Chief Information Security Officer (0933 Manager V) - Department of Public Health

About The Position

Requirements

• Education: Bachelor's degree from an accredited college or university; AND
• Experience: Five (5) years of professional healthcare information systems security experience, of which three (3) years must include supervising IT professionals.
• Education Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis. One (1) year is equivalent to thirty (30) semester units / forty-five (45) quarter units.
• Applicants must meet the minimum qualification requirements by the final filing date unless otherwise noted.

Nice To Haves

• Possession of a Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) certification

Responsibilities

• Provides strategic leadership in evaluating and mitigating information security threats across the organization using a structured, risk-based methodology. Advises executive leadership on identified risks and ensures timely execution of mitigation and remediation plans with integrity and discretion
• Directs the ongoing development of the department's information security program, including project portfolio management, incident response, policy frameworks, compliance activities, threat and vulnerability management, and third-party risk management
• Allocates and manages resources to support a robust security strategy. Identifies and advocates for strategic investments, oversees capital and operating budgets, and delivers ROI analyses and budget recommendations
• Partners with the Office of Compliance and Privacy Affairs to assess data security risks related to contracts, projects, artificial intelligence solutions, and other initiatives. Develops tools and interventions to mitigate risks, establishes performance metrics, and monitors compliance through audits and assessments
• Builds alignment and support for security goals and initiatives across internal and external stakeholders. Communicates effectively with leadership at all levels on trends, risks, and the overall effectiveness of the security program
• Promotes awareness and understanding of regulatory requirements across the organization. Leads or collaborates on testing and auditing activities to ensure ongoing compliance and successful certifications
• Analyzes security requirements and ensures compliance with industry standards such as HIPAA, NIST, and PCI-DSS
• Establishes and maintains comprehensive policies and procedures to support effective and sustainable security operations
• Serves as the department's representative in security-related matters with City agencies and partners
• Continuously monitors emerging trends, technologies, and best practices in cybersecurity to ensure the department's security posture remains current and effective
• The Chief Information Security Officer (0933 Manager V) may perform other duties as assigned/required.