IT Security & Systems Administrator in Jacksonville, Florida at NORLEE INVESTMENTS LLC

Who we are:

Norlee Group, Inc., is a multi-trade building systems organization delivering integrated electrical, mechanical, and technology solutions across commercial, industrial, institutional, and specialty markets. As part of our continued growth under the One Norlee platform.

Position Summary:

The IT Security & Systems Administrator is responsible for leading cybersecurity and compliance initiatives within the organization while supporting overall IT operations. This role oversees security monitoring, incident response, compliance framework maintenance, vulnerability management, and security policy development. The position also contributes to Service Desk Operations and Infrastructure Engineering by providing advanced security support and collaborating on secure system design and implementation.

Essential Duties and Responsibilities:

• Lead the implementation, administration, and continuous improvement of organizational security controls, including endpoint protection, email security, multi-factor authentication (MFA), network segmentation, system hardening, and cloud security configurations.
• Monitor, analyze, and respond to security alerts and events; investigate potential threats and coordinate incident response activities, including maintaining documented response and breach notification procedures.
• Maintain and support compliance frameworks such as SOC 2 Type 2 and ISO 27001, including risk assessments, control implementation, evidence collection, documentation management, and continuous improvement initiatives.
• Develop, maintain, and enforce security policies, procedures, and standards aligned with regulatory requirements and industry best practices.
• Conduct vulnerability assessments and partner with infrastructure and application teams to coordinate remediation efforts and reduce organizational risk exposure.
• Administer and enhance organization-wide security awareness programs, including phishing simulations, policy education, and employee security training.
• Perform vendor security reviews and support third-party risk management processes related to technology partners and service providers.
• Act as a primary liaison for internal stakeholders and external auditors by preparing and providing required compliance documentation, artifacts, and audit evidence.
• Provide Tier 2/3 support for security-related service desk issues, including access management challenges, onboarding and offboarding reviews, and security tool troubleshooting.
• Collaborate with Infrastructure Engineering to design and maintain secure architectures across network devices, servers, and cloud environments, ensuring security requirements are embedded into project planning and deployment.
• Support backup, disaster recovery, and incident response planning and testing from a security assurance and validation perspective.
• Contribute to internal knowledge base documentation and promote security best practices throughout the organization.
• Perform other duties as assigned.

Competencies:

• Tech Savvy: Maintains awareness of emerging cybersecurity threats, evolving technologies, and infrastructure security practices. Evaluates and implements tools such as endpoint protection, MFA, monitoring, and secure configurations that strengthen organizational systems and performance.

• Manages Complexity: Analyzes security alerts, vulnerabilities, compliance requirements, and technical risks to identify root causes and implement effective solutions. Evaluates trade-offs and impacts across infrastructure, cloud, and operational environments.

• Ensures Accountability: Maintains ownership of compliance controls, security policies, and remediation activities. Follows through on commitments, ensures audit readiness, and establishes clear processes for monitoring security and operational outcomes.

• Collaborates: Works closely with Infrastructure Engineering, Service Desk, vendors, and application teams to implement secure system design, coordinate incident response, and align cybersecurity practices with organizational needs.

Qualifications:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education and/or Experience:

Associate’s or Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent professional experience. A minimum of four (4) years of progressive IT experience with a significant focus on cybersecurity is required, including at least two (2) years of hands-on experience with security tools such as SIEM platforms, endpoint protection solutions, vulnerability management scanners, and identity security technologies. Experience supporting compliance frameworks including SOC 2, ISO 27001, or CMMC is required, along with a strong understanding of network security concepts such as firewalls, VPNs, and network segmentation. Candidates should demonstrate experience securing and hardening Windows and Linux systems, familiarity with cloud security controls in Azure or AWS environments, and involvement in security assessments, remediation activities, and incident response processes. Industry experience supporting construction, engineering, or field services organizations is preferred. Professional certifications such as CompTIA Security+, CISSP, CISM, CEH, or relevant cloud security certifications are considered beneficial.

Language/Interpersonal/Leadership Skills:

The successful candidate must possess strong written and verbal communication skills, with the ability to clearly and concisely convey technical and security concepts to both technical and non-technical audiences. They should be effective at developing policy documentation, delivering user training, and promoting security awareness across the organization. The candidate must be skilled at listening to and addressing the needs of end users while balancing cybersecurity requirements with business operational priorities. Strong attention to detail is required, particularly when managing compliance documentation, procedures, and audit evidence. A continuous learning mindset is essential to stay current with evolving cybersecurity threats, technologies, and industry best practices. The ability to read, interpret, and apply technical documents, including operating instructions, safety rules, and procedural manuals, is also required.

Mathematical Skills:

Basic mathematical skills, including the ability to perform addition, subtraction, multiplication, and division with whole numbers, fractions, and decimals, are necessary for the role.

Computer Skills:

Proficiency with enterprise IT systems and cybersecurity tools is required, including Microsoft 365, Windows Server, Active Directory, endpoint security platforms, SIEM tools, vulnerability management solutions, and cloud administration environments such as Azure or AWS.

Physical Demands:

The physical demands described here are representative of those required to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The employee is frequently required to sit, stand, walk, and operate computer equipment. Occasional lifting of up to 15 pounds may be required. Specific vision abilities include close vision, distance vision, peripheral vision, and depth perception.

Work Environment:

This position is office-based and performed primarily within a standard business office environment. Occasional travel within Florida may be required for security assessments or site visits. The role may require occasional extended hours during security incidents or audit activities. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.