This class is responsible for the management of security for the Delaware Criminal Justice Information System (CJIS), which is used routinely by agencies throughout the State including the Courts, law enforcement agencies, and correctional institutions.
Nature and Scope
This class functions under the direction of an administrative superior and is responsible for developing, implementing, and enforcing information security policies, standards, best practices and procedures for various CJIS components. A significant aspect of this work involves conducting security assessments and investigating potential security breaches; ensuring that information is protected from accidental and unauthorized violations/use; assigning security codes and access; and control and audit of the security functions in the user agencies. In addition, the incumbent performs inspection of security systems and back up process for sensitive applications. Principal contacts are with DELJIS staff and management for the purpose of providing technical expertise and recommendations, law enforcement and user agency management to resolve investigations of breaches, and DTI to provide technical assistance related to shared software programs.
Essential functions are fundamental, core functions common to all positions in the class series and are not intended to be an exhaustive list of all job duties for any one position in the class. Since class specifications are descriptive and not restrictive, incumbents can complete job duties of similar kind not specifically listed here.
Ensures authorized use of information systems through development, management, and enforcement of security standards, procedures and policies.
Performs investigations of potential security breaches, including accidental or intentional unauthorized use/access of CJIS information, interviews accused individuals, and recommends corrective action to the DELJIS Board of Managers and the Director, State Bureau of Identification.
Performs background checks on systems users; assigns security codes, restrictions and accessibility of information to authorized users.
Prepares and coordinates security site audits, investigations, and incident management.
Provides assistance to department staff and user agencies on security policy and conducts security related training.
Makes recommendations for and assists in the implementation of new techniques or security procedures to improve methods of operations, strengthen controls, and effectively utilize resources.
May testify in court.
Researches, consults, and assists with current and future design upgrades/maintenance for DELJIS applications in order to ensure functionality of security measures.
Provides expertise on software programs shared with DTI and works with vendors to resolve complex security software issues.
Participates in after hours on-call rotation to resolve Help Desk issues. Serves as the Agency’s Information Security Officer and the lead for Disaster Recovery and Business Continuity Planning.
Knowledge, Skills and Abilities
The intent of the listed knowledge, skills and abilities is to give a general indication of the core requirements for all positions in the class series; therefore, the KSA’s listed are not exhaustive or necessarily inclusive of the requirements of every position in the class.
Knowledge of concepts, methods and techniques of information processing principles and programming to include hardware and software technology.
Knowledge of concepts, methods and techniques of information systems data communications security systems implementation.
Knowledge of the functions, capabilities and use of the Delaware Criminal Justice Information System.
Knowledge of the functions of the various DELJIS user agencies.
Knowledge of the principles and practices of program administration.
Knowledge of system design and operational capabilities to include database management and software security.
Knowledge of disaster recovery and business continuity planning.
Knowledge of investigative techniques, rules and regulations.
Ability to investigate allegations in a sensitive and effective manner.
Ability to identify the source of errors, trouble-shoot the errors, and work with third party vendors to resolve the error.
Ability to perform system analysis and design in order to recommend security systems development for new or modified systems.
Ability to communicate effectively, both orally and in written form.
Ability to establish and maintain an effective working relationship with officials of the criminal justice community.
Ability to review documentation to ascertain the occurrence of a security violation.
Ability to develop technical standards easily interpreted by lay personnel.
JOB REQUIREMENTS for DELJIS Security Manager
Applicants must have education, training and/or experience demonstrating competence in each of the following areas:
Three years experience in conducting investigations of information security breaches, which includes accidental and intentional unauthorized use/access of information systems, and recommends corrective action.
Six months experience in maintaining information security by conducting assessments/audits and analysis of information systems to identify security risks, changes/upgrades, evaluating system security measures along with performing internal security control reviews, developing security reports, and preparing corrective actions to audits and other findings.
Six months experience in developing, implementing, and enforcing information systems security policies, standards, best practices and procedures.
Knowledge of maintaining a criminal justice information system which includes communicating system operation problems; participating in the development of changes, corrections, enhancements and new features and determining the feasibility of changes.
Knowledge of disaster recovery and business continuity planning which includes developing, designing, and implementing plans.