information security administrator

PURPOSE OF CLASSIFICATION

The Information Security Administrator performs highly technical, advanced-level work focused on safeguarding FKAA's information technology infrastructure. This role ensures the implementation, monitoring, and enforcement of information security measures, policies, and standards across the organization. Responsibilities include risk assessments, compliance, incident response, awareness training, and the development of security architecture. This position is essential for the protection of data assets and operational resilience and reports to the Director of Information Technology.

ESSENTIAL FUNCTIONS

The Information Security Administrator operates independently under the general direction of the Director of IT, responsible for ensuring the confidentiality, integrity, and availability of FKAA's systems.

SECURITY ADMINISTRATION DUTIES

Develop, implement, and maintain enterprise-wide security policies and procedures.

Install, configure, and troubleshoot security tools and platforms (e.g., firewalls, antivirus, patch management).

Conduct regular audits of user access, permissions, and activity logs.

Monitor systems and networks for vulnerabilities, unauthorized access, and anomalies.

Perform regular vulnerability assessments and penetration testing.

Respond to security incidents, conduct investigations, and implement corrective measures.

Ensure data backups are secured through access control and are compliant with policy retention.

Collaborate with the System Administrator to validate that backup procedures align with business continuity and regulatory standards.

Develop and test disaster recovery and business continuity plans.

Incorporate backup and recovery scenarios into disaster recovery and incident response plans.

Provide security awareness training to technical and non-technical staff.

Ensure compliance with industry security standards, frameworks, and regulatory requirements (e.g., NIST, CIS, HIPAA).

Consult with other departments to ensure secure technology procurement and deployment.

Keep up to date with emerging cybersecurity threats and recommend proactive controls.

Support IT audits and risk assessments, preparing necessary documentation and remediation plans.

Coordinate regularly with the System Administrator to align infrastructure protections and recovery capabilities.

ADDITIONAL FUNCTIONS

Prepare detailed reports on security posture, incidents, and compliance status.

Maintain documentation related to security controls, processes, and architecture.

Support cross-training efforts to maintain IT resilience and coverage.

Participate in security testing and exercises that include data recovery simulations.

Maintain confidentiality of sensitive and classified data.

Provide support for other IT team members during high-demand periods or in their absence.

Perform other related duties as required.

CROSS-FUNCTIONAL SUPPORT

This position is expected to provide backup coverage for key responsibilities of the complementary IT role (System Administrator) during planned or unplanned absences.

Collaborate closely with the counterpart role to ensure seamless IT operations, particularly in areas of shared responsibility such as system recovery, infrastructure monitoring, user access, and compliance-related support.

Maintain cross-training and documentation to support operational continuity and mutual understanding of key systems and processes.

MINIMUM QUALIFICATIONS

Bachelor's degree in Cybersecurity, Computer Science, or a related discipline; supplemented by 7–10 years of security-focused IT experience; or any equivalent combination of education and experience.

Proven experience in enterprise-level security systems management and incident response.

Strong understanding of IT risk management and compliance.

Two to three years' experience conducting vulnerability scans and penetration testing.

Excellent interpersonal, training, and consultative skills.

Solid understanding of networking concepts, operating systems (Windows, Linux), and security principles

Valid Florida Driver License.

PREFERRED CERTIFICATIONS

CompTIA Security+ (SY0-701 or most current version)

Certified Information Systems Security Professional (CISSP)

Certified in Risk and Information Systems Control (CRISC)

Microsoft Certified: Security, Compliance, and Identity Fundamentals

Cisco Certified CyberOps Associate

KEY COMPETENCIES

Strong risk assessment and analytical thinking skills

Ability to communicate complex technical concepts clearly

Proactive approach to identifying and resolving security issues

Adaptability to emerging threats and technologies

Collaborative team player with a focus on awareness and education

PERFORMANCE APTITUDES

Data Utilization: Requires the ability to review, classify, categorize, prioritize, and/or analyze data. Includes exercising discretion in determining data classification, and in referencing such analysis to established standards for the purpose of recognizing actual or probable interactive effects and relationships.

Verbal Aptitude: Requires the ability to utilize a wide variety of reference, descriptive, and/or advisory data and information.

Functional Reasoning: Requires the ability to apply principles of rational systems; to interpret instructions furnished in written, oral, diagrammatic, or schedule form; and to exercise independent judgment to adopt or modify methods and standards to meet variations in assigned objectives.

Situational Reasoning: Requires the ability to exercise judgment, decisiveness and creativity in situations involving evaluation of information against measurable or verifiable criteria.

ADA COMPLIANCE

Physical Ability: Tasks require the ability to exert very moderate physical effort in light work, typically involving some combination of stooping, kneeling, crouching and crawling, and which may involve some lifting, carrying, pushing and/or pulling of objects and materials of heavy weight (up to 50 pounds).

Sensory Requirements: Some tasks require the ability to perceive and discriminate sounds and visual cues or signals. Some tasks require the ability to communicate orally.

Environmental Factors: Performance of essential functions may require exposure to adverse environmental conditions such as odors, temperature extremes, or toxic agents.

The Florida Keys Aqueduct Authority is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, the Authority will provide reasonable accommodations to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.

•

Mission

•

The Florida Keys Aqueduct Authority's Information Technology Department collaboratively identifies, develops, implements and supports a secure and reliable technical infrastructure that employs technology strategies and standards to enhance customer experience.

•

Vision

•

The FKAA IT Department will be a nationally recognized standard bearer among water utilities by providing technology excellence that advances water and wastewater services while leveraging innovative solutions that align with FKAA's vision, mission and goals.