NOTICE OF OUTSIDE OPENING
Date: April 4, 2002
Number: 2173-2047
The following job is open. Outside applicants and
current employees will be considered equally. No
preference will be given. All interested outside
applicants must submit an employment application
and any additional information to the Human
Resources Department. Interested employees must
complete a Position Consideration form and return it
to Human Resources by the closing date below.
CLASSIFICATION: Manager of I.T.
Information Security Department
LOCATION: Plaza I,
Boise
DEADLINE TO APPLY:
open
The individual selected will be placed in a
level of the job based on their qualifications, with
salary determined by current wage policies.
DEFINITION
The Information Security Department Manager
directs, coordinates, plans, and organizes
information security activities throughout Idaho
Power Company. This position acts as the focal
point for all communications related to information
security, both with internal staff and third parties. The
Manager works with a variety of people across the
company to develop and implement workable
solutions and proactive responses to current and
future information security risks.
RESPONSIBILITIES
The Information Security Department Manager is
responsible for envisioning and implementing the
necessary controls to protect company information
as well as information entrusted to the company by
third parties. The position is responsible for the
security of all company information.
EXAMPLES OF DUTIES (The following is used as a
representative description and is not restrictive as to
the duties required.)
� Develops action plans, schedules,
budgets, status reports, and other top management
communications intended to improve the status of
information security.
� Alerts senior management of pressing
information security vulnerabilities so immediate
remedial action can be taken.
� Performs or oversees the performance of
periodic information security risk assessments.
� Guides the development of local, system-
specific, and application-specific information security
policies, guidelines, standards and procedures.
� Designs and manages business
processes and internal activities to detect,
investigate, resolve, and analyze information security
breaches, violations, and incidents including any
resulting prosecution and disciplinary action.
� May act as an expert witness in information
security related legal proceedings.
� Acts as the central point of contact for all
communications regarding information security
problems, issues, and concerns.
� Establishes and maintains strong working
relationships with groups involved with information
security.
� Establishes, manages, and maintains
organizational structures and communication
channels between internal and external parties
responsible for information security.
� Assists with the clarification of individual
information security responsibility and accountability.
� Coordinates the efforts of all internal
groups with information security-related
responsibilities to avoid duplication of efforts.
� Coordinates all multi-application or multi-
system information security improvements projects.
� Represents the company and its
information security related interests at industry
standards committee meetings, technical
conferences, etc.
� Investigates ways that information security-
related technologies, requirement statements,
internal processes, and organization structures can
be used to achieve strategic company goals.
� Examines information security from a
cross-organizational viewpoint.
CONTINUED ON BACK
HUMAN RESOURCES
DEPARTMENT
P.O. Box 70
Boise, ID 83707
EXAMPLES OF DUTIES (Continued)
� Periodically initiates quality measurement
studies.
� Develops the standards and procedures to
identify and classify company information assets.
� Coordinates internal staff in their efforts to
determine information security obligations according
to external requirements.
� Directs the development of information
systems contingency plans related to information
security issues and manages work groups that
respond to information security events.
� Works with public relations and top
management as an external representative
responding to information security events.
� Acts as the primary liaison and decision-
maker regarding the work of information security
consultants, contractors, temporary employees, and
outsourcing firms.
KNOWLEDGE, SKILLS, AND ABILITIES (These are
considered to be the minimums necessary to begin
performing the work required.)
Demonstrated knowledge of: information security
principles and experience in information security
systems; information processing across both
mainframe and PC platforms.
Documented skill in: managing technology projects
including solid track record on timing, cost, and
quality of managed projects.
Strong skills in: personnel management; operations
management; leadership; staff development, and
team building including excellent and demonstrable
analytical capabilities; interpersonal and verbal
communications; time management; budget
projection, monitoring, and management including
solid background in cost/benefit, risk management,
and ROI analysis methodologies.
Ability to: demonstrate experience in planning,
budgeting, forecasting, and allocating resources;
initiate and manage special projects required to
appropriately respond to unexpected information
security events; and understand the company�s
fundamental business activities and suggest
appropriate information security solutions to protect
those activities.
MINIMUM REQUIREMENTS
� Bachelor�s degree in Information Systems,
Computer Science, or a related field.
� Ten years work experience in Information
Technology.
� Five years management experience in
Information Security.
PREFERRED EDUCATION, TRAINING, AND
EXPERIENCE (These examples will generally
provide an individual the opportunity to develop the
knowledge, skills, and abilities listed above. Lack of
the exact training and experience listed will not
necessarily exclude an individual from consideration
for the position.)
� Certified Information Systems Security
Professional (CISSP)
� Master�s degree in Information Systems,
Computer Science, or a related field.
Idaho Power is an Equal Opportunity
employer.
