Business Resources, Information Technology Division, Wheaton
Monday-Friday, Full-time, 37.5 hours per week
Based on qualifications
Creates and maintains the agency’s information technology security structure and related security documents including but not limited to policies, standards and procedures
Plans and implements security remediation measures to protect computer systems, networks and data
Oversees the design and execution of vulnerability assessments, penetration tests, risk assessments and security audits
Develops and presents security awareness training programs
Defines access privileges, control structures, and resources; and safeguards agency information assets by identifying and resolving potential and actual information security events
Makes recommendations to implement security improvements and/or updates to mitigate risk by assessing current situation, evaluating trends and anticipating requirements
Coordinates vendor security hardware and software meetings and evaluations, assisting in the evaluation, acquisition, and deployment of information security software and hardware
Selects and follows procurement procedures to acquire security solutions or enhancements
Oversees the deployment, integration and initial configuration of all new security solutions and/or enhancements in accordance with applicable procedures and policies
Communicates regularly with peers in the Information Technology Unit as well as the various services units to ensure understanding of security goals, solicit feedback and foster collaboration
Installs, administers and monitors firewalls, content and spam filters and network equipment logs for security intrusions and vulnerabilities keeping thorough documentation pertaining to all installations
Prepares regular security reports and completes special reports required for compliance with accreditation, grantees and/or federal and state agencies
Maintains confidentiality of privileged information and adheres to patient privacy laws
Completion of a Bachelor’s degree in Information Technology, Information Security, or related field, and three years of information security administration and risk management which included two years of experience performing LAN/WAN configuration and support, and Microsoft Active Directory administration including; or an equivalent combination of training and experience. Additional qualifications or training desired are any of the following: experience in Network Systems; Certified Information Systems Security Professional (CISSP); Certified Information Security Auditor (CISA); Certified Information Security Manager (CISM); or any equivalent certification.
Applicants interested in entering the IT security field are encouraged to apply.
DuPage County Health Department strives to offer quality health services with courtesy and respect for our diverse population. Our goal, which is achieved through education, collaboration and access to care, is to safeguard the health of all residents.
DuPage County Health Department is an equal opportunity employer.