Airport IT Security Manager Sr

General Description and Classification Standards The Airport Information Technology Security Senior Manager is responsible for IT security policy enforcement and maintenance; design of security policy education, training, and awareness activities; monitoring compliance within the Department of Aviation and applicable laws; and coordinating investigation and reporting of security incidents. Monitor, assess, and fine-tune the IT business continuity and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews.
  Develop and monitor practices to ensure that the network and data is secured against unauthorized access, protected from inappropriate alteration, physically secure, and available to authorized users in a timely fashion. Duties include training in and dissemination of security policies and practices as well as developing strategies and plans to provide for timely business resumption in the event of a serious disruption. Applicants employed in this position will be required to work extra hours, as needed, and to be on-call for scheduled after-hour emergencies and respond to after-hours emergencies as needed.
  Supervision Received Direction received is very general and focuses on end results and is typically collaborative in nature. Position plans own work and project schedules and sequences.
  Essential Duties & Responsibilities Monitor and advise on information security issues related to the systems and workflow at the DOA to ensure the internal security controls for the Aviation IT infrastructure is appropriate and operating as intended.
  • Coordinate and execute IT security projects. • Coordinate and execute IT security assessment audits and manage remediation. • Coordinate response to information security incidents. • Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements. • Conduct data classification assessment and security audits and manage remediation plans. • Collaborate with IT management, the legal department, safety and security, and law enforcement agencies to manage security vulnerabilities. • Create, manage and maintain user security awareness. • Conduct security research in keeping abreast of latest security issues. • Prepare security notification, alerts and procedures for handling security incidents. • Perform other related duties as assigned. • Creating, testing and implementing network disaster recovery plans • Performing risk assessments and testing of data processing systems • Installing firewalls, data encryption and other security measures • Recommending security enhancements and purchases • Training staff on network and information security procedures
  Decision Making Decisions which you make:
  • Implementation of process\procedures to improve job efficiency • Implementation of solutions to enhance cyber resiliency reduce system downtime. • Implementation of system maintenance to improve system performance and availability • Design and development decisions
  Knowledge, Skills & Abilities Has thorough knowledge of all applicable laws, ordinances, policies, standards and regulations pertaining to the specific duties and responsibilities of the job. Able to identify and quality cyber risks, and possess extensive working knowledge of cybersecurity standards, including NIST CSF, ISO27000, and PCI. Knowledge and experience with TSA and FAA cyber requirements are a plus. Planning and implementing security measures to protect computer systems, networks and data. Expected to stay up to date on the latest cyber threat intelligence, including hacking tools, tactics, and methods, including how Artificial Intelligence tools can be used to assist and defend from cyberattacks. Can effectively manage and prevent data loss and service interruptions by researching new technologies that will effectively protect a network.
  Is able to effectively interact with and communicate security requirements to consultants, subordinates, peers, and management. Can assemble information and make written reports and documents in a concise, clear and effective manner, and has experience defining metrics and developing dashboards for presentation to upper management. Possess a base of project management concept as necessary in the completion of daily responsibilities. Can implement long-term goals in order to promote effectiveness and efficiency. Is able to use independent judgment and discretion in maintaining standards and resolving problems. Has the ability to comprehend, interpret, and apply regulations, procedures, and related information. Can read, understand and readily interpret applicable cyber regulations, contracts, and related materials.
  The applicant must be able to manage multiple projects and/or tasks concurrently. Must be a self-starter and be able to use own judgment/initiative to undertake activities with minimal supervision. The candidate must also have excellent oral and written communications skills as well as the ability to work alone or within a team environment
  The successful candidate must be able to work collaboratively with others to achieve team & organizational goals; prioritize projects and/or tasks; provide constructive input to achieve team goals; deliver a customer-focused, responsive service to customers; support efforts to enhance business efficiency & effectiveness; demonstrate a positive, can-do attitude; respond constructively to new information, changing conditions, & unexpected obstacles. Support and assist with achieving the Strategic Objectives and Goals of the Department.
  Applicants must demonstrate prior experience managing IT teams and delegating responsibilities effectively. The candidate must have the ability to mentor, inspire, motivate, and empower teams and stakeholders.
  Minimum Qualifications - Education and Experience

BA or BS in Computer Science, Management Information Systems, or related field. 

Five years of progressive management experience in computing and information security, including experience with Internet technology and security issues. 

Experience in aviation preferred. 

Experience should include security policy development; vulnerability management; cloud security; endpoint security; network access control; threat monitoring and intelligence; multi-factor authentication; vulnerability scanning; server hardening and CIS benchmark principles; penetration testing; security awareness; forensic analysis; networking principles and basic network flows; and defining and interpreting firewall rules.

Knowledge of information security standards, rules and regulations related to information security and data confidentiality (e.g., NIST CSF, ISO27001, PCI, etc.) and desktop, server, application, database, network security principles for risk identification and analysis. 

Strong analytical and problem-solving skills. 

Excellent communication (oral, written, presentation), interpersonal and consultative skills.

Preferred Education & Experience

CISSP, CISM, GIAC, or other security certifications desired.
Licensures and Certifications Position would be expected to have licensure or professional certifications appropriate to the position.
Required: Valid Georgia driver’s license
Essential Capabilities and Work Environment Required physical, lifting, and sensory capabilities are requirements to perform the job successfully. Typical environmental conditions associated with job.
  It is the policy of the City of Atlanta (“COA”) that qualified individuals with disabilities are not discriminated against because of their disabilities regarding job application procedures, hiring, and other terms and conditions of employment. It is further the policy of the COA to provide reasonable accommodations to qualified individuals with disabilities in all aspects of the employment process. The COA is prepared to modify or adjust the job application process or the job or work environment to make reasonable accommodations to the known physical or mental limitations of the applicant or employee to enable the applicant or employee to be considered for the position he or she desires, to perform the essential functions of the position in question, or to enjoy equal benefits and privileges of employment as are enjoyed by other similarly situated employees without disabilities, unless the accommodation will impose an undue hardship. If reasonable accommodation is needed, please contact the Human Resources Director for your department.
  The City of Atlanta is an Equal Opportunity Employer and does not unlawfully discriminate on the basis of race, color, religion, age, disability, sex, sexual orientation, ender identity, marital status, veteran’s status or national origin, or any other basis prohibited by federal, state, or local law. We value and encourage diversity in our workforce.