Posted : Thursday, December 21, 2023 05:57 PM
POSITION DESCRIPTION
The City of Rochester invites applications for the position of:
IT Compliance and Security Coordinator
Rochester Public Utilities
RPU, a division of the City of Rochester, MN, is the largest municipal utility in the State of Minnesota.
RPU serves over 60,000 electric customers and 41,000 water customers in a 60 square mile service area and has revenues nearing $161 million annually.
Vision- "We Will Set the Standard for Service" Our vision is based on six core values which are Safety, Integrity, Service, Stewardship, Accountability, and Skill.
The City of Rochester is committed to a community where all members feel a sense of belonging.
We commit to recognizing the diversity of our community members, listening to ALL voices and providing equitable services to create an inclusive place to live, play and work.
We believe EQUITY should be at the center of all our work.
We strive to represent our community in our teammates, as we know that diverse and inclusive teams are more innovative, and have an empowering impact on the work, progress and culture of our community.
It takes us all working together Nature of Work The IT Security and Compliance Coordinator is a professional position working in cooperation within Rochester Public Utilities (RPU) to develop recommendations and administer comprehensive policies and programs to ensure the overall integrity and optimization of the RPU network systems.
This position will provide direction for continued policy development, risk management oversight and strategic initiatives resulting in improved usability, efficiency and effectiveness.
This position works under limited supervision while taking work direction from IT Management.
Depending on assignment, this position may have an enterprise security or enterprise technology focus.
Salary Information The 2024 starting salary range is $91,918 to $108,139 per year depending on qualifications, with advancement to $135,175.
To have your application considered in the first round of reviews, please apply before May 13th, 2024.
DUTIES AND RESPONSIBILITIES The work below is representative of the scope of work performed within this job classification.
Individual job duties will vary based on work assignment.
*Strategy and Policy Development Recommend short-and-long-term objectives to secure business assets which are balanced with ensuring high levels of customer service delivery, regulatory/audit compliance and system standardization.
Analyze and proactively identify areas where policies can be improved, provide recommendations for new products or changes to mitigate business risk.
Determine system and security requirements by evaluating business strategies and requirements, research information systems and security standards.
*System Monitoring, Effectiveness and Maintenance Monitor, audit and take proactive action in cooperation with system administrators to mitigate identified issues on an ongoing basis.
Provide IT Management with regular status updates and assessments of overall risk profile.
Implement and maintain and ongoing employee education program to ensure security awareness throughout the user population.
Recommend specific security related training for system administrators.
Conduct system security and vulnerability assessments and report status to IT and Senior Management.
Generate and maintain documentation for security specific system hardware and software to include system security plans, configuration, equipment lists, practices and procedures.
Perform complex technical and professional work relative to planning, design, implementation and administration of security related enterprise networking solutions in a multi-departmental network environment.
*Risk Management Oversight Implement, and maintain approved security controls, policies, processes and procedures to manage risk across the RPU information system environment.
Ensure the confidentiality, integrity, and availability of the RPU IT system.
Develop and recommend an ongoing audit plan to evaluate and improve the security effectiveness of the current network systems.
Provide oversight and administration of security assessments and audits performed by internal staff or third-party vendors; implement an action plan to address any deficiencies; ensure completion of action plan.
Examine and evaluate the appropriateness and effectiveness of technological and operational controls and provide recommendations for improvements.
When needed, complete or coordinate audits for internal controls, PCI, NERC/CIP and other regulatory bodies of the IT infrastructure.
Provide periodic updates to the IT and Senior Management relative to key initiatives, audit findings, and improvement plans.
Monitor and analyze security logs and alerts from various sources, (E-ISAC, CISA) such as firewalls, antivirus, intrusion detection and prevention systems, and security information and event management (SIEM) tools.
Lead development and testing of risk management activities including incident response, disaster recovery, IT related business continuity, backup and restore.
*Leadership and Direction Provide leadership and expertise to IT staff and RPU employees regarding technical and security-related projects (new systems and improvements to existing systems).
Engage departmental IT staff for the purpose of analyzing technical issues and security risks, recommending solutions, planning and implementing infrastructure changes.
Consult with internal and external customers to define requirements for complex systems and infrastructure development.
Serve as a liaison with external vendors.
Maintain awareness of changes in the technology/regulatory environment and the relevance to information systems.
Serve as a subject matter expert on IT optimization/security as it relates to infrastructure, industry best practices, trends and network system performance.
Participate in and/or lead IT projects using standard project management methodology.
Coordinate efforts with third parties to enhance RPU’s security posture.
This may include seeking grant opportunities and other security related services.
*Technical Support Services Provide budget planning assistance, service cost allocations, and monitoring of IT budgets including operations, and project budgets.
Provide recommendations to and IT Management to improve the performance and optimization of Information Technology resources.
Troubleshoot and develop solutions to complex technical processing problems.
Provide high-level server/network related technical assistance to teammates in the organization.
Serve as subject matter expert and resource for department system administrators and other teammates.
Perform other duties as assigned or necessary.
Work will occasionally need to be performed outside of normal business hours (including weekends and holidays) to minimize the impact to customers and employees, or to respond to compliance and/or security incidents.
MINIMUM QUALIFICATIONS Education and Experience Bachelor's degree in computer science, information systems, or a closely related field from an accredited four-year college or university; AND at least three (3) years of IT administration, IT compliance, or IT security experience.
Licenses and Certifications Valid driver's license.
Prior to being hired, promoted or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check.
Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training.
Annual cyber security training is also required.
ADDITIONAL INFORMATION KNOWLEDGE, SKILLS AND ABILITIES Knowledge of: multiple aspects of information technology security concepts, principles and procedures including information security, network security, operations security, and internet security; application of current management principles, best practices, industry trends, merging technologies and project management concepts; network architecture and operations (security tools, firewalls, intrusion detection systems, and hacker techniques); public administration policies; laws, rules, and regulations and their associated security requirements; continuity of operations planning requirements and testing; the City and departmental priorities; clear commitment to the City’s mission statement and organizational values.
Skill in: developing and maintaining productive working relationships with City leadership and external parties; providing customer service by positively influencing internal/external customers and other interested parties by finding mutually agreeable solutions; understanding the concepts of emotional intelligence and the impact of their actions on others; effectively making recommendations both independently and under the direction of City Administration; building strong organizational partnerships by eliminating barriers to achieving outcomes; negotiating positive outcomes, and managing conflict in a constructive manner; supporting a team environment and working in a collaborative manner across departmental and boundaries to enable the achievement of organizational objectives and improved IT services.
Ability to: assess current technical infrastructure and services; implement strategic objectives in an effective manner; prepare and present comprehensive technical reports; develop appropriate action plans and organizational IT policies that support a sustainable, secure IT environment; plan, supervise, and coordinate multiple activities; manage complex IT projects; gather, analyze and interpret complex data and resolve challenging problems; turn strategy and objectives into viable outcomes; appropriately handle sensitive and confidential data; analyze technical data and draw logical conclusions from them; write and speak effectively; present information in a meaningful manner that is understood by a variety of employees.
PHYSICAL AND ENVIRONMENTAL CRITERIA In compliance with the Americans with Disabilities Act, the following represents the physical and environmental demands for this position.
The employee must be able to perform the essential functions with or without accommodation.
In consideration of the overall amount of physical effort required to perform this position, the work is best described as Sedentary Work: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body.
Sedentary work involves sitting most of the time.
Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.
Physical demands that may be required continuously (2/3 or more of the time), frequently (1/3 to 2/3 of the time), and occasionally (up to 1/3 of the time) are noted below: Continuous demands: Sitting, Fine Dexterity.
Note: this position requires a majority of time (up to 75%) spent in a seated position.
Sensory requirements necessary in the performance of the essential functions of this position include: sight, hearing, and touch.
Environmental conditions that may exist in the performance of the essential functions of this job include: NONE (not substantially exposed to environmental conditions)
RPU serves over 60,000 electric customers and 41,000 water customers in a 60 square mile service area and has revenues nearing $161 million annually.
Vision- "We Will Set the Standard for Service" Our vision is based on six core values which are Safety, Integrity, Service, Stewardship, Accountability, and Skill.
The City of Rochester is committed to a community where all members feel a sense of belonging.
We commit to recognizing the diversity of our community members, listening to ALL voices and providing equitable services to create an inclusive place to live, play and work.
We believe EQUITY should be at the center of all our work.
We strive to represent our community in our teammates, as we know that diverse and inclusive teams are more innovative, and have an empowering impact on the work, progress and culture of our community.
It takes us all working together Nature of Work The IT Security and Compliance Coordinator is a professional position working in cooperation within Rochester Public Utilities (RPU) to develop recommendations and administer comprehensive policies and programs to ensure the overall integrity and optimization of the RPU network systems.
This position will provide direction for continued policy development, risk management oversight and strategic initiatives resulting in improved usability, efficiency and effectiveness.
This position works under limited supervision while taking work direction from IT Management.
Depending on assignment, this position may have an enterprise security or enterprise technology focus.
Salary Information The 2024 starting salary range is $91,918 to $108,139 per year depending on qualifications, with advancement to $135,175.
To have your application considered in the first round of reviews, please apply before May 13th, 2024.
DUTIES AND RESPONSIBILITIES The work below is representative of the scope of work performed within this job classification.
Individual job duties will vary based on work assignment.
*Strategy and Policy Development Recommend short-and-long-term objectives to secure business assets which are balanced with ensuring high levels of customer service delivery, regulatory/audit compliance and system standardization.
Analyze and proactively identify areas where policies can be improved, provide recommendations for new products or changes to mitigate business risk.
Determine system and security requirements by evaluating business strategies and requirements, research information systems and security standards.
*System Monitoring, Effectiveness and Maintenance Monitor, audit and take proactive action in cooperation with system administrators to mitigate identified issues on an ongoing basis.
Provide IT Management with regular status updates and assessments of overall risk profile.
Implement and maintain and ongoing employee education program to ensure security awareness throughout the user population.
Recommend specific security related training for system administrators.
Conduct system security and vulnerability assessments and report status to IT and Senior Management.
Generate and maintain documentation for security specific system hardware and software to include system security plans, configuration, equipment lists, practices and procedures.
Perform complex technical and professional work relative to planning, design, implementation and administration of security related enterprise networking solutions in a multi-departmental network environment.
*Risk Management Oversight Implement, and maintain approved security controls, policies, processes and procedures to manage risk across the RPU information system environment.
Ensure the confidentiality, integrity, and availability of the RPU IT system.
Develop and recommend an ongoing audit plan to evaluate and improve the security effectiveness of the current network systems.
Provide oversight and administration of security assessments and audits performed by internal staff or third-party vendors; implement an action plan to address any deficiencies; ensure completion of action plan.
Examine and evaluate the appropriateness and effectiveness of technological and operational controls and provide recommendations for improvements.
When needed, complete or coordinate audits for internal controls, PCI, NERC/CIP and other regulatory bodies of the IT infrastructure.
Provide periodic updates to the IT and Senior Management relative to key initiatives, audit findings, and improvement plans.
Monitor and analyze security logs and alerts from various sources, (E-ISAC, CISA) such as firewalls, antivirus, intrusion detection and prevention systems, and security information and event management (SIEM) tools.
Lead development and testing of risk management activities including incident response, disaster recovery, IT related business continuity, backup and restore.
*Leadership and Direction Provide leadership and expertise to IT staff and RPU employees regarding technical and security-related projects (new systems and improvements to existing systems).
Engage departmental IT staff for the purpose of analyzing technical issues and security risks, recommending solutions, planning and implementing infrastructure changes.
Consult with internal and external customers to define requirements for complex systems and infrastructure development.
Serve as a liaison with external vendors.
Maintain awareness of changes in the technology/regulatory environment and the relevance to information systems.
Serve as a subject matter expert on IT optimization/security as it relates to infrastructure, industry best practices, trends and network system performance.
Participate in and/or lead IT projects using standard project management methodology.
Coordinate efforts with third parties to enhance RPU’s security posture.
This may include seeking grant opportunities and other security related services.
*Technical Support Services Provide budget planning assistance, service cost allocations, and monitoring of IT budgets including operations, and project budgets.
Provide recommendations to and IT Management to improve the performance and optimization of Information Technology resources.
Troubleshoot and develop solutions to complex technical processing problems.
Provide high-level server/network related technical assistance to teammates in the organization.
Serve as subject matter expert and resource for department system administrators and other teammates.
Perform other duties as assigned or necessary.
Work will occasionally need to be performed outside of normal business hours (including weekends and holidays) to minimize the impact to customers and employees, or to respond to compliance and/or security incidents.
MINIMUM QUALIFICATIONS Education and Experience Bachelor's degree in computer science, information systems, or a closely related field from an accredited four-year college or university; AND at least three (3) years of IT administration, IT compliance, or IT security experience.
Licenses and Certifications Valid driver's license.
Prior to being hired, promoted or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check.
Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training.
Annual cyber security training is also required.
ADDITIONAL INFORMATION KNOWLEDGE, SKILLS AND ABILITIES Knowledge of: multiple aspects of information technology security concepts, principles and procedures including information security, network security, operations security, and internet security; application of current management principles, best practices, industry trends, merging technologies and project management concepts; network architecture and operations (security tools, firewalls, intrusion detection systems, and hacker techniques); public administration policies; laws, rules, and regulations and their associated security requirements; continuity of operations planning requirements and testing; the City and departmental priorities; clear commitment to the City’s mission statement and organizational values.
Skill in: developing and maintaining productive working relationships with City leadership and external parties; providing customer service by positively influencing internal/external customers and other interested parties by finding mutually agreeable solutions; understanding the concepts of emotional intelligence and the impact of their actions on others; effectively making recommendations both independently and under the direction of City Administration; building strong organizational partnerships by eliminating barriers to achieving outcomes; negotiating positive outcomes, and managing conflict in a constructive manner; supporting a team environment and working in a collaborative manner across departmental and boundaries to enable the achievement of organizational objectives and improved IT services.
Ability to: assess current technical infrastructure and services; implement strategic objectives in an effective manner; prepare and present comprehensive technical reports; develop appropriate action plans and organizational IT policies that support a sustainable, secure IT environment; plan, supervise, and coordinate multiple activities; manage complex IT projects; gather, analyze and interpret complex data and resolve challenging problems; turn strategy and objectives into viable outcomes; appropriately handle sensitive and confidential data; analyze technical data and draw logical conclusions from them; write and speak effectively; present information in a meaningful manner that is understood by a variety of employees.
PHYSICAL AND ENVIRONMENTAL CRITERIA In compliance with the Americans with Disabilities Act, the following represents the physical and environmental demands for this position.
The employee must be able to perform the essential functions with or without accommodation.
In consideration of the overall amount of physical effort required to perform this position, the work is best described as Sedentary Work: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body.
Sedentary work involves sitting most of the time.
Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.
Physical demands that may be required continuously (2/3 or more of the time), frequently (1/3 to 2/3 of the time), and occasionally (up to 1/3 of the time) are noted below: Continuous demands: Sitting, Fine Dexterity.
Note: this position requires a majority of time (up to 75%) spent in a seated position.
Sensory requirements necessary in the performance of the essential functions of this position include: sight, hearing, and touch.
Environmental conditions that may exist in the performance of the essential functions of this job include: NONE (not substantially exposed to environmental conditions)
• Phone : NA
• Location : 4000 E River Road NE, Rochester, MN
• Post ID: 9157800334