INFORMATION SECURITY ANALYST-JUNIOR - 03052024-55582

Job Information

LOCATION OF (1) POSITION TO BE FILLED: DEPARTMENT OF FINANCE AND ADMINISTRATION, ADMINISTRATION DIVISION, DAVIDSON COUNTY

This position requires CJIS & FTI fingerprints. This position requires a criminal background check. Therefore, you may be required to provide information about your criminal history in order to be considered for this position.

This is a hybrid position

Qualifications

Education and Experience: Graduation from an accredited college or university with a bachelor's degree and experience equivalent to one year of experience in 1) INFORMATION SECURITY program design and implementation, or 2) INFORMATION SECURITY risk analysis and mitigation, or 3) INFORMATION SECURITY policy, standards and procedures creation and implementation.

Substitution of Graduate Course Work for Experience: Additional qualifying graduate course work in INFORMATION SECURITY may substitute for the required experience, on a year-for-year basis, to a maximum of one year (e.g. 36 graduate quarters hours in INFORMATION SECURITY may substitute for one year for the required experience)

Substitution of Experience for Education: Qualifying experience in one or a combination of the following area may substitute for the required education, on a year-for-year basis, to a maximum of four years: 1) INFORMATION SECURITY program design and implementation, or 2) INFORMATION SECURITY risk analysis and mitigation, or 3) INFORMATION SECURITY policy, standards and procedures creation and implementation, or 4) computer security incident response.

Necessary Special Qualifications: None.

Examination Method: Education and Experience,100%, for Preferred Service positions. For Executive Service Positions, Minimum Qualifications, Necessary Special Qualifications, and Examination Method are determined by the appointing authority.

Summary

Summary: Under direction, is responsible for supporting INFORMATION SECURITY efforts regarding INFORMATION SECURITY risk assessment and mitigation, INFORMATION SECURITY policy promulgation and compliance, security awareness training work of average difficulty and performs related work as required.

Distinguishing Features: An employee in this class participates in the security program for an agency. Work involves security policy promulgation, risk analysis, safeguard and compliance efforts, and incident response. This class differs from that of Information Security Analyst-Senior in that incumbents of the latter are responsible for directing and leading security policy promulgation, risk analysis, safeguard and compliance efforts, and incident response and have responsibility for supervising subordinate employees.

Responsibilities

Identifying Objects, Actions, and Events:

• Identify security breaches.
• Identifies and analyzes areas of potential risk to assets, resources or success of organization.

Analyzing Data or Information:

• Utilize forensic techniques to analyze security events.
• Analyze security operations to identify risk or opportunities for improvement.

Interacting With Computers:

• Encrypt data transmission to conceal confidential information as it is being transmitted and keep out tainted digital transfers.
• Advises, implements and maintains security systems.
• Analyzes and investigates intruder detection or other security systems.
• Encrypt data at rest to conceal confidential information.

Thinking Creatively:

• Mitigate situations that might lead to security breaches.
• Recommend ways to conduct assessments to reduce risk.
• Identify key risks and mitigating factors of potential investments, such as asset types and values, legal and ownership structures, professional reputations, customer bases or industry segments.

Monitor Processes, Materials, or Surroundings:

• Monitors systems to ensure current updates and patch levels are applied.
• Monitors use of data files and regulate access to safeguard information in computer resources.

Developing Objectives and Strategies:

• Develops or review specifications for design or construction or implementation of security in systems.
• Plans and contribute to development of risk management systems.

Training and Teaching Others:

• Evaluates and modify training materials to address security weaknesses and vulnerabilities.
• Trains users and promote security awareness to ensure systems security and to improve server and network efficiency.

Making Decisions and Solving Problems:

• Determine escalation for security events.

Updating and Using Relevant Knowledge:

• Recommend improvements in security systems or procedures.

Processing Information:

• Conduct security audits to identify potential problems related to physical security, staff safety, or asset protection and to satisfy state and federal regulations.

Evaluating Information to Determine Compliance with Standards:

• Performs risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
• Evaluate security operations to identify risk or opportunities for improvement.
• Reviews violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
• Confer with users to discuss issues such as computers data access needs security violations, and programming changes.
• Conduct physical examinations of property to ensure compliance with security, policies and regulations.

Documenting/Recording Information:

• Prepares, maintains, or updates security procedures, security system drawings, or related documentation.
• Documents and ensure communication of key risk.
• Maintain input or data quality of systems.

Establishing and Maintaining Interpersonal Relationships:

• Establishes and maintains contact with peers.

Selling or Influencing Others:

• Convey the importance of security recommendations, procedures, policies and level of risk to protect state resources.

Judging the Qualities of Things, Services, or People:

• Evaluate the knowledge and responsiveness of contractors to accomplish organizational outcomes.

Getting Information:

• Gather risk-related data from internal or external resources.
• Utilizes helpdesk automated systems.
• Utilize communication channels such as, email and messaging.

Communicating with Persons outside Organization:

• Notify customers of potential security threats.
• Notify customers of security changes that may affect their access.

Interpreting the Meaning of Information for Others:

• Produce reports or presentations that outline findings, explain risk positions, or recommend changes.

Inspecting Equipment, Structures, or Material:

• Inspects access control.

Competencies

Competencies:

• Process Management
• Decision Quality
• Total Work Systems
• Technical Learning
• Learning on the Fly
• Informing
• Standing Alone
• Business Acumen
• Timely Decision Making
• Customer Focus
• Dealing with Ambiguity
• Strategic Agility

Knowledge:

• Clerical
• Communication and Media
• Basic Knowledge of Computers and Electronics
• Customer and Personal Services
• Education and Training
• Basic Knowledge of Engineering and Technology Systems
• Law and Government
• Mathematics
• Basis Knowledge of Public Safety and Security
• Basic Knowledge of Defense in Depth
• Computer Operating Systems
• Basic Knowledge of Security Best Practices
• Regulatory and Statutory Requirements
• Telecommunications

Skills:

• Equipment Maintenance
• Installation of Security Equipment or Software
• Operation and Control
• Operation Monitoring
• Basic Operations Analysis
• Programming
• Quality Control Analysis
• Basic Troubleshooting
• Basic System Analysis
• Time Management
• Active Learning
• Active Listening
• Critical Thinking
• Learning Strategies
• Mathematics
• Monitoring
• Reading Comprehension
• Science
• Speaking
• Writing
• Basic Coordination
• Instruction
• Negotiation
• Persuasion
• Basic Service Orientation
• Basic Social Perceptiveness

Abilities:

• Category Flexibility
• Deductive Reasoning
• Flexibility of Closure
• Fluency of Ideas
• Inductive Reasoning
• Information Ordering
• Mathematical Reasoning
• Memorization
• Number Facility
• Oral Expression
• Originality
• Perceptual Speed
• Problem Sensitivity
• Selective Attention
• Speed of Closure
• Time Sharing
• Visualization
• Written Comprehension
• Written Expression
• Stress Tolerance

Tools & Equipment

• Computer