Description
The Bay Area Air Quality Management District (District) is a regional government agency, committed to achieving clean air to protect the public's health, the environment and the global climate. The District accomplishes this goal through regulation of industrial facilities, regional planning efforts and various outreach and incentive programs designed to encourage clean air choices.
The District's jurisdiction encompasses all of seven counties - Alameda, Contra Costa, Marin, San Francisco, San Mateo, Santa Clara and Napa, and portions of two others - southwestern Solano and southern Sonoma.
The District is currently conducting an open recruitment for the position of Manager (Cyber Security) in the Information Services Division. This is a full-time, exempt, management position. There is one (1) vacancy.
Under the general direction of the Director of Information Services, the incumbent is responsible for managing the Cyber Security Team and all its functions and projects.
The incumbent must possess a thorough understanding of project management, Cyber Security (CS) operations principles and best practices, and have the expertise to successfully manage multiple complex CS efforts simultaneously in cooperation with other technology teams and business partners, as well as formulate and implement CS strategy; develop and manage contracts, budgets, and procurements; hire, train, and mentor staff; create and implement/improve operational support processes; create and sustain meaningful and positive customer interactions.
The Information Systems Manager – Cyber Security is responsible for effective leadership of Cyber Security operations, management, policy development and maintenance and delivery of all assigned cyber security services, including but not limited to the security of servers, storage, data, local area networks, wide area networks, wireless networking, mobile device management, cloud services, security monitoring, voice services, remote access, virtualization platforms and services, and would include both Platform/Software as a Service or on-premises internally hosted offerings.
Because of the dependencies which exist between these systems and the services offered by the organization across lines of business and internal technology teams, the Cyber Security team provides critical support to the success of the District and its mission by ensuring efficient, collaborative, and strategic use of cyber security services being offered by the Information Services Division.
DEFINITION
Under administrative direction, plans, organizes, supervises, reviews and evaluates staff and activities of the District's Information systems Section; performs related work as assigned.
DISTINGUISHING CHARACTERISTICS
This single position class manages all systems and programming activities for the District's cyber security systems. The incumbent is responsible for accomplishing section goals and objectives and for furthering District goals and objectives within general policy guidelines. This class is distinguished from Director of Administrative Services in that the latter has overall managerial responsibility for all personnel, business, information systems and financial services for the District.
Examples of Duties for this Position
The Information Systems Manager – Cyber Security is responsible for effective leadership of Cyber Security Services. These services ensure successful security operation, management, and delivery of all assigned cyber security services, including but not limited to:
- Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support IS security goals and objectives and reduce overall organizational risk.
- Develop and oversee the implementation of cybersecurity policies, ensuring compliance with regulations and alignment with organizational goals.
- Advise senior management on risk levels and security posture, providing strategic guidance to enhance organizational cybersecurity.
- Ensure cybersecurity requirements are integrated into the continuity planning and development efforts of the organization.
- Collect and maintain data needed to meet system cybersecurity reporting and monitoring requirements.
- Communicate the value of cybersecurity throughout all levels of the organization’s stakeholders.
- Coordinate and oversee cybersecurity inspections, tests, and reviews for the network environment.
- Identify alternative information security strategies and implications of new technologies or upgrades.
- Interpret patterns of noncompliance to determine their impact on risk and overall effectiveness of the cybersecurity program.
- Manage the monitoring of information security data sources to maintain organizational situational awareness.
- Oversee the information security training and awareness program.
- Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
Core Competencies- Business Continuity
- Computer Network Defense
- Enterprise Architecture
- Information Systems/Network Security
- Information Technology Assessment
- Network Management
- Policy Development and Management
- Risk Management
- Threat Assessment and Analysis
- Vulnerabilities Assessment
Core Knowledge- Knowledge of data backup and recovery.
- Knowledge of business continuity and disaster recovery continuity of operations plans.
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Knowledge of controls related to the use, processing, storage, and transmission of data.
- Knowledge of encryption algorithms.
- Knowledge of the organization's enterprise information technology (IT) goals and objectives.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of measures or indicators of system performance and availability.
- Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
- Knowledge of network traffic analysis methods.
- Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
- Demonstrated skill creating policies that reflect system security objectives.
- Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
- Knowledge of current and emerging threats/threat vectors.
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of what constitutes a network attack and a network attack's relationship to both threats and vulnerabilities.
- Knowledge of penetration testing principles, tools, and techniques.
Additionally:
- Uses interpersonal skills and influence to achieve operational and project delivery buy-in and successful participation/outcomes across the organization.
- Develops and implements goals, objectives, policies, procedures, and work standards for the assigned programs.
- Directs, organizes, assigns, reviews, and evaluates the work of assigned staff; selects and trains staff and provides for their professional development.
- Establishes activity measures and measurements of accountability for the section. Prepares and controls operational budget and expenditures.
- Appropriately represents the District and provides support to the Director/Officer as required.
Minimum Qualifications
Education and Experience:
A typical way to obtain the knowledge and skills is:
Equivalent to graduation from a four-year college or university with major coursework in computer sciences, mathematics, business or public administration or a closely related field and four years of experience managing an information security program.
Desirable Qualifications
In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:
Demonstrated multi-vendor and complex IT contract management experience.
Demonstrated ability to exercise a high degree of initiative, demonstrate tact, and exercise sound judgment reflecting the best interests of the Air District.
Demonstrated effective communication skills.
Demonstrated ability to develop and maintain effective & cooperative working relationships.
Ability to easily adapt to changing priorities.
How to Apply & Selection Criteria
Interested individuals must submit a completed BAAQMD application, chronological resume, and responses to the supplemental questions no later than 5:00 p.m. on Tuesday, July 2, 2024. Applications are accepted online only. Please visit our website at www.baaqmd.gov/jobs to apply or to download an application. Resumes must be included, and not in lieu of the required application materials. Postmarks, faxes, and E-mailed applications will not be accepted.
Except as requested in this announcement, do not include any additional documents, such as letters of recommendation, performance evaluations, work samples, etc. They will not be considered or returned.
Supplemental Questions Instructions
Individuals who apply for this position must respond to each of the supplemental questions. The responses to the supplemental application questions will be used in accordance with the procedures indicated under the Selection Criteria in the vacancy announcement. Your responses should be as detailed as possible.
Instructions:
• Please limit your responses to one page per question.
• Do not combine your responses, or reference your application, resume, or any other requested documentation that you have included with your application packet to answer a question.
• For each question regarding experience, you must provide: the name of the employer where you gained your experience, your job title, length of time in years/months performing the specific function, and detailed examples that illustrate your duties and responsibilities.
SELECTION CRITERIA:
Selection may be based upon a competitive examination consisting of a written exercise, interview, or combination of the two. Depending on the number of qualified applicants, an application screening and/or panel interview may be used to determine the most qualified applicants.
The District may hire from this recruitment process to fill future vacancies occurring within the next 18 months.
Updates regarding your status in the recruitment will be sent via email, unless you indicate a different preference on your application.
Persons with disabilities who may require reasonable accommodations during the application and/or selection process should notify the Human Resources Office at (415) 749-4980.
The District is an Equal Opportunity Employer.