Manages the activities and operations required to maintain the Colorado Judicial Department’s cyber security infrastructure. Ensures the security of equipment and information of the organization from cybercrime and threats. Plan, direct, and monitor the implementation of security systems to protect Department IT assets. Assists the Information Security Manager during the process of hiring, training, and supervising new employees who would be a part of ITS Security Team. The Lead Security Architect will gain organizational commitment for all systems and software design plans, as well as evaluate and select technologies required to complete desired plans. This position will provide technical leadership and strategic decision making as it pertains to systems security across the Information Technology Services (ITS) division.
This position is distinguished from other information security positions by the responsibility for supervising professional Information Technology staff. This position reports to the Information Security Manager.
Design and implement long-term strategic goals and short-term tactical plans for managing and maintaining the Judicial Department’s cyber security systems.
Design and develop security architectures for cloud and cloud/hybrid-based systems, exercising extensive understanding of the offerings within Microsoft Azure platforms.
Design and implement cloud-native architectures and designs to meet business requirements with a minimal degree of risk to the organization and appropriate security controls present.
Act as a focal point for ITS security investigations and direct a full investigation with recommended courses of action, also interact with authorities as authorized by the Director of IT or Information Security Manager to report information.
Supervise the development of (and ensure compliance with) Judicial security policies, standards, and procedures.
Integrate IT systems development with security policies and information protection strategies.
Collaborate with key stakeholders to establish an IT security risk management program.
Audit existing systems and provide comprehensive risk assessments.
Anticipate new security threats and stay-up-to-date with evolving security controls.
Provide security architectural expertise, mentoring, and leadership to the information security team, software development teams, infrastructure and technical services, and the Architectural Review Governance Team.
Responsible for planning, architecture/design, and implementation of device and system installations, configurations, and decommissions.
Review new and existing system design projects and commercial off-the-shelf (COTS) or outsourcing plans to ensure compliance with Judicial security standards.
Responsible for the documentation of the Department’s existing security architecture and make recommendations for improvements, including solution consolidation, simplification and service-based solutions.
Prevent data loss by configuring and maintaining backups and replication for important system security configurations.
Prioritize and allocate security resources correctly and efficiently according the Department’s agency cyber security plan.
Juggle constraints of legal/regulatory requirements, financial constraints, and technological adoption with the imperative to get multi-year programs and projects accomplished.
Responsible for recruitment and selection of unit employees.
Establishes expectations and provides employee performance feedback on an on-going and annual basis. Assists subordinates in establishing goals. Evaluates subordinates' goal achievement through conferences or informal meetings. Provides recommendations regarding subordinate's employment probationary/trial period.
Provides orientation and on-going training, mentoring and coaching to existing subordinates. Makes provisions for subordinates to attend outside training. May provide cross-training and interdepartmental training.
Assigns duties and responsibilities to staff; develops and establishes procedures for operating and maintaining required administrative systems.
Attend meetings as required.
Perform other duties as assigned.
Has supervisory accountability for other employees, volunteers, or interns. Plans, directs and coordinates activities for a unit. Duties include architecting new and existing security systems, scheduling and assigning of work, training in all facets of work, quality control, and decisions impacting the pay, status and tenure of others. Conducts performance appraisals, and provides input into and participates in discipline, dismissal, and hiring processes.
A bachelor’s degree in a related field from an accredited college or university and six years of experience directly supporting either Windows or Linux/Unix based servers or IBM iSeries server(s) is highly desirable. At least one year of lead/supervisory level experience is highly desirable. Current CISSP and/or CISM is preferred.
OR
Experience may substitute for education on a year for year basis as follows: graduation from high school or equivalent and eight years working in computer related areas; six years of the computer experience must be directly supporting either Windows or Linux/Unix based servers or IBM iSeries server(s). At least one year of lead/supervisory level experience is highly desirable. Current CISSP and/or CISM is preferred.
While performing the duties of this job, the employee is regularly required to talk and hear. The employee is frequently required to sit and reach with hands and arms and perform repetitive motions with wrists, hands, and fingers. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 50 pounds or more. Specific vision abilities required by this position include close vision, color vision, depth perception, ability to adjust and focus, and the ability to see clearly at 20 feet or more.
While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts, work in high precarious places and the risk of electrical shock. Frequently handles emergency or crisis situations and may be subject to varying and unpredictable situations and work hours. The employee is subject to frequent interruptions, multiple calls and inquiries, and may occasionally handle absentee replacement on short notice. The noise level in the work environment is usually moderate.