WORKING FOR THE CITY OF MCKINNEY
Working for the City of McKinney is more than a job.  It is an opportunity to make a meaningful difference in the lives of others.  It is also an opportunity to have a hand in the development of one of the fastest growing communities in the nation.  In 2014, our community was named "The #1 Best Place to Live in America."  Although proud of that honor, everyone on our team is committed to making McKinney an even better place to live, work and raise a family.  That's why we exist.
 
OUR CORE VALUES
City of McKinney employees work hard and at a very fast pace.  However, we also look after and support one another.  All of us are guided by four employee-inspired values – Respect, Integrity, Service, and Excellence (RISE).  We are also supported by servant-based leaders who foster and support a healthy, family-oriented culture.  All new employees are expected to embrace and live by our core values and commit to helping us sustain our exceptional work environment as a high performance organization.
 
SUMMARY OF POSITION
This position is responsible for the planning, coordination, and activities of enterprise information security initiatives; ensures the City of McKinney IT enterprise, architecture, infrastructure and all computer-based and computer-generated assets of the city are appropriately secure and are maintained with proper authorized control within prescribed policies, standards, goals, and objectives.

Essential Functions/Knowledge, Skills, & Abilities

GENERAL EXPECTATIONS FOR ALL EMPLOYEES 
In order for us to continue to achieve our primary function of making McKinney a better place to live, work, and raise a family, we hold these expectations for all employees.

• Learn and demonstrate an understanding of how team, department, and City goals are interconnected.
• Contribute to a positive work culture.
• Maintain regular and reliable attendance.
• Ability to assess his/her work performance or the work performance of the team.
• Contribute to the development of others and/or the working unit or overall organization.
• Ability and willingness to work as part of a team, to demonstrate team skills, and to perform a fair share of team responsibilities.
• Ability to continuously learn and develop through a mix of internal and external training opportunities, and if applicable, encourage subordinates to do the same.

 
ESSENTIAL DUTIES AND RESPONSIBILITIES

• Analyze and resolve security breaches and vulnerability issues accurately in a timely manner. Identify the root cause analysis to prevent it from reoccurring.
• Design, perform, and/or oversee penetration testing of all systems in order to proactively identify system vulnerabilities; define security requirements; correct security issues.
• Develop and implement the information security strategic plan for the City of McKinney and all enterprise technology (infrastructure, applications, and software suites)
• Evaluate, recommend, and manage existing and new security products, services, and techniques for the purpose of enhancing information security controls and practices on behalf of the city technology architecture; responsible for the integration, monitoring and remediation of network devices, backend infrastructure, and endpoint security. 
• Fundamental understanding, practice, and implementation of enterprise cloud security.
• Proactively promote information security awareness and education throughout the city by establishing and overseeing annual/semi-annual user training program. This is to include essential operational security (OPSEC), individual workstation/email practices, and city owned hardware security best practices.
• Serve as primary point of contact for the city proximity badge readers/system, associated management software, and vendor partnerships.
• Ensure that all security related documentation is current and accurate; report on appropriate information security standards adherence.
• Assign priorities to security projects; maintain security project assignments, deliverables and status files. 
• Implement, manage, and enforce information security directives as mandated by HIPAA; perform ongoing risk assessments and audits to ensure that information systems are adequate and meet HIPAA requirements.
• Implement, manage, and enforce information security directives as mandated by CJIS; perform ongoing risk assessments and audits to ensure that information systems are adequate and meet CJIS requirements.
• Coordinate investigations of suspected computer system misuse with the appropriate data owners, application owners, and documents the results of such investigations; coordinates with Human Resources and City Management as necessary. 
• Assist in various associate relations activities such as hiring and training and development; assists with HR requests to provide documentation and assist in investigations as necessary.
• Serve as an internal information security consultant to the organization by ensuring the city applies industry best practices surrounding information security.
• Develop, maintain, and manage a security incident response team that reviews and plans for security incidents and how to best respond.
• Perform information security risk assessments and serves as an internal auditor for security issues.
• Adhere to City's incident and change management process to ensure all support tickets and changes are tracked and updated.
• Participate and plan for disaster recovery exercises and business continuity plans and update them as needed
• Serve as department point of contact for security service, regardless of assigned application system(s) issues.
• Accept ownership of maintaining awareness of new technologies and advances in the profession; read professional literature; attend workshops and training sessions as appropriate; drive/implement security concepts/knowledge ascertained applicable to the IT enterprise.
• Suggest, maintain, and drive departmental security standards, procedures, and documentation.
• Is knowledgeable of, understands, and practices the philosophies of the IT Operations Guide, IT Security Policy, and direction of the Department of Information Technology.
• Comply with all written City policies and procedures.
• Adhere to assigned work schedule as outlined in City and department attendance policies and procedures.           

 
OTHER JOB FUNCTIONS:

• Perform other duties as assigned or directed.                         

 
KNOWLEDGE, SKILLS, ABILITIES, AND BEHAVIORS

• Ability to embrace and embody the City's core values of Respect, Integrity, Service, and Excellence (R.I.S.E.).
• Ability to communicate effectively with peers, supervisors, subordinates, and people to whom service is provided.
• Ability to produce desired work outcomes, including quality, quantity, and timeliness.
• Ability to plan and organize work, time, and resources, and if applicable, that of subordinates.
• Knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, current and evolving information security concepts and strategies, and other industry-standard techniques and practices.
• Knowledge of network and platform operating systems and protocols.
• Experience with Palo Alto firewalls, ACL's, routing protocols (BGP/OSPF), net flow, IPS/IDS, proxy servers, endpoint protection, VPN's, CentOS/Linux, and SQL/DBMS hardening.
• Experience with or the ability to learn the following security tools: SecureLink, Splunk, Gigamon, Proofpoint, Tenable, and Varonis.
• Experience with the AWS cloud environment.
• Experience with security access control/proximity badge readers and management software.
• Strong analytical and problem solving skills.
• Strong leadership and decision making skills.
• Ability to prioritize work load and consistently meet deadlines.
• The ability to work in a team environment; contribute as a team member and treat co- workers, subordinates and customers with respect.
• Build professional relationships with internal staff and customers.
• Offer flexibility and adaptability, especially during times of change.
• Communicate effectively both orally and in writing.
• Knowledge and understanding of ITILv3, ISO/IEC 27001/27002, NIST CSF, HIPAA, and CJIS.

Required Qualifications

MINIMUM QUALIFICATIONS
Bachelor's degree from an accredited educational institution with major course work in computer science, information systems or a related field or CISSP, supplemented by minimum of four (4) years directly related and progressively responsible experience.  Must possess or have the ability to obtain Certified Information System Security Professional (CISSP) and Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) within one year of hire.
 
Any work related experience resulting in acceptable proficiency levels in the above Minimum Qualifications may be an acceptable substitute for the above specified education and experience requirements.
 
CONDITIONS OF EMPLOYMENT

• Must pass a drug screen and background check.
• Must have Class C Texas Driver's License

Physical Demands/Supplemental

PHYSICAL DEMANDS
Tasks involve the ability to exert light physical effort in sedentary to light work, but which may involve some lifting, carrying, pushing and/or pulling of objects and materials of light weight (25 pounds).  Tasks may involve extended periods of time at a keyboard or work station.  Some tasks require visual and sound perception and discrimination and oral communications ability.
 
WORK ENVIRONMENT
There is limited exposure to environmental conditions.
 
 
The above statements describe the general nature and level of work being performed as of the date of preparation and approval.  They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of the position.  Employees holding this position will be required to perform any other job-related duties as requested by management. The job description does not constitute an employment agreement between the employer and employee, and all requirements are subject to possible modification to reasonably accommodate individuals with disabilities.
 
The City of McKinney is an equal opportunity employer (EOE) committed to an alcohol / drug free workplace and to providing equal opportunities regardless of age, race, color, gender, religion, national origin, marital status, veteran status, disability or any other legally protected status.