Job Summary

Epiq's cloud journey has brought us some exciting new products and technologies. To keep pace, our cybersecurity team is looking to add additional cloud security expertise to our team. The cloud security engineer will report to our Director of Business Information Security (BISO) and be responsible for helping develop and implement security standards across our Azure and AWS environments. The ideal person for this role will have strong background in native technologies in AWS and or Azure. In particular, this role will need to understand cloud configuration management processes and tools and how those integrate into a mature DevSecOps pipeline.

• Work collaboratively with the Cloud Steering Committee to recommend, understand, and implement security standards and configurations in Epiq's Cloud Environment
• Provide support to software development and IT infrastructure teams in implementing security controls across cloud environments that achieve the requirements set forth in Epiq's cloud security policies and standards
• Assess the efficacy of current security controls and identify improvements that will add additional security capability, cost savings, and/or automation efficiency.
• Consult with software developers on design strategies and approaches to common security controls within their cloud applications.
• Report back to cybersecurity leadership on challenges, obstacles, and needs across the cloud environment where the cybersecurity program can be adapted to provide greater support and coverage.
• Track and report metrics to measure the success of cloud security initiatives
• Support efforts of the Cloud Security Posture Management program to identify, assess, and report on security controls implementation across critical cloud assets

Required Qualifications:

• 5+ years of experience working in a corporate cloud infrastructure environments
• Proven mastery of native technologies in Azure or AWS (ideally but preference given to AWS skillsets).
• Understanding of Secure Cloud practices in hybrid environments using traditional and cloud native technologies
• Proven ability to adapt and apply existing cloud technology experience to understand and build competence in new or unfamiliar technologies.
• Knowledge of common cloud security frameworks and guidance such as the NIST 800-144, 800-210, OWASP Cloud-Native Application Top 10, etc.

Preferred Qualifications:

• Demonstrated ability to build collaboration and credibility with resources across the organization who have different or potentially conflicting goals and priorities
• Demonstrated ability to define and report against critical metrics and key performance indicators
• Demonstrated ability to communicate, present and influence credibly and effectively to peers and members of the leadership team
• Demonstrated ability to provide technical leadership and effectively explain deeply technical concepts to individuals without background in those knowledge areas

NA

Summary

This is advanced technical work assisting in building cybersecurity into critical operations systems to ensure safe ITS CV and AV activities. The specialist will be responsible for assisting in the design, development, implementation, and integration of architectures, systems, and system components. This position will ensure that the architecture and design of development and operational systems are functional and secure, and it will also assist in the development of innovative approaches to drive change in cybersecurity risk management across the Traffic Operations department to prevent or minimize disruptions to critical information infrastructure.

Positions allocated to this classification report to a designated supervisor and work under general supervision. Work in this class is distinguished from other classes by its specialized and advanced technical skills sufficient to resolve complex automated/computerized systems with an emphasis on cybersecurity.

Company Overview

Make a difference in the community you live in! As a Community Builder—an employee with the City of Gainesville— you will have a direct hand in building and improving your community and making a visible impact on the lives of your neighbors. Working for local government is more than a job, it’s a chance to contribute to community success and to help enhance the Gainesville way of life.

• Department: GG_Public Works: Traffic Technology
• Salary Range: $33.16 - $50.52
• Closing Date: 09/26/2024

• Depending on area of assignment:
• Performs as the departmental Cyber Security Policy, regulations and standards subject matter expert.
• Performs and assists in the analysis, design, implementation and administration of automated/computerized systems.
• Performs Information Technology security and vulnerability assessment with relevant hardware software and coding languages.
• Assists in the use of complex departmental systems specialized software applications, including system generation, compilers, link editors, assemblers, and other vendor supplied systems software packages.
• Evaluates hardware/software needs and training/documentation.
• Identifies, prioritizes, and resolves reported problems including data, account administration, email, desktop, and application issues.
• Plans, schedules, and implements modifications to the computer operating system.
• Evaluates automated/computerized system failures and assists in their recovery.
• Reviews, evaluates and recommends emerging technologies, state-of-the-art languages, tool sets and advanced technologies with regards to cybersecurity and emerging Information Technology vulnerabilities.
• Ensures advanced levels of security by loading application and operating-specific patches, certificates, and implementing network security methodologies.
• Attends work on continuous and regular basis.
• Non-essential functions:
• May require on-call responsibilities.
• May require after-hours and weekend support responsibilities.
• May function as a team leader.
• May be responsible for enforcing the drug policy, based on physical location and organizational structure.
• Performs other related duties as assigned.

Required Qualifications

• Bachelor degree from an accredited college or university with major course work in information technology, computer sciences, data management and analytics, computer programming, information science, or systems engineering, and two (2) years of progressively responsible Information Technology experience relevant to the needs and subject matter of the hiring department, or

• An Associate degree from an accredited college or university with major course work in information technology, computer sciences, computer programming, information sciences or system engineering, and four (6) years progressively responsible Information Technology experience relevant to the needs and subject matter of the hiring department.

• Or an equivalent combination of education, training and experience.

• Active certification from a generally accepted licensing organization in database, network, security management and implementation, or application software as required by hiring department, may substitute for up to one (1) year of experience.

• Valid driver license required. Valid Florida driver license required within 30 days of appointment.

Preferred Qualifications

• Certification in network or security management and implementation from an industry accepted authority.

Note: May Require Assessment(s).

May fill multiple positions.

May establish an eligibility list.

Come join our team! The City of Gainesville offers a competitive benefits package and opportunities to grow both professionally and personally.

All 'regular' employees are eligible for traditional benefits such as health insurance, life insurance, paid leave, 11 paid holidays a year, a pension plan and a deferred compensation plan, but we also offer great things like on-site fitness centers, tuition reimbursement, on-site medical staff and a wellness program to keep you healthy and happy. Please note; benefits are not available for temporary employees.

Equal Opportunity

The City of Gainesville is an equal opportunity/affirmative action employer and does not discriminate in hiring. Minorities, women and individuals with disabilities are encouraged to apply. Individuals with a disability, who require special accommodations during the selection process, should notify the Human Resources Department at 352-334-5077 or TDD/TTY at 352-334-2292.

Veterans' Preference

Veterans are encouraged to apply. Veterans’ Preference ensures that veterans and eligible persons are given consideration at each step of the selection process. However, preference does not guarantee that a veteran or other eligible person will be the candidate selected to fill the position. Section 295.07, Florida Statutes (F.S.) specifies who is eligible for Veterans’ Preference. State of Florida residency is not required for Veterans’ Preference.

If you are unable to apply online due to a disability, contact recruiting at HR@cityofgainesville.org or by calling 352-334-5077.

GENERAL PURPOSE:

The IT Manager II is responsible for facilitating cybersecurity risk management and governance processes for Ross Stores. This role works closely with the IT Compliance Manager and Secure Project Delivery Manager to help develop, mature, and execute the IT Risk processes which include governance, risk assessment, risk analysis, risk metrics, risk reporting, technology enablement, maintenance of the risk taxonomy, and organizational integration. This role is also responsible for establishing security policies, standards and procedures and managing security awareness program.

The base salary range for this role is $125,400 – $214,200. The base salary range is dependent on factors including, but not limited to, experience, skills, qualifications, relevant education, certifications, seniority, and location. The range listed is just one component of the total compensation package for employees. Other rewards vary by position and location.

• Leads the security governance and risk management team performing IT and business risk assessments, vendor risk management, contracts management, security policy and standards management and security awareness.
• Performs management and personnel administration functions associated with Ross’ Cybersecurity Governance and Risk Management Department
• Develops action plans, schedules, budgets, status reports and other management communications intended to improve the status of information risk at Ross.
• Responsible for performing risk assessments to identify current and future security vulnerabilities, determine what level of risk is acceptable to the organization, and determine the best ways to reduce cybersecurity risks to this acceptable level of the company’s assets, relationships, processes, and functions associated with IT and business risk.
• Responsible for managing Third Party risk management and related contracts agreements to ensure necessary security controls have been included as part of services and capabilities for the protection of organization assets
• Responsible for providing support to IT during product and vendor selection process and providing subject matter expertise on Cybersecurity risk and compliance
• Establish and maintains related IT Risk Management metrics and reporting. Collaborates with IT Compliance Manager, Secure SDLC Manager, Cybersecurity, and IT groups to define, gather and analyze metrics. Provides targeted reporting to all levels of IT and Business management.
• Executes and maintains risk assessments related tools with the goal of improving efficiency, reducing costs, improving agility and optimizing information technology governance, risk, and controls management processes, while providing an overall view of the organization’s risk profile. Coordinates and communicates IT risk-related activities among IT key stake holders.
• Responsible for establishing, enforcing and maintaining Cybersecurity policies, standards and procedures
• Responsible for establishing information security awareness programs, regularly conducting exercise to educate employees of the cybersecurity and best practices.
• Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to cybersecurity and privacy, so that Ross Stores is warned in advance and is ready to be fully compliant with these requirements.

Required Qualifications

• Minimum 8-10 years of professional experience in running a cybersecurity function, including analyzing and applying cybersecurity risk, risk management, and privacy practices
• At least 5 years of experience working with cross-functional teams
• Experience with all aspects of regulatory and contractual compliance, especially Payment Card Industry (PCI), Sarbanes Oxley, and Health Information Portability and Accountability Act (HIPAA) requirements for as they relate to IT
• Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, ITIL, Risk IT
• Experience communicating and presenting both verbally and in writing to various audiences, including committees, large groups, senior management, and executive leadership
• Proficient in network security design and architecture, capacity planning, network performance monitoring, end-point protection, patch-management, vulnerability management, penetration testing, intrusion detection, risk management, mobile device management, wireless management and data loss prevention.
• CISSP (Certified Information System Security Professional), CISA (Certified Information Systems Auditor) OR CRISC (Certified in Risk and Information System Control) OR CGEIT (Certified in Governance of Enterprise IT)

Preferred Qualifications

• Bachelor’s degree preferred or equivalent combination of education and relevant experience

PHYSICAL REQUIREMENTS/ADA:

This position requires the ability to work in an office environment, including using a computer, attending meetings, working as part of a team, and the ability to communicate with team members and others. Regular attendance also is a requirement of the position.

This role requires regular in-office presence, including attending in-person team interaction, meetings and collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in-office and remote work. #LI-Hybrid

SUPERVISORY RESPONSIBILITIES:

Analyst, Senior Analyst and Lead Analyst

DISCLAIMER:

This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management’s discretion.

EQUAL EMPLOYMENT OPPORTUNITY:

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company’s overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.