Chief Information Security Officer

About The Position

Requirements

• Bachelor's degree from an accredited college or university in any field.
• Previous professional experience overseeing enterprise cybersecurity strategy, governance framework, security policies, standards, and programs to ensure information assets, systems, and technologies are protected against internal and external threats.
• An equivalent combination of education, experience and training that demonstrate the necessary knowledge, skills, and abilities may be taken into consideration.

Nice To Haves

• A valid driver's license.

Responsibilities

• Lead official for county-wide cyber and IT security strategy, policy and enforcement, Cyber office program development; develops fluid strategy and concepts regarding cyber security and data privacy.
• Develop and manage a comprehensive enterprise Cyber/IT security and risk management program.
• Lead and develop an effective and high performing Infosec team, integrated to work with the IT organization and County agencies and partners.
• Develop and recommend policies and procedures for appropriate use, and for detecting, deterring, and mitigating IT security threats; directs implementation, compliance and enforcement of enterprise-wide IT/Cyber security policy, standards and practices.
• Develop strategies for safeguarding the county's IT environment from cyber threats.
• Ensure that IT architecture and design comply with law and regulations.
• Interface with internal and external stakeholders serving as the public face for Cyber Security.
• Advise county leadership on cyber security awareness and issues.
• Advise and collaborate with the Office of Emergency Management regarding COOP, state legislation regarding cyber incident management and reporting, training and exercises, and physical security regarding access controls, policies and supporting technologies.
• Inform CIO of issues and recommend determinations.
• Advise OIT directors of IT/cyber polices, practices and protective measures regarding the IT environment and Cyber/IT security solutions.
• Respond to and addresses IT/Cyber security breaches and incidents, including overseeing the activation of the OIT IT security emergency response team and/or departmental incident response teams.
• Oversee security audits and tasks to confirm the integrity, confidentiality and availability of the enterprise's information technology environment.
• Oversee data searches that may be conducted by Infosec for MPIA, FOIA, e-discovery, document preservation and legal holds.
• Works with Office of Law, CEX Offices of IG, COS Communications, OEA, PAB and ACC, and law enforcement related to cyber incidents.
• Prepare reports and advisements.
• Ensure that tools are implemented for early threat detection to reduce the risk of attacks against the IT environment and systems.
• Conduct enforcement and compliance activities and implement threat and Cyber Security awareness campaigns.
• Conduct and/or support investigations of suspected information security misuse.
• Practice the utmost discretion in communicating security exposures, misuse and non-compliance, and communicate status and updated requirements of security matters to management as appropriate.
• Manage the IT Security Office (Infosec), establishes staff, resource requirements, defense-in-depth architecture, targets, policies and procedures, and administrative matters including development of Infosec budgets within parameters.
• Supervise staff and contractors, makes assignments, plans training and skill development; conducts coaching.
• Develop requirements for contractors and brings issues related to contractor performance to the OIT Contracts Manager.

Benefits

• The salary range listed in this announcement reflects the offer range for this position. Offers made within this range are based on qualifications, experience, and internal equity.