Position Summary:
This Position is a critical, risk-mitigating role for the organization, responsible for ensuring the security and reliability of IT systems and networks. In SWAPA’s Microsoft-centric environment, this position mitigates the Association’s risks of falling victim to malicious actors, data breaches, and system outages as well as developing and maintaining the appropriate security measures for the Association’s IT infrastructure. Core responsibilities include planning, implementing, managing, administering, and supporting all aspects of infrastructure systems and cyber security across an enterprise-class Microsoft environment. Additionally, this position is responsible for assisting with strategic direction and execution of tactical goals, managing Incidents, Service Requests, Change Requests, system alerts, and security event management. This position is responsible for the oversight and management of the Association’s IT Infrastructure and Security team.
Essential Duties & Responsibilities:
To perform the job successfully, the individual must be able to execute each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Please note job duties, responsibilities, and activities may change at any time, with or without notice, to accommodate business needs.
- Design, implement, maintain, and administer secure IT infrastructure systems.
- Develop processes to ensure the security of data and information systems.
- Develop/update security, operations and infrastructure policies, as needed.
- Ensure that the stakeholder security requirements necessary to protect the Association’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes.
- Research, evaluate, and recommend new technologies to improve IT infrastructure and security including, but not limited to, cyber security, and proactively recommend and enforce security policies, procedures, and best practices.
- Responsible for the cybersecurity of a program, organization, or system.
- Develop cyberspace workforce plans, strategies, and guidance to support cyberspace workforce manpower, personnel, training and education requirements and to address changes to cyberspace policy, doctrine, materiel, force structure, and education and training requirements.
- Monitor and analyze security threats and vulnerabilities as well as investigate, assess and report on security incidents.
- Manage security event response protocol.
- Oversee the installation and maintenance of firewalls and other security systems.
- Define and implement data backup and recovery plans.
- Manage user access rights and permissions.
- Develop, plan, coordinate, and evaluate cyber training/education courses, methods, and techniques based on instructional needs.
- Educate Association staff on IT security principles and best practices.
- Develop automation and controls to monitor systems and automate processes, when necessary.
- Make recommendations when responding to management’s requests or observing opportunities for improvement including but not limited to (i) cost savings from service efficiencies, (ii) operations automation, and (iii) self-service solutions for stakeholders and end users.
- Telecom management and administration, including Microsoft Teams-based phone system.
- Provide after-hours and occasional weekend support for Infrastructure related maintenance, Priority 1 Incidents and other emergencies.
- Manage the Communications Security (COMSEC) resources of an organization (CNSSI 4009) or act as key custodian for a Crypto Key Management System (CKMS).
- Other duties or projects as assigned by manager.
Education & Qualifications:
- Must have five (5) or more years of experience designing, implementing, configuring, managing, administering, troubleshooting, and remediating Microsoft Core Technologies with emphasis on Azure and Office 365 with a solid understanding of infrastructure, networking, and security
- Structured troubleshooting skills required
- Technical writing and diagramming skills are required
- Knowledge of client-side LAN/WAN/WiFi connectivity required
- Knowledge of IT Infrastructure: Networks, Servers, Storage, Security, Cloud Computing, etc.
- Understanding of IT architecture, design and operations
- Ability to lead and manage a team of IT professionals
- Experience in developing IT policies and procedures
- Knowledge of IT security best practices and standards
- Expertise in managing security tools and technologies
- Understanding of Disaster Recovery Planning and Business Continuity Planning
- Strong verbal and written communication skills
- Highly collaborative, team player
- Positive, self-motivated individual who can complete tasks independently
- Must be willing to work onsite as needed in a considerate environment
- Ability to prioritize and delegate tasks to ensure deadlines are met
- Proven experience in vendor management and budgeting
- Ability to seek out and maintain relationships with key stakeholders
- Ability to problem-solve, strategize, and collaborate with technical and business stakeholders
Physical Demand & Work Effort:
- Keying / typing, sitting, standing, and walking
- Ability to spend large periods of time viewing computer monitor(s)
- Ability to lift up to 20 pounds
- Ability to travel, including but not limited to driving, to/from various locations including conferences, trainings, and/or attendance at SWAPA events
- Potential standing for long periods of time in support of Union-related activities such as picketing
- Constant mental and/or visual attention; the work is either repetitive or diversified requiring constant alertness in an office environment
- Compliance with company attendance standards