Enter your email address in the 
Information Security Manager - KUA
GENERAL DEFINITION OF WORK:
Responsible for the management and development of the organization’s cyber and physical security programs and systems. Performs in a lead role of the red/blue team as part of an ongoing cyber maturity program and coordinates incident response activities. Manages risk assessment and vulnerability mitigation, coordinates penetration testing and third-party audits. Documents alerts, bulletins and vulnerabilities and assigns applicable cases for resolution to individuals. Manages and maintains physical security systems including video surveillance, magnetic doors, gates and key cards. Performs technical work in the area of corporate intranet, data management, and administration of security credentials. Serves as the public records officer and is responsible for adherence and provision of the public records program in accordance with applicable laws. Does related work as required. Work is performed under the general supervision of the Vice President of Information Technology. Supervises assigned personnel.
TYPICAL TASKS:
Evaluates and implements uses of cyber defense tools, systems, and practices in defending the enterprise network, and subsidiary network systems. Coordinates tracking and resolution of downward directed alerts and action items from federal, state, and local authorities on matters of cyber security. Conducts penetration and vulnerability testing on internal and external systems. Formalizes cybersecurity policy and compliance with NIST standards, documents cyber related events and prepares reports or briefings for development of the red/blue team. Manages the security administration of an active directory environment, including application of policy and resolution of permission changes, user access, threat detection and whitelisting of approved applications. Develops and recommends cybersecurity policy and practices. Directs security access protocols for core business systems including Financial (FIS), Customer (CIS) and Engineering (GIS) information systems. Responsible for physical security systems including video surveillance, perimeter access, and control systems. Manages the company intranet functionality and permissions across the organization. Responsible for oversight of all paper and digital records of the Kissimmee Utility Authority, and administration of a uniform records management program, ensuring proper application of a records disposition schedules. Maintains computer asset inventory, tags and tracks resources and provides reports for budgeting and planning purposes. Provisions public records requests, calculates customer cost if applicable and ensures the proper redaction of material before release, and timely delivers requested products. Organizes bulk paper records and containers including searches, retrieval and disposition.
KNOWLEDGE, SKILLS AND ABILITIES:
Must demonstrate advanced knowledge of cybersecurity procedures and skills in a defensive and offensive position, including knowledge of Kali Linux, Windows Server and related hardware applications. Must be well versed in securing multiple systems such as Microsoft Windows, Linux, Avigilon, Web Application Firewalls, MS SQL, and cloud storage platforms. Advanced operational knowledge of security key card controllers, magnetic locks, and video surveillance systems is required. Must be able to navigate, index and administer and retrieve video footage, security records, voice recordings, and network data artifacts. Knowledge of on-premise SharePoint design, implementation and maintenance is required. Must know and be able to provision corporate records requests in accordance with State of Florida and Federal Guidelines for records retention and public records laws. Knowledge of advanced network administration practices in an active directory environment is essential. Knowledge of common office software for spreadsheets, documents and presentations is required. Ability to understand and carry out written and oral instructions. Ability to establish and maintain effective working relationships with fellow workers and the general public. Ability to work with confidential information, investigations and research into personnel related matters. Must be able to properly lift or displace document containers weighing up to forty (40) pounds Knowledge and ability to supervise assigned staff.
EDUCATION AND EXPERIENCE:
A bachelor’s degree in information management, cybersecurity, computer science or a related discipline is required. Five (5) years experience in an information security or cyber security role. Certifications commensurate with advanced red/blue team responsibilities such as EC-Council Certified Ethical Hacker, CompTIA Security+, CompTIA PenTest+ or higher are required. Experience working on a cyber incident or red/blue team is preferred. Windows Server, video surveillance systems, key card access and knowledge of physical/data security is required. Advanced office experience with responsibilities in cybersecurity, records retention, network administration and physical security systems is required. Some supervisory experience desired. Any combination of certifications, experience and training.
SPECIAL REQUIREMENTS:
Must be able to become a certified Penetration Tester within the first year in the position.