Chief Information Security Officer (Information Systems Department)

County of Berks•Reading, PA

2d•Onsite

About The Position

The Chief Information Security Officer of the County of Berks is responsible for collaborating with the county CIO and other county leadership in overseeing and managing the cybersecurity strategy, operations, and compliance efforts for the organization. This position plays a critical role in protecting the confidentiality, integrity, and availability of the organization's information assets and systems while ensuring compliance with relevant policies, laws, and regulations. The CISO and his/her staff will develop and execute a comprehensive cybersecurity strategy aligned with the organization's goals and objectives. This position will serve as one of the primary advisors to organizational leadership on cybersecurity matters, providing guidance and recommendations to mitigate risks and address emerging threats. The CISO and his/her staff will strive to ensure adherence to regulatory requirements such as the Criminal Justice Information Services (CJIS) Security Policy, HIPAA, and other applicable federal, state, and local laws. The CISO will collaborate with leadership to develop, implement, and update cybersecurity policies and procedures. This position will play a key role in developing and maintaining the organization’s Cybersecurity Incident Response Plan, ensuring preparedness to address and recover from security incidents. The CISO will work with stakeholders to create and regularly update the organization’s Continuity of Operations Plan (COOP), ensuring resilience and continuity during disruptions. This position will be responsible to collaborate with the rest of the I.S. department and operational teams to integrate security measures into system design, procurement, and implementation processes. The CISO will evaluate and recommend security technologies, tools, and services to enhance the organization’s cybersecurity posture. The CISO and his/her staff will be responsible for overseeing the deployment, management, and monitoring of security infrastructure, including firewalls, IDS/IPS, EDR solutions, and many other security and technology solutions.

Requirements

Bachelor’s degree in Computer Science, Information Technology, or other related field of study
Five years of firewall administration experience.
Five years of experience in information systems architecture and design
Five years of experience in incident management/incident response
Eight years of experience in network administration or cybersecurity
IT Security Certifications required: Certified Information Security Professional (CISSP), Certified Information Security Manager (CISM), or other approved certification.
Valid state-issued driver’s license required for local travel to County sites.
Any equivalent combination of experience and training that provides the required knowledge, skills, and abilities.
Expert knowledge of OSI Model’s Layer 2 through Layer 7 network traffic
Expert knowledge in current cybersecurity best practices and trends
Ability to work with the coach technical team members to ensure that all solutions are secure.
Ability to work with external vendors and contractors to evaluate new products and maintain existing products.
Strong attention to detail and ability to solve problems effectively.
Expert knowledge of firewall and security configuration
Expert knowledge of routing and switching infrastructure, configuration, and protocols
Knowledge of Microsoft server configurations and active directory
Expertise in project management
Knowledge of enterprise technology topology, including data center best practices, network design, and SAN implementation.
Ability to work with information security staff and policies to ensure that all solutions are inherently secure.
Knowledge of IT best practices and service offerings.
Ability to work with vendors and contractors regarding new product evaluation and maintenance of existing products.
Ability to keep accurate records and documentation.
Ability to analyze complex problems and envision resolutions.
Ability to communicate effectively both orally and in writing.
Ability to thrive in a stressful, fast-paced team environment.
Ability to handle stress.
Physical presence in the office is required.

Responsibilities

Accountable for the overall performance and efficacy of security projects and programs
Analyzing security risks.
Managing compliance efforts for HIPAA, CJIS, PCI, and other sensitive data sets.
Recommending and implementing security safeguards.
Monitoring compliance with security laws and regulations.
Investigating information security and compliance incidents.
Manage security reporting & executive reporting.
Oversee end-user security awareness program.
Manage regular security and compliance tasks.
Serve as project manager for designated security projects.
Review security and compliance of equipment configurations.
Maintain security and compliance documentation.
Oversee and manage vulnerability management.
Evaluate purchasing decisions and install new equipment.
Support the organization's business continuity and disaster recovery planning and response.
Schedules and conducts tabletop exercises and simulations.
Works with CIO and IT leadership team on risk management and risk reporting.
Design and manage the implementation of governance efforts.
Create and review policies and procedures to align with established standards.
Manage security audits and assessments and resulting findings.
Manages and oversees the County’s HIPAA security effort