Military Spouse Connection Jobs

Military Spouse Connection mobile logo
Home View All Jobs (2,294,683)

Job Information

The City of Rochester, MN IT Compliance and Security Coordinator in Rochester, Minnesota

IT Compliance and Security Coordinator

Print (https://www.governmentjobs.com/careers/rochester/jobs/newprint/4461483)

Apply



IT Compliance and Security Coordinator

Salary

$91,918.00 - $135,175.00 Annually

Location

Rochester MN 55906, MN

Job Type

Regular FT

Job Number

20240018

Department

Rochester Public Utilities

Opening Date

04/29/2024

  • Description

  • Benefits

  • Questions

POSITION DESCRIPTION

The City of Rochester invites applications for the position of:

IT Compliance and Security Coordinator

Rochester Public Utilities

RPU, a division of the City of Rochester, MN, is the largest municipal utility in the State of Minnesota. RPU serves over 60,000 electric customers and 41,000 water customers in a 60 square mile service area and has revenues nearing $161 million annually.

Vision- "We Will Set the Standard for Service"

Our vision is based on six core values which are Safety, Integrity, Service, Stewardship, Accountability, and Skill.

The City of Rochester is committed to a community where all members feel a sense of belonging. We commit to recognizing the diversity of our community members, listening to ALL voices and providing equitable services to create an inclusive place to live, play and work.

We believe EQUITY should be at the center of all our work. We strive to represent our community in our teammates, as we know that diverse and inclusive teams are more innovative, and have an empowering impact on the work, progress and culture of our community.

It takes us all working together

Nature of Work

The IT Security and Compliance Coordinator is a professional position working in cooperation within Rochester Public Utilities (RPU) to develop recommendations and administer comprehensive policies and programs to ensure the overall integrity and optimization of the RPU network systems. This position will provide direction for continued policy development, risk management oversight and strategic initiatives resulting in improved usability, efficiency and effectiveness. This position works under limited supervision while taking work direction from IT Management. Depending on assignment, this position may have an enterprise security or enterprise technology focus.

Salary Information

The 2024 starting salary range is $91,918 to $108,139 per year depending on qualifications, with advancement to $135,175.

To have your application considered in the first round of reviews, please apply before May 13th, 2024.

DUTIES AND RESPONSIBILITIES

The work below is representative of the scope of work performed within this job classification. Individual job duties will vary based on work assignment.

*Strategy and Policy Development

  • Recommend short-and-long-term objectives to secure business assets which are balanced with ensuring high levels of customer service delivery, regulatory/audit compliance and system standardization.

  • Analyze and proactively identify areas where policies can be improved, provide recommendations for new products or changes to mitigate business risk.

  • Determine system and security requirements by evaluating business strategies and requirements, research information systems and security standards.

    *System Monitoring, Effectiveness and Maintenance

  • Monitor, audit and take proactive action in cooperation with system administrators to mitigate identified issues on an ongoing basis. Provide IT Management with regular status updates and assessments of overall risk profile.

  • Implement and maintain and ongoing employee education program to ensure security awareness throughout the user population. Recommend specific security related training for system administrators.

  • Conduct system security and vulnerability assessments and report status to IT and Senior Management.

  • Generate and maintain documentation for security specific system hardware and software to include system security plans, configuration, equipment lists, practices and procedures.

  • Perform complex technical and professional work relative to planning, design, implementation and administration of security related enterprise networking solutions in a multi-departmental network environment.

    *Risk Management Oversight

  • Implement, and maintain approved security controls, policies, processes and procedures to manage risk across the RPU information system environment.

  • Ensure the confidentiality, integrity, and availability of the RPU IT system.

  • Develop and recommend an ongoing audit plan to evaluate and improve the security effectiveness of the current network systems.

  • Provide oversight and administration of security assessments and audits performed by internal staff or third-party vendors; implement an action plan to address any deficiencies; ensure completion of action plan.

  • Examine and evaluate the appropriateness and effectiveness of technological and operational controls and provide recommendations for improvements.

  • When needed, complete or coordinate audits for internal controls, PCI, NERC/CIP and other regulatory bodies of the IT infrastructure.

  • Provide periodic updates to the IT and Senior Management relative to key initiatives, audit findings, and improvement plans.

  • Monitor and analyze security logs and alerts from various sources, (E-ISAC, CISA) such as firewalls, antivirus, intrusion detection and prevention systems, and security information and event management (SIEM) tools.

  • Lead development and testing of risk management activities including incident response, disaster recovery, IT related business continuity, backup and restore.

    *Leadership and Direction

  • Provide leadership and expertise to IT staff and RPU employees regarding technical and security-related projects (new systems and improvements to existing systems).

  • Engage departmental IT staff for the purpose of analyzing technical issues and security risks, recommending solutions, planning and implementing infrastructure changes.

  • Consult with internal and external customers to define requirements for complex systems and infrastructure development.

  • Serve as a liaison with external vendors.

  • Maintain awareness of changes in the technology/regulatory environment and the relevance to information systems.

  • Serve as a subject matter expert on IT optimization/security as it relates to infrastructure, industry best practices, trends and network system performance.

  • Participate in and/or lead IT projects using standard project management methodology.

  • Coordinate efforts with third parties to enhance RPU’s security posture. This may include seeking grant opportunities and other security related services.

    *Technical Support Services

  • Provide budget planning assistance, service cost allocations, and monitoring of IT budgets including operations, and project budgets.

  • Provide recommendations to and IT Management to improve the performance and optimization of Information Technology resources.

  • Troubleshoot and develop solutions to complex technical processing problems.

  • Provide high-level server/network related technical assistance to teammates in the organization.

  • Serve as subject matter expert and resource for department system administrators and other teammates.

    Perform other duties as assigned or necessary.

Work will occasionally need to be performed outside of normal business hours (including weekends and holidays) to minimize the impact to customers and employees, or to respond to compliance and/or security incidents.

MINIMUM QUALIFICATIONS

Education and Experience

Bachelor's degree in computer science, information systems, or a closely related field from an accredited four-year college or university; AND at least three (3) years of IT administration, IT compliance, or IT security experience.

Licenses and Certifications

Valid driver's license.

Prior to being hired, promoted or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check. Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is also required.

ADDITIONAL INFORMATION

KNOWLEDGE, SKILLS AND ABILITIES

Knowledge of: multiple aspects of information technology security concepts, principles and procedures including information security, network security, operations security, and internet security; application of current management principles, best practices, industry trends, merging technologies and project management concepts; network architecture and operations (security tools, firewalls, intrusion detection systems, and hacker techniques); public administration policies; laws, rules, and regulations and their associated security requirements; continuity of operations planning requirements and testing; the City and departmental priorities; clear commitment to the City’s mission statement and organizational values.

Skill in: developing and maintaining productive working relationships with City leadership and external parties; providing customer service by positively influencing internal/external customers and other interested parties by finding mutually agreeable solutions; understanding the concepts of emotional intelligence and the impact of their actions on others; effectively making recommendations both independently and under the direction of City Administration; building strong organizational partnerships by eliminating barriers to achieving outcomes; negotiating positive outcomes, and managing conflict in a constructive manner; supporting a team environment and working in a collaborative manner across departmental and boundaries to enable the achievement of organizational objectives and improved IT services.

Ability to: assess current technical infrastructure and services; implement strategic objectives in an effective manner; prepare and present comprehensive technical reports; develop appropriate action plans and organizational IT policies that support a sustainable, secure IT environment; plan, supervise, and coordinate multiple activities; manage complex IT projects; gather, analyze and interpret complex data and resolve challenging problems; turn strategy and objectives into viable outcomes; appropriately handle sensitive and confidential data; analyze technical data and draw logical conclusions from them; write and speak effectively; present information in a meaningful manner that is understood by a variety of employees.

PHYSICAL AND ENVIRONMENTAL CRITERIA

In compliance with the Americans with Disabilities Act, the following represents the physical and environmental demands for this position. The employee must be able to perform the essential functions with or without accommodation.

In consideration of the overall amount of physical effort required to perform this position, the work is best described as Sedentary Work: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

Physical demands that may be required continuously (2/3 or more of the time), frequently (1/3 to 2/3 of the time), and occasionally (up to 1/3 of the time) are noted below:

Continuous demands: Sitting, Fine Dexterity.

Note: this position requires a majority of time (up to 75%) spent in a seated position.

Sensory requirements necessary in the performance of the essential functions of this position include: sight, hearing, and touch.

Environmental conditions that may exist in the performance of the essential functions of this job include:

NONE (not substantially exposed to environmental conditions)

EMPLOYEE BENEFIT AND RETIREMENT SUMMARY (https://www.rochestermn.gov/home/showdocument?id=36371&t=637988555643816877)

01

The following supplemental information may be used as a scored evaluation of your knowledge, skills and experience. Be certain that the choices you make correspond to the information you have provided in your application and resume. By completing this supplemental questionnaire you are attesting that the information you have provided is true and accurate. Any information provided may be reviewed by the hiring manager. Any misstatements or falsification of information will eliminate you from consideration or may result in dismissal. Do you understand and agree with this statement?

  • Yes

  • No

    02

    What is your preferred name?

    03

    Which of the following best describes your level of education?

  • High school diploma or equivalent G.E.D.

  • Less than 2 years post-secondary training

  • Completion of a 2 year program or degree

  • Completion of a 4 year program or degree

  • Completion of a Master's degree or higher

  • None of the above

    04

    Other than your High School diploma/GED, which of the following best describes the field of study for your degree?

  • Computer Science

  • Computer Technology

  • Computer Networking

  • Computer Engineering

  • Computer/Management Information Systems

  • Information Management

  • Information Systems Security

  • Information Technology Infrastructure

  • A field of study closely related to the above

  • My degree is in an area NOT RELATED to any of the above

  • N/A - I do not have a degree

    05

    Which of the following security-related certifications/designations do you currently possess: (Select all that apply)

  • Certified Information Systems Security Professional (CISSP)

  • CompTIA Security+ (Security+)

  • Certified Information Systems Auditor (CISA)

  • Certified Information Systems Manager (CISM)

  • GIAC Information Security Professional (GISP)

  • GIAC Certified Project Manager (GCPM)

  • GIAC Systems and Network Auditor (GSNA)

  • GIAC Security Expert (GSE)

  • N/A - I do not possess any security-related certifications/designations

    06

    Which of the following best describes your years of full-time equivalent employment experience managing enterprise security?

  • No experience

  • Less than 3 years

  • More than 3 years, but less than 5

  • More than 5 years, but less than 7

  • More than 7 years, but less than 10

  • More than 10 years

    07

    Which of the following best describes the size of the network, in terms of the number of devices, where you obtained your work experience managing enterprise security?

  • Less than 300 devices

  • More than 300, but less than 500 devices

  • More than 500, but less than 1000 devices

  • More than 1000, but less than 2000 devices

  • 2000 or more devices

  • N/A - I have no computer network security experience

    08

    Which of the following best describes the percentage of your time that was dedicated to performing enterprise security duties?

  • Less than 20% of my overall time

  • More than 20%, but less than 40% of my overall time

  • More than 40%, but less than 75% of my overall time

  • More than 75% of my overall time

  • 100% - All of my time is spent on enterprise security-related duties

  • N/A - I do not have any enterprise security-related experience

    09

    Does your enterprise security-related employment experience include working with any of the following applications and/or systems? (Select all that apply)

  • SAP Enterprise System

  • Microsoft SQL Server database administration

  • Microsoft Server

  • Cisco Firewalls

  • Cisco IPS

  • Microsoft Purview

  • Siem products

  • NSX

  • N/A - None of the above

    10

    Which of the following best describes your overall employment experience managing or leading enterprise security projects?

  • N/A - I have no experience in this area

  • Limited - I have been responsible for managing simple project(s) with a predetermined scope and timeline, involving a single process or functional area.

  • Moderate - I have been responsible for managing complex project(s) with a broader scope and undefined timeline, providing work direction to internal resources, and involving multiple functional areas.

  • Extensive - I have been responsible for initiating, designing and executing project plans; defining the scope and establishing the timeline; monitoring the project budget; providing work direction to internal and external resources; and involving multiple functional areas and/or entities.

    11

    Does your employment experience include complying with any of the following required enterprise security audits? (Select all that apply)

  • PCI

  • NERC/FERC

  • BCA/FBI

  • HIPPA

  • Other (List below)

  • N/A - I do not have any enterprise security audit experience

    12

    Which of the following best describes your experience appearing before and providing information to elected boards and councils, public agencies, business and civic groups?

  • Limited - I have attended public meetings and/or hearings

  • Moderate - I have presented information at public meetings and/or hearings

  • Extensive - I regularly appear before and provide information to elected boards or councils and provide technology-related information to various groups as a regular part of my job

  • N/A - I have no experience in this area

    13

    OTHER QUALIFICATIONS: Describe any other special training you've completed or skills and experience you currently possess that you feel would make you the best-qualified person for this position.

    14

    CONDITIONS OF EMPLOYMENT: If selected as a finalist, are you willing to undergo a background investigation which may include, but not limited to: verification of employment and educational records, identification verification, driver's license record and a criminal history?

  • Yes

  • No

    Required Question

Agency

City of Rochester

Address

201 4th Street SE Rochester, Minnesota, 55904

Phone

(507) 328-2555

Website

https://www.rochestermn.gov/employment

Apply

Please verify your email address Verify Email

DirectEmployers