ASSISTANT DIRECTOR OF INFORMATION TECHNOLOGY - INFORMATION SECURITY OFFICER - 40009103

About The Position

Requirements

• Extensive expertise in cybersecurity frameworks National Institute of Standards Technology (NIST), ISO 27001, Computer Information Systems (CIS), Control Objectives for Information and Related Technologies (COBIT) and regulatory compliance (HIPAA, General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley Act (SOX).
• A deep understanding of security technologies (Security Information and Event Management (SIEM), Identity and Access Management (IAM), Endpoint Detection and Response (EDR), firewalls, Zero Trust, and cloud security) best practices, and risk management strategies are essential.
• Strong leadership and collaboration skills to engage IT, legal, and compliance teams effectively.
• The ability to align cybersecurity strategies with business objectives and articulate risks to executives.
• Proficiency in security policy development, incident response, and vendor security evaluations.
• Exceptional organizational and interpersonal skills to collaborate with internal and external stakeholders.
• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
• Seven to ten years of progressively responsible IT experience, including enterprise-level support and information security field (or equivalent combination of education and experience).
• Proven experience leading cybersecurity teams and managing IT security initiatives.

Nice To Haves

• Advanced degree in Information Technology, Cybersecurity, or a related field.
• Relevant information security certifications such as (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Privacy Manager (CIPM).
• Experience with public sector IT management.
• Familiarity with additional compliance programs such as Gramm-Leach-Billey Act (GLBA) and Family Educational Rights and Privacy Act (FERPA).

Responsibilities

• Develops and maintains an enterprise-wide information security program, including policies, procedures, and controls to protect critical data, infrastructure, and information assets.
• Works with the Director/CIO to establish and execute a multiyear cybersecurity strategy and roadmap.
• Ensures alignment of security goals with the department’s business plan, overseeing the development, execution, and updates of the cybersecurity strategic plan.
• Directs countywide information security efforts through departmental security professionals.
• Oversees Information Technology (IT) security policies, including disaster recovery, vulnerability management, and regulatory compliance.
• Coordinates and ensures compliance with HIPAA security requirements across County departments.
• Establishes continuous monitoring, auditing, and compliance reviews to safeguard County systems.
• Identifies and reports key performance metrics to measure the effectiveness of security programs.
• Leads IT security audits, including internal assessments and external compliance testing.
• Works with IT teams to implement security automation, vulnerability assessments, and risk management initiatives.
• Collaborates with the Training Officer to develop and deliver cybersecurity awareness programs.
• Other duties as required.