Under general direction, performs the highest level of professional information technology duties related to administration of the County's information security program; assumes responsibility for developing, directing and ensuring the security of the County's most complex and strategic operations including mainframe, networked and database systems; performs comprehensive and complex programmatic design, analysis and development duties within the Information Systems Division; and performs other work as required in accordance with Rule 3, Section 3 of the Civil Service Rules.
This class is at the highest-level within the Information Systems Analyst series. Incumbents perform work of a professional nature, utilizing skills that require an understanding of the most complex analytical procedures and processes in the Division while working with a very high level of independent authority and judgment.
This class is distinguished from the non-specialized Information Systems Analyst V class by the fact that the incumbent serves as the highest level technical resource for County information security matters and also assumes responsibility for directing and coordinating various operational and technical security-related activities that impact the County's most complex and strategic systems, network and database operations.
Assumes responsibility for developing, directing, establishing and maintaining the County's information security program and ensuring the security of the County's most complex and strategic operations related to mainframe/server, networked and database systems.
Develops, coordinates, establishes and maintains policies to provide guidance to County departments and staff regarding Local Area Network (LAN), Wide Area Network (WAN), mainframe, server and desktop security issues; researches and recommends centralized written manuals and procedures regarding security controls.
Plans, organizes and coordinates committees, task forces and meetings to identify, resolve and administer security-related issues and activities; assists County departments with disaster recovery planning and testing.
Researches, identifies and analyzes existing and potential security threats that could harm or destroy County information assets; interacts and communicates with other government agencies and external organizations to stay aware of security issues; as appropriate, issues countywide virus and threat warnings as well as information regarding the identification, avoidance and mitigation of such threats.
Leads and directs complex projects designed to provide for the protection of County information assets; recommends solutions and appropriate technology to meet County needs; designs project and resource plans and schedules; develops proposals using cost/benefit analyses; evaluates proposed system hardware and software to ensure compatibility with existing systems; coordinates with vendors and contractors; writes and evaluates proposals; negotiates contracts for security-related equipment and services; oversees the installation and evaluation of software and hardware; controls and reports budget expenditures; directs members of the project team; provides written reports and presentations on project status.
Performs countywide information security audits to identify weaknesses that could be used to gain access to confidential County information.
Serves as the central point of contact for the County regarding information technology-related incidents or violations; assists department information technology staff and others (e.g., law enforcement, auditors) in investigating security violations; performs formal investigations of County employees for misuse of County assets; collects evidence using forensics techniques and specialized software; communicates with department heads, County Counsel, Labor Relations, Human Resources and others regarding sensitive and confidential situations; reports violations to law enforcement agents as required.
Serves as technical resource to County staff regarding information security matters; provides training to new employees through the County's new employee orientation program, as well as special departmental training sessions.
Creates, implements, maintains and tests emergency and disaster recovery measures that ensure continual operational readiness of high-profile County systems.
Attends and participates in professional group meetings; stays abreast of new trends and innovations in the field of information technology in general and information security in particular.
Either Pattern I
Experience: One year as an Information Systems Analyst IV in San Joaquin County.
Note: Individuals employed within the Information Systems Division in the San Joaquin County class of Office Automation Coordinator on June 14, 2006 shall be deemed to meet this requirement.
OR PATTERN II
Education: Graduation from an accredited four-year college or university with a major in computer science, information systems, mathematics, business administration or a related field.
Experience: Four years of increasingly responsible professional, analytical computer and related systems work in an information systems environment that included substantial responsibility for planning, administering and ensuring LAN, WAN, Internet and other systems security.
Substitution #1: Possession of an approved information systems technology certificate, or completion of an approved information systems training course may substitute for all or part of the above-required education. A list of approved certificates and/or courses shall be maintained within the Human Resources Department.
Substitution #2: Additional qualifying experience may substitute for the above required education on a year-for-year basis to a maximum of two years.
Operations, services and activities of a comprehensive information systems security program involving multiple operating platforms; advanced principles and practices of system design, development, analysis, testing and security administration; advanced methods and techniques of evaluating information security requirements and developing security solutions for strategic County systems; principles and practices of project management; functional structure of various operating system components, including system control programs and data access methods; advanced concepts, advanced concepts, principles and practices of wide area network design, development, protocols, security and administration; operations, services and activities of a comprehensive database administration program; advanced methods and techniques of developing data security, integrity, backup and recovery processes; advanced principles of database design, administration, management and integrity; principles and concepts of relational database management systems; operational characteristics of database support tools, servers and communication devices; principles of lead supervision and training; methods and techniques of developing complex application technical user manuals and documentation; pertinent Federal, State and local laws, codes and regulations.
Plan, develop, establish, monitor and maintain system security strategies; direct and coordinate technical information security operations and services; serve as technical advisor regarding information security; analyze department procedures and data to develop logical security solutions for complex systems; recommend, evaluate, design, develop, test and install complex security systems including specialized applications and supporting hardware and software; provide advanced level technical support for the implementation and maintenance of security systems; plan and oversee quality assurance and security procedures for mainframe, database, and network systems; provide support to complex wide are network security design and implementation projects; troubleshoot and analyze complex local and wide area network security problems; evaluate database security needs and develop models to meet County information security needs; as assigned, lead and review the work of project staff; prepare clear and concise technical reports and documentation; communicate clearly and concisely, both orally and in writing; establish and maintain effective working relationships with those contacted in the course of work.
Mobility-Frequent use of keyboards; frequent sitting, standing or walking for long periods; occasional pushing/pulling, bending, squatting and crawling; driving; Lifting-Frequently 5-30 pounds; occasionally 70 pounds or less; Vision-Constant use of good overall vision; frequent reading/close-up work; occasional color, depth and peripheral vision; Dexterity-Frequent repetitive motion; frequent writing; frequent grasping, holding, reaching; Hearing/Talking-Frequent talking/hearing in person and on the telephone; Emotional/Psychological-Frequent decision making and concentration; frequent public contact; occasional working alone; Special Requirements-Working nights and traveling; Environmental-Frequent exposure to noise.