HomeMy Public PortalAbout24-005 - AMENDING THE CLASSIFICATION PLA, RESOLUTION NO. 77-111, BY ADOPTING A NEW JOB CLASSIFICATION SPECIFICATION AND SALARY FOR INFORMATION TECHNOLOGY SECURITY OFFICER AND ELIMINATING THE CLASSIFICATION SPECIFICATION AND SALARY OF I.T. SECURITY ADMINRESOLUTION NO. 24-005
A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF CARSON, CALIFORNIA, AMENDING
THE CLASSIFICATION PLAN, RESOLUTION NO. 77-111, BY ADOPTING A NEW JOB
CLASSIFICATION SPECIFICATION AND SALARY FOR INFORMATION TECHNOLOGY
SECURITY OFFICER AND ELIMINATING THE CLASSIFICATION SPECIFICATION AND SALARY
OF INFORMATION TECHNOLOGY SECURITY ADMINSTRATIOR
WHEREAS, Section 503 of the City’s Charter provides that the City Council shall determine, by
ordinance or resolution, the amount and type of compensation to be paid to all City officers, department
heads and employees; and
WHEREAS, The Director of Human Resources is authorized and directed under provisions of
Sections 2797.1 of the Carson Municipal Code and Section Il, Rule II of the City Personnel Rules to prepare
and recommend position classification and compensation plans, after consultation with the affected
Directors, which becomes effective upon approval by the City Council; and
WHEREAS, Rule Ill of the City of Carson Personnel Rules provides that modification to the
classification plan, embodied in Resolution No. 77-111, shall be made only after the authorized Human
Resources staff members consults with the affected Directors and affected recognized employee
organizations; and
WHEREAS, The City has reviewed the needs and services of the Information Technology
Department and determined that, to improve its services to the City of Carson and efficiency of the
Information Technology Department, the City of Carson desires to eliminate the classification
specification of INFORMATION TECHNOLOGY SECURITY ADMINSTRATOR and adopt the classification
specification of INFORMATION TECHNOLOGY SECURITY OFFICER to ensure the service and efficiencies.;
and
WHEREAS, The Human Resources manager has consulted with the affected parties and has met
and conferred with the representatives of the affected recognized employee organizations pursuant to its
obligations under the MMBA, concerning the classification specification for the INFORMATION
TECHNOLOGY SECURITY OFFICER.
NOW, THEREFORE, THE CITY COUNCIL OF THE CITY OF CARSON, CALIFORNIA, DOES HEREBY
RESOLVE, DECLARE, DETERMINE AND ORDER AS FOLLOWS:
SECTION 1. The foregoing recitals are true and correct and are incorporated herein by reference.
SECTION 2. The classification specification for INFORMATION TECHNOLOGY SECURITY
ADMINSTRATOR, at Salary Range 909, ($9,259 - $11,818) assigned to the SEIU 721 — CPSA, is hereby
eliminated.
SECTION 3. The classification specification for INFORMATION TECHNOLOGY SECURITY OFFICER,
at Salary Range 507, ($12,140 - $15,494) is herein attached and assigned to the Association of
Management Employees (AME), is hereby adopted.
RESOLUTION NO. 24-005
Page 1 of 2
SECTION 3. The City will fund one full-time position for the newly adopted classification of
INFORMATION TECHNOLOGY SECURITY OFFICER, through funds already allocated for the
Division/Department.
SECTION 4. In the event of any conflict between this Resolution and any prior City resolution
relating to the subject matter hereof, this Resolution shall supersede and prevail over the prior resolution
to the extent of the conflict
SECTION 5. The City Clerk shall certify to the adoption of this resolution and deem it
effective as of January 9" of 2024 the same shall be in force and effect.
PASSED, APPROVED, AND ADOPTED this 9" day of January 2024.
APPROVED AS TO FORM: CITY OF CARSON:
coal al avin Mh
Sunny K. Soltani, City Attorney pula Davis-Holmes, Mayor
ATTEST:
ak
Dr. Khaleah K. Bradshaw, City Clerk
STATE OF CALIFORNIA )
COUNTY OF LOS ANGELES ) ss.
CITY OF CARSON )
|, Dr. Khaleah K. Bradshaw, City Clerk of the City of Carson, California, hereby attest to and certify that
the foregoing resolution, being Resolution No. 24-005 adopted by the City of Carson City Council at its
meeting held on January 9, 2024, by the following vote:
AYES: COUNCIL MEMBERS: Davis-Holmes, Hilton, Dear, Hicks, Rojas
NOES: COUNCIL MEMBERS: None
ABSTAIN: COUNCIL MEMBERS: None
ABSENT: COUNCILMEMBERS: None
Dr. Khaleah K. Bradshaw, City Clerk
RESOLUTION NO. 24-005
Page 2 of 2
CITY OF CARSON City Council Reso. No: 24-005
Class Specification Bargaining Unit: AME
FLSA: Exempt
INFORMATION TECHNOLOGY SECURITY OFFICER
Job Summary:
The purpose of this classification is to ensure the security operation of the City’s data, computer
systems, servers, and network connections. Employees in this classification are responsible for
developing, planning, organizing, managing, implementing, maintaining, and performing
cybersecurity risk analysis of systems; scrutinizing network traffic; establishing vulnerability
scans; checking server and firewall logs; conducting user activity audits, and troubleshooting, as
well as also analyzing and resolving security breaches and vulnerability issues in a timely and
efficient manner This position will assist with developing IT security policies. Work is performed
under general direction of the Director of Information and Technology with considerable latitude
for the use of initiative and independent judgment.
Essential Duties and Responsibilities:
(These functions are representative and may not be present in all positions in the
class. Management reserves the right to add, modify, change or rescind related duties and
work assignments.)
e Plans, organizes, manages, and participates in the development, implementation, and
monitoring of the City’s information security programs, information technology risk
management programs, and information security policies; supervises and reviews the
work of professionals and serves as a subject matter expert in information security.
e Develops and executes a cyber security strategy that is aligned with internal stakeholders,
organizational priorities, facilitates city operations, and meets industry standards.
e Directs and participates in the identification of security risks, development and
implementation of security management practices, and the measurement and monitoring
of security protection measures.
e Ensures compliance with regulatory requirements such as Criminal Justice Information
Services (CJIS), Payment Card Industry Data Security Standards (PCI), Health Insurance
Portability and Accountability Act (HIPAA), California Privacy Protection Agency, and
federal, state, and local laws.
e Monitors agency infrastructure, devices, and information systems for security integrity;
provides planning and guidance to information technology staff on vulnerability
management and security incident response procedures.
e Oversees portfolio of cyber risk and security applications and procedures, implements new
security processes and related technologies to ensure a continuous improvement of the
City’s cyber security posture.
e Oversees assigned staff in performing their responsibilities and provides guidance as
necessary.
e Analyzes information, situations, problems, policies, and procedures to identify,
recommend, and implement solutions systemically.
e Formulates, recommends, and executes enterprise-wide policies and procedures for
detecting, deterring, and mitigating information security threats.
e Serves as a subject matter expert and internal consultant on data security implications for
proposed information technology projects and programs and makes recommendations to
align new technologies to security standards.
e Prepares oral and written reports for executive leadership, the City Manager's Office, and
City Council.
CITY OF CARSON City Council Reso. No: 24-005
Class Specification Bargaining Unit: AME
FLSA: Exempt
e Develops cyber security, cyber risk, and security awareness training programs for City
staff; monitors training effectiveness by documenting and reporting data point trends on
user awareness and vulnerability assessments.
e Builds and maintains positive relationships with City stakeholders.
e Attends City/Industry-related functions.
e Performs other duties as required
Qualification Guidelines:
A typical way to obtain the requisite qualifications to perform the duties of this class is as follows:
Education and/or Experience:
Option A:
Bachelor's degree in Business Administration, Computer Information Systems, Information
Technology or closely related field from an accredited college or university and five (5) years of
paid experience performing IT security management; and at least two (2) years in an
administrative or management capacity responsible for cyber security risk assessment,
implementation of security management practices, monitoring of security protection measures,
managing SIEM, vulnerability management, and other security tools in an enterprise environment.
Option B
Master's degree in Computer Science or closely related field is highly desirable from an accredited
college or university and four (4) years of paid experience performing IT security management;
and at least two (2) years in an administrative or management capacity responsible for cyber
security risk assessment, implementation of security management practices, monitoring of
security protection measures, managing SIEM, vulnerability management, and other security
tools in an enterprise environment.
Knowledge of:
e Computers and Electronics: Electric circuit boards, processors, chips, and computer
hardware and software
e Principles, methods, and practices of systems/network administration and maintenance.
e Agency policies and procedures and practices regarding data security.
e Network security design principles, practices, and related tools and software.
Skills and/or Ability to:
e Ability to objectively assess situations or circumstances using all the relevant
information, apply experience, evaluate the problem objectively, calculate risks, and
make an ethical and informed decision.
e Manage the performance of staff by coaching for performance.
e Motivating, developing, and directing people as they work.
e Acknowledge, value and support diversity of thought, opinion and approach with
customers and colleagues regardless of background, culture and organizational level.
e Execute work that adheres to the City’s stated principles of Diversity, Equity, and
Inclusion including, but not limited to, your “duty to act” to ensure fair and equitable
treatment of all persons and historically underrepresented groups.
e Fostering an inclusive and supportive environment in which everyone in the City has an
Opportunity to thrive.
CITY OF CARSON City Council Reso. No: 24-005
Class Specification Bargaining Unit: AME
FLSA: Exempt
e Incorporating an equity perspective to day-to-day work in all responsibilities, decisions
and actions of providing public service.
e Effectively communicating information and ideas in writing, as well as through speech,
so others will understand.
Persuasion: Convincing others to approach things differently.
Working independently and with minimal supervision.
Speech recognition: Identifying and understanding the speech of another person.
Project analysis; weighing the costs/benefits of a potential action.
License and/or Certificate:
Possession of a valid California Class C driver's license. Employees in this classification will be
enrolled in the Department of Motor Vehicles (DMV) Government Employer Pull Notice Program
which confirms possession of a valid driver's license and reflects driving record.
Possession of at least one of the following certifications is required:
Certification as a Certified Information Systems Security Professional (CISSP), Certified
Information Systems Auditor (CISA), Global Information Assurance Certification (GIAC),
Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Certified
Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC),
or equivalent information security certification.
Physical Requirements and Working Conditions:
Employee accommodation(s) for physical or mental disabilities will be considered on a case-by-
case basis. Positions in this class normally:
e Require vision (which may be corrected) to read small print.
e Require mobility of arms to reach and dexterity of hands to grasp and manipulate small
objects.
e Perform work which is primarily sedentary.
e ls subject to the internal environmental conditions of modern and aged public buildings,
facilities and physical structures and HVAC systems.
e May be required to work at a computer terminal for prolonged periods.
e May be required to work evenings and/or weekends.