Cybersecurity Administrator na Kitsap Transit, WA

About the Department

Under general direction of the IT Manager, administer, maintain and support all aspects of the agency’s cybersecurity program to include cybersecurity compliance, policy development, budget recommendations, planning, and project management to ensure the agency’s cybersecurity goals and objectives are met.

Position Duties

Essential functions, as defined under the Americans with Disabilities Act, may include the following duties and responsibilities, knowledge, skills and other characteristics. This list of characteristic duties and responsibilities not a comprehensive listing of all functions and tasks performed by positions in this class.

Following are some highlights of the knowledge, skills and abilities required to be successful in this position.

• Cybersecurity compliance program, security protocols and policies and compliance with applicable federal, state, and local laws, rules, and regulations.
• Conceptualizing, launching, and delivering practical technology projects on time and within budget.
• Structured project methodologies and use of project planning tools.
• In-depth knowledge of Endpoints (computers, servers, storage), local and wide area network experience.
• Administering and supporting technology functions in a diverse multi-service public organization. 
• Providing training and guidance to staff on information security best practices.
• Demonstrating the ability to achieve results through a flexible and open-minded approach to problem-solving, while maintaining awareness and sensitivity to interpersonal dynamics.
• Effective communication when interacting with coworkers, management, staff from other departments, the public, etc. sufficient to exchange or convey information and to receive work directions in a professional and courteous manner.
• Establishing and maintaining effective working relationships with other Kitsap Transit departments, employees and the public.
• Effective project management and prioritization skills.
• Provide high levels of results-oriented customer service and professionalism to both internal and external customers.

Minimum Qualifications

Associate’s degree and a Certified Information Systems Security Professional (CISSP) or a CompTIA Security+ certificate is required upon entry. Five years of increasingly responsible professional experience in cybersecurity administration is required. This position also requires at least two years of increasingly responsible professional experience in Windows Server, Microsoft Office, MS SQL Server, Network Routing, Windows Active Directory and Microsoft Exchange.  This position also requires the ability to provide 24/7 on-call support for IT infrastructure and communication systems.

Licenses/Certifications:

• Certified Information Systems Security Professional (CISSP) or a Certified Cloud Security Professional (CCSP) certificate upon entry.
• Transportation Worker Identification Credential to be obtained within 90 days of hire.

Other Qualifications

Provide input into the development and implementation of short-term and long-term cybersecurity strategies for the agency, including the establishment of key milestones and performance metrics to track progress. Recommends and implements processes that support the agency in achieving its cybersecurity objectives. Works collaboratively with staff across departments to define and align agency-wide goals and initiatives.

Identifies cybersecurity priorities to include but not limited to, developing and implementing systems and resources to best ensure cybersecurity in both onsite and remote working environments.  Reviews security provisions and infrastructure/Security Information and Event Management (SIEM) logs to ensure data security and ensures that Firewall/Security/VPN configurations are standardized and documented. Builds, maintains and deploys cybersecurity solutions to meet the agency’s compliance and cybersecurity mission and goals.

Assists the IT Manager in forecasting IT resources needed to accomplish goals and objectives of the agency’s cybersecurity program.

Partner with the IT Manager in creating compliance documentation and recommending security policies consistent with agency needs, federal, state and local regulations and requirements. Ensures security and data integrity by performing regimented security audits, reviews and submits any regulatory security reports as required.

Ensures appropriate backup and recovery policies and procedures are in place; conducts desktop exercises for agency continuity, disaster recovery and incident response plans.  Participates in the agency’s disaster recovery planning and testing. Coordinates real time data redundancy, utilizes best practices and provides overall general support of agency systems and software.  Controls, maintains, monitors and approves system backup.  Ensures all systems have redundancies to ensure the agency’s operational continuity.  With oversight of IT Manager, responsible for creating and implementing a data recovery plan and procedures so data is adequately protected in the event of a natural disaster, cyberattack, etc. 

Recommends new security software and equipment, approaches, policies, and programs to effect continual improvements. Provides technical direction as necessary; recommends solutions to meet emerging cybersecurity needs; provides input into policies as needed, assists with the creation of procedures, and standards for all supported disciplines.

Performs regimented internal and external risk assessments and needs analysis.  Monitors the security and data integrity of information systems is consistent with agency needs and federal, state and local requirements including but not limited to the following: Payment Card Industry (PCI) and fare collection, Health Insurance Portability and Accountability Act (HIPAA), Protected Health Information (PHI), Personally Identifiable Information (PII), International Organization for Standardization (ISO) and the use of the National Institute of Standards and Technology (NIST) Framework.

Reviews and recommends network and system recovery plans. Audits network security provisions. Responsible for maintaining data and system backups. Reviews security provisions and logs to ensure data security.

Provides input to IT Manager and Service & Capital Development Director on information technology issues; Monitors changes in local, state and federal regulations affecting information security and technology; recommends courses of action impacting the agency’s information technology systems; strategies and/or projects to improve agency effectiveness. 

Conducts and fosters cross-training of IT staff to encourage team development and increase the KSAs of individual team members. Supports and administers agency software applications and fulfills the agency’s IT service requests through all stages of their lifecycle.  

Works with other transit and government agencies in developing regional transit cybersecurity projects. Identifies recommended security products and/or services as needed to fulfill IT goals and objectives. Interacts with agency staff at all levels and vendors to resolve IT related issues, including after-hours, weekend, and remote work.

Other duties as assigned.