Job Description
Reporting to the Director of Technology Services, this role centes on safeguarding the organization from IT cyber security threats through the effective management of the Information Security program. This includes designing and implementing IT security controls grounded in industry best practices and ensuring they deliver optimal value to the organization. Additionally, the role involves driving innovation and growth in cyber services, while fostering a culture of security awareness and best practices across the organization by leading, mentoring, and promoting the advantages of maintaining a strong security posture. Accountabilities: Comply with corporate and departmental policies and procedures.Ensure a high degree of service for both internal and external customers in accordance with Town standards.Develop and implement security policies and protocols by creating comprehensive cybersecurity policies and procedures that align with industry standards and regulatory requirements.Conduct regular risk assessments to identify vulnerabilities and develop strategies to mitigate risks.Lead cybersecurity incidents to ensure timely mitigation and minimize impact on operations.Develop and deliver training programs to educate employees about security best practices and the importance of cybersecurity hygiene.Manage the operation and maintenance of cybersecurity tools and infrastructure, such as firewalls, and antivirus software.Ensure compliance with relevant cybersecurity laws, regulations, and standards, and managing audits.Implement measures to protect sensitive information and ensure data privacy.Assess and manage cybersecurity risks associated with vendors and service providers.Allocate and manage the budget for cybersecurity initiatives to enhance security posture.Stay informed about emerging threats and trends and analyzing threat intelligence.Develop and maintain plans to ensure business continuity in the event of a cybersecurity incident.Lead, mentor, and develop the cybersecurity team to foster a culture of continuous improvement.Communicate with senior management and stakeholders on cybersecurity risks and strategies.Evaluate new cybersecurity technologies and practices for potential adoption to enhance security capabilities. Technical/Professional Competencies: Cybersecurity Frameworks and Standards Knowledge: Expertise in frameworks such as NIST, ISO/IEC 27001, and CIS Controls, essential for developing security policies and ensuring compliance.Risk Assessment and Analysis Skills: Ability to conduct thorough risk assessments and analyze potential security threats to develop effective mitigation strategies.Incident Response and Management: Proficiency in identifying, managing, and mitigating cybersecurity incidents quickly and efficiently.Network Security: Deep understanding of network architectures, protocols, and security measures to protect against threats.Encryption and Data Protection Techniques: Knowledge of encryption standards and data protection methods to secure sensitive information.Security Information and Event Management (SIEM): Skills in using SIEM tools for real-time analysis of security alerts generated by applications and network hardware.Cloud Security: Understanding of cloud infrastructure and platforms (e.g., AWS, Azure, Google Cloud) and how to implement cloud security controls.Penetration Testing and Vulnerability Assessment: Ability to conduct penetration tests and vulnerability assessments to identify weaknesses in the security posture.Regulatory and Compliance Knowledge: Familiarity with cybersecurity regulations and standards and the ability to ensure organizational compliance.Security Software and Tools Proficiency: Experience with antivirus software, firewalls, intrusion detection systems (IDS), and other security software.Project Management Skills: Ability to manage security projects, including planning, executing, monitoring, and closing projects effectively.Technical Writing and Documentation: Skills in creating clear and comprehensive security policies, procedures, and reports. Qualifications: Minimumqualifications:Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM) (or working toward)3-6 years of experience in information security or cybersecurity roles, with a progression of responsibility over that time. This experience should demonstrate a deep understanding of cybersecurity principles, practices, and technologies.Hands-on experience across multiple security technologies, including firewalls, intrusion detection systems, encryption methods, and Security Information and Event Management (SIEM) tools, coupled with a solid grasp of network and system architecture.Incident Response and Management: Experience in developing and executing incident response plans, managing security incidents, and conducting post-incident analysis to improve future security posture.Compliance and Risk Management: Demonstrated experience with risk assessments, audits, and ensuring compliance with relevant laws, regulations, and standards such as NIST or ISO/IEC 27001.