CHIEF INFORMATION SECURITY OFFICER (IT)

About The Position

Requirements

• Ten (10) years' progressive professional IT experience -AND- five (5) years' professional experience in cybersecurity, including leadership responsibilities -AND- five (5) years' experience in enterprise risk management, security auditing and compliance oversight -AND- five (5) years' experience supervising or managing IT and/or cybersecurity staff.
• Equivalent combinations of education and experience may be considered.
• Must be willing to work irregular hours, nights and weekends in response to cybersecurity incidents.
• Must obtain and maintain certifications as determined by the CIO.
• Will be required to pass background and security clearance checks.
• Must be able to perform Essential Job Duties and Functions with or without reasonable accommodations.

Nice To Haves

• Experience in public sector or governmental environments preferred.
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• GIAC certifications
• Other relevant advanced cybersecurity certifications

Responsibilities

• Develops and executes a comprehensive enterprise cybersecurity strategy and roadmap.
• Establishes a county-wide information security governance framework.
• Advises the CIO, County leadership and elected officials on cybersecurity risks, threats and mitigation strategies.
• Provides executive-level reporting on risk posture, security incidents, compliance status and emerging threats.
• Leads the development of long-term cybersecurity investment and budget planning.
• Establishes and maintains a formal enterprise risk management framework for cybersecurity.
• Oversees security audits, risk assessments and vulnerability management programs.
• Ensures compliance with applicable federal, state and local regulations and standards.
• Develops, maintains and enforces information security policies, standards and procedures.
• Coordinates third-party risk management and vendor security reviews.
• Provides executive oversight of county IT architecture, infrastructure security and data protection strategies.
• Ensures security measures are integrated into system design, development, procurement and implementation processes.
• Oversees implementation and management of security technologies including firewalls, VPNs, endpoint protection, identity and access management and data loss prevention.
• Ensures appropriate security controls are embedded in new systems, networks and data center initiatives.
• Leads the County's cybersecurity incident response program.
• Directs response efforts for security breaches, threats and cyber incidents.
• Oversees development and testing of disaster recovery and business continuity plans.
• Coordinates with law enforcement, regulatory bodies, insurance carriers and external cybersecurity partners as needed.
• Ensures the internal IT security framework operates effectively while supporting business needs across departments.
• Evaluates new initiatives and projects for security architecture alignment and risk mitigation.
• Leads security-related change management and stakeholder education initiatives.
• Establishes cybersecurity awareness and training programs for all County employees.
• Develops and tracks key performance indicators (KPIs) and key risk indicators (KRIs) for cybersecurity performance.
• Builds and leads a high-performing cybersecurity team.
• Fosters a culture of security awareness and accountability across the organization.
• Works collaboratively with department leadership to balance security, usability and operational efficiency.