units and departments to optimize effectiveness of the enterprise cybersecurity program; effectively carry out assigned project management responsibilities; analyze trends and business intelligence to understand the sources of cybersecurity threats, changes in threat actors and attacker methodologies and use critical thinking and problem solving skills to develop appropriate solutions and counter measures; isolate problem causes, perform root cause analysis and formulate solutions and workarounds; identify cybersecurity management issues and opportunities, analyze problems and alternatives, apply effective technical solutions and develop sound conclusions and recommendations; set priorities and allocate resources to most effectively meet needs in a timely manner; develop and implement appropriate procedures and controls; prepare clear, concise and accurate reports and other materials; communicate clearly and effectively to diverse audiences of technical and non-technical personnel, orally and in writing; exercise sound independent judgment within general guidelines; use tact and diplomacy when dealing with sensitive, complex and/or confidential issues; establish and maintain highly effective customer-focused working relationships with all levels of management, employees, consultants, contractors, vendors and others encountered in the course of work.
• graduation from a four-year college or university with major coursework in computer science, information systems or a closely related field
• seven years of progressively responsible professional information technology experience involving large-scale cybersecurity and incident response programs
• A valid Nevada driver's license and ability to maintain insurability under the District's Vehicle Insurance Policy may be required for certain assignments.
• Current certification as a Certified Information Systems Security Professional (CISSP) and PCI Internal Security Auditor, or Security+ and two or more other cybersecurity-related certifications are required.

Nice To Haves

• Experience in a government or public utility setting is highly desirable.
• Certification as a Security & Network Auditor (GSNA) and/or Penetration Tester (GPEN) are preferred but not required.

Responsibilities

• Plans, organizes, supervises and participates in administering a comprehensive cybersecurity protection framework including policies, standards and guidelines
• Build teamwork and collaboration with other IT units and departments to optimize effectiveness of the enterprise cybersecurity program
• Effectively carry out assigned project management responsibilities
• Analyze trends and business intelligence to understand the sources of cybersecurity threats, changes in threat actors and attacker methodologies and use critical thinking and problem solving skills to develop appropriate solutions and counter measures
• Isolate problem causes, perform root cause analysis and formulate solutions and workarounds
• Identify cybersecurity management issues and opportunities, analyze problems and alternatives, apply effective technical solutions and develop sound conclusions and recommendations
• Set priorities and allocate resources to most effectively meet needs in a timely manner
• Develop and implement appropriate procedures and controls
• Prepare clear, concise and accurate reports and other materials
• Communicate clearly and effectively to diverse audiences of technical and non-technical personnel, orally and in writing
• Exercise sound independent judgment within general guidelines
• Use tact and diplomacy when dealing with sensitive, complex and/or confidential issues
• Establish and maintain highly effective customer-focused working relationships with all levels of management, employees, consultants, contractors, vendors and others encountered in the course of work.