FINANCE AND CYBER SECURITY MANAGER

About the Department

Performs skilled, technical work maintaining the security of the City's computer systems, servers, network infrastructure and other communications systems, as well as the integrity and confidentiality of data and vital electronic infrastructure to ensure compliance with the governing information security data access policies and network regulations. Work is performed under the general direction of the Director of Information Technology.

This is medium work requiring the exertion of 50 pounds of force occasionally, up to 20 pounds of force frequently, and up to 10 pounds of force constantly to move objects; work requires stooping, kneeling, crouching, reaching, standing, walking, lifting, fingering, grasping, and repetitive motions; vocal communication is required for expressing or exchanging ideas by means of the spoken word; hearing is required to perceive information at normal spoken word levels; visual acuity is required for color perception, preparing and analyzing written or computer data, use of measuring devices, assembly or fabrication of parts at or within arms’ length, determining the accuracy and thoroughness of work, and observing general surroundings and activities; the worker is not subject to adverse environmental conditions.

Position Duties

Serves as the Finance and Cyber Security Manager for all of the City’s financial and information technology systems; supports the development, implementation, and management of cybersecurity processes and procedures; maintains compliance with governing policies.
Performs internal and external vulnerability scans of the City’s information systems and networks.
 Executes and coordinates Information Technology projects, including development and management of remediation plans for security gaps identified through audits, assessments, or scanning activities.
 Evaluates requests for elevated permissions and security policy exceptions.
 Establishes, supports, and continuously improves enterprise security by utilizing cybersecurity best practices.
 Assists with auditing and compliance functions, including HIPAA, CJIS, and PCI requirements.
 Oversees and assesses the City’s cybersecurity preparedness; develops plans to mitigate risks, including acquisition or remediation of systems and software.
 Designs, implements, and monitors security measures for the protection of computer systems, networks, and information, including development and maintenance of an Incident Response Plan.
 Partners with City departments regarding department-specific information security, data security, and data integrity needs.
 Assists with digital forensics activities following cybersecurity incidents.
 Develops security assessment plans for systems, including objectives, scope, schedule, required documentation, and risk considerations; evaluates cloud service providers from a security perspective.
 Reviews and tests system security controls (administrative, operational, and technical) to determine effectiveness and alignment with applicable frameworks (e.g., NIST SP 800-53).
 Documents and tracks plans of action and milestones for corrective action following assessment activities and in response to identified vulnerabilities.
 Serves as the primary authority for all Munis user access approving and revoking access; ensures access is role-based and limited to the minimum necessary, with no department independently assigning or altering access without FCSM approval. 
Coordinates all access changes with the City Manager’s Office to ensure timely updates for new hires, role changes, and separations. Ensures centralized governance of Munis access to protect financial data, maintain internal controls, and support audit and compliance standards across the City. 
Maintains a highly restricted and controlled user base, limited to select Finance, Human Resources, Department Directors, and designated staff, with access levels, including read-only, determined in coordination with the City Manager’s Office. 
Enforces segregation of duties; evaluates access requests for business necessity and risk; and conducts periodic access reviews to ensure continued appropriateness and compliance. 
Performs related tasks as required.

Minimum Qualifications

Thorough knowledge of security activities, programs, systems, devices and police methods; local, state, and federal laws governing transit systems and security; current and the latest developments in security practices, policies, procedures, methods, terminology, and techniques. Skilled in developing protection plans for facilities, equipment, materials, employees and customers for routine or special circumstances; strong personal computer and office software skills.  Ability to identify and resolve complex security issues and other problems; compile and analyze data then plan specific strategies based on such analysis; manage multiple projects, prioritize assignments and responsibilities, and meet deadlines; communicates effectively, both orally and in writing.  Advanced knowledge of Tyler ERP software administration required.

EDUCATION AND EXPERIENCE:

Any combination of education and experience equivalent to graduation from an accredited college or university with major course work in computer science or related field and considerable security administration experience.

Other Qualifications

Possession of CompTIA A+, CompTIA Network+, CompTIA Security+, CompTIA CySA+.   CISSP, CompTIA Project+ certifications preferred.  
Possession of an appropriate driver’s license valid in the State of North Carolina.