IT SECURITY ADMINISTRATOR (CITY EMPLOYEES ONLY)

Under limited supervision, performs advanced professional, technical, and administrative work in planning, implementing, managing, and maintaining the City's cybersecurity program. This position is responsible for safeguarding the confidentiality, integrity, and availability of the City's information systems, networks, and data in alignment with established security policies, regulatory requirements, and industry standards. The I.T. Security Administrator conducts risk assessments, monitors security threats, implements controls, and leads incident response efforts. This role also provides technical guidance, promotes cybersecurity awareness, and collaborates with IT staff and City Departments to ensure a secure and compliant technology environment. This position may provide technical oversight and direction to IT staff and serves as a key resource in protecting critical infrastructure, including systems supporting public safety operations. This is not intended as a comprehensive list; it is intended to provide a representative summary of the major duties and responsibilities. Incumbent(s) may be required to perform all duties listed, and may be required to perform additional, position-specific tasks. Plans, implements, and administers the City's information security program, policies, and procedures. Conducts vulnerability assessments, penetration analysis (where applicable), and internal security audits to identify risks and system weaknesses. Develops and implements remediation strategies, security controls, and risk mitigation plans based on findings and regulatory requirements. Monitors network, endpoint, and cloud environments for security threats, suspicious activity, and intrusion attempts; responds accordingly. Leads and coordinates incident response, investigation, containment, eradication, and recovery activities. Maintains and enforces access controls, identity management, and least-privilege standards across systems. Administers and supports cybersecurity tools including firewalls, endpoint detection and response (EDR), SIEM platforms, email security, and vulnerability management systems. Ensures timely application of security patches and updates in coordination with Systems Administrator. Develops, maintains, and enforces cybersecurity policies, standards, and procedures aligned with frameworks such as NIST, CJIS, and CIS Controls. Conducts and coordinates security awareness training and phishing simulations for employees. Performs regular audits to ensure compliance with internal controls, policies, and applicable regulations. Maintains logs, prepares reports, and documents security incidents, findings, and remediation activities. Assesses third-party/vendor security risks and provides recommendations. Alerts leadership of significant risks, beaches, or attempted intrusions in accordance with established protocols. Stays current with emerging cybersecurity threats, technologies, and regulatory changes. Supports disaster recovery, business continuity, and emergency operations related to IT security. Ensures the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems and in databases and other data repositories. Perform related duties as assigned.

Knowledge, Skills and Abilities:

Thorough k nowledge of information security principles, frameworks, and best practices. Knowledge of cybersecurity risk assessment methodologies, vulnerability management, and threat detection. Knowledge of network architecture, TCP/IP, firewalls, intrusion detection/prevention systems, and endpoint security. Knowledge of Windows server environments, Active Directory, and enterprise systems. Knowledge of CJIS security requirements and public safety system protections. Ability to analyze complex security incidents, identify root causes, and implement corrective actions. Ability to manage multiple projects, prioritize risks, and meet deadlines in a fast-paced environment. Ability to develop and maintain cybersecurity policies and procedures. Strong analytical, problem-solving, and decision-making skills. Ability to communicate technical information effectively to non-technical stakeholders. Ability to handle sensitive and confidential information with integrity. Ability to work independently and collaboratively across Departments and staff.

Education and Experience Requirements:

A Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a closely related field; with a minimum of three (3) years of progressively responsible experience in information security, cybersecurity administration, or related field. Most possess one of the following: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); OR a Master's degree in Cybersecurity, Information Assurance, or related field. Additional professional certifications such as Security+, CEH, GIAC, or Microsoft/Azure security certifications are highly desirable. Must possess and maintain a valid Florida driver's license with a satisfactory driving history throughout employment.

Public Safety Compliance:

The applicant will be required to undergo and successfully complete a criminal background investigation, polygraph examination, and applicable FDLE requirements. Must obtain and maintain CJIS National/Florida Crime Information Center (NCIC/FCIC) security clearance for access to law enforcement systems. Employees in this classification may be required to participate in a 24-hour on-call rotation for security incidents and system support. Evening and/or weekend work may be required in order to perform administration and maintenance duties. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to sit and talk or hear. The employee is frequently required to walk; use hands and fingers to handle, or operate objects, tools, or controls; and reach with hands and arms. Ability to lift and/or move up to 25 pounds. The noise level in the work environment is moderately quiet. Work is performed in an office setting within a controlled environment.