('binary' encoding is not supported, stored as-is) NOTICE OF OUTSIDE OPENING Date: April 4, 2002 Number: 2173-2047 The following job is open. Outside applicants and current employees will be considered equally. No preference will be given. All interested outside applicants must submit an employment application and any additional information to the Human Resources Department. Interested employees must complete a Position Consideration form and return it to Human Resources by the closing date below. CLASSIFICATION: Manager of I.T. Information Security Department LOCATION: Plaza I, Boise DEADLINE TO APPLY: open The individual selected will be placed in a level of the job based on their qualifications, with salary determined by current wage policies. DEFINITION The Information Security Department Manager directs, coordinates, plans, and organizes information security activities throughout Idaho Power Company. This position acts as the focal point for all communications related to information security, both with internal staff and third parties. The Manager works with a variety of people across the company to develop and implement workable solutions and proactive responses to current and future information security risks. RESPONSIBILITIES The Information Security Department Manager is responsible for envisioning and implementing the necessary controls to protect company information as well as information entrusted to the company by third parties. The position is responsible for the security of all company information. EXAMPLES OF DUTIES (The following is used as a representative description and is not restrictive as to the duties required.) Develops action plans, schedules, budgets, status reports, and other top management communications intended to improve the status of information security. Alerts senior management of pressing information security vulnerabilities so immediate remedial action can be taken. Performs or oversees the performance of periodic information security risk assessments. Guides the development of local, system- specific, and application-specific information security policies, guidelines, standards and procedures. Designs and manages business processes and internal activities to detect, investigate, resolve, and analyze information security breaches, violations, and incidents including any resulting prosecution and disciplinary action. May act as an expert witness in information security related legal proceedings. Acts as the central point of contact for all communications regarding information security problems, issues, and concerns. Establishes and maintains strong working relationships with groups involved with information security. Establishes, manages, and maintains organizational structures and communication channels between internal and external parties responsible for information security. Assists with the clarification of individual information security responsibility and accountability. Coordinates the efforts of all internal groups with information security-related responsibilities to avoid duplication of efforts. Coordinates all multi-application or multi- system information security improvements projects. Represents the company and its information security related interests at industry standards committee meetings, technical conferences, etc. Investigates ways that information security- related technologies, requirement statements, internal processes, and organization structures can be used to achieve strategic company goals. Examines information security from a cross-organizational viewpoint. CONTINUED ON BACK HUMAN RESOURCES DEPARTMENT P.O. Box 70 Boise, ID 83707 EXAMPLES OF DUTIES (Continued) Periodically initiates quality measurement studies. Develops the standards and procedures to identify and classify company information assets. Coordinates internal staff in their efforts to determine information security obligations according to external requirements. Directs the development of information systems contingency plans related to information security issues and manages work groups that respond to information security events. Works with public relations and top management as an external representative responding to information security events. Acts as the primary liaison and decision- maker regarding the work of information security consultants, contractors, temporary employees, and outsourcing firms. KNOWLEDGE, SKILLS, AND ABILITIES (These are considered to be the minimums necessary to begin performing the work required.) Demonstrated knowledge of: information security principles and experience in information security systems; information processing across both mainframe and PC platforms. Documented skill in: managing technology projects including solid track record on timing, cost, and quality of managed projects. Strong skills in: personnel management; operations management; leadership; staff development, and team building including excellent and demonstrable analytical capabilities; interpersonal and verbal communications; time management; budget projection, monitoring, and management including solid background in cost/benefit, risk management, and ROI analysis methodologies. Ability to: demonstrate experience in planning, budgeting, forecasting, and allocating resources; initiate and manage special projects required to appropriately respond to unexpected information security events; and understand the companys fundamental business activities and suggest appropriate information security solutions to protect those activities. MINIMUM REQUIREMENTS Bachelors degree in Information Systems, Computer Science, or a related field. Ten years work experience in Information Technology. Five years management experience in Information Security. PREFERRED EDUCATION, TRAINING, AND EXPERIENCE (These examples will generally provide an individual the opportunity to develop the knowledge, skills, and abilities listed above. Lack of the exact training and experience listed will not necessarily exclude an individual from consideration for the position.) Certified Information Systems Security Professional (CISSP) Masters degree in Information Systems, Computer Science, or a related field. Idaho Power is an Equal Opportunity employer.
This archive was generated by hypermail 2b30 : Sat Apr 06 2002 - 09:49:16 PST