Chief Information Security Officer

About The Position

Requirements

• Organization and management practices as applied to the development, analysis, and evaluation of information assurance program, policies, procedures, protocols, and standards.
• Advanced information technology security management theory, principles, and practices and their application to a wide variety of services and programs.
• Industry best practices of information technology security management and control.
• Methods and techniques of developing technology security related training programs and educational materials.
• Methods and techniques of identifying and assessing security threats and violations and developing response and mitigation strategies.
• Principles and practices of project management.
• Operational relationships between information technology security program, application development, database management, and components of technology infrastructure such as server and network systems.
• Principles and practices of developing and maintaining technical documentation, files, and records.
• Principles and practices of employee supervision, including work planning, assignment review and evaluation, discipline, and the training of staff in work procedures.
• Principles and practices of leadership.
• Applicable federal, state and local laws, regulatory codes, ordinances and procedures relevant to assigned areas of responsibility.
• Principles and techniques for working with groups and fostering effective team interaction to ensure teamwork is conducted smoothly.
• Techniques for providing a high level of customer service by effectively dealing with the public, vendors, contractors, and County staff.
• The structure and content of the English language, including the meaning and spelling of words, rules of composition, and grammar.
• Modern equipment and communication tools used for business functions and program, project, and task coordination, including computers and software programs relevant to work performed.
• Plan, manage, direct, and oversee a Countywide technology security program.
• Conduct risk assessments of County information technology infrastructure, systems, and devices and make recommendations on needed changes.
• Develop and implement IT security related goals, objectives, policies, and procedures.
• Establish an environment which promotes the criticality of technology system security.
• Serve as a technical advisor to departments on security matters.
• Respond to and investigate, security threats, incidents, and violations.
• Select and supervise staff, provide training and development opportunities, ensure work is performed effectively, and evaluate performance in an objective and positive manner.
• Assist in developing and implementing goals, objectives, practices, policies, procedures, and work standards.
• Evaluate and recommend improvements in operations, procedures, policies, or methods.
• Integrate information technology security needs of diverse departments with Countywide information technology systems, infrastructure, and policies, procedures, and standards.
• Work collaboratively with County staff to identify and implement security solutions for business process improvements and efficiencies.
• Recommend, design, develop, and implement new, enhanced, or modified information technology security systems and tools.
• Prepare clear and concise technical documentation, information technology procedures, staff reports, and other written materials related to IT security.
• Understand, interpret, and apply all pertinent laws, codes, regulations, policies and procedures, and standards relevant to work performed.
• Independently organize work, set priorities, meet critical deadlines, and follow-up on assignments.
• Effectively use computer systems, software applications relevant to work performed, and modern business equipment to perform a variety of work tasks.
• Communicate clearly and concisely, both orally and in writing, using appropriate English grammar and syntax.
• Establish, maintain, and foster positive and effective working relationships with those contacted in the course of work.
• Equivalent to a bachelor's degree from an accredited four-year college or university with major coursework in information technology, computer science, or a related field
• Five (5) years of increasingly responsible experience in providing professional level support in the administration of an information technology security program, including two (2) years of lead, supervisory, and/or project management responsibility specific to the security operations center.
• Must possess a current professional security management certification, such as a Global Information Assurance Certification (GIAC) Security Expert (GSE), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.
• Must possess a valid US driver's license upon date of application. Must obtain California driver's license following hire date per California DMV regulations.

Responsibilities

• Plans, develops, and implements a Countywide information technology security program which includes, but is not limited to, information technology security awareness, systems risk assessment, business impact analysis, disaster recovery, and business continuity.
• Develops and oversees Countywide information assurance policy and guidelines in concert with County agencies and departments for executive management review and approval; upon approval, implements policy and guidelines.
• Advises County staff and departments in the review of information technology security policies, computer operations, server infrastructure, logical access controls, and network and data communication systems security; recommends the use of information technology and network security solutions and tools.
• Acts as the central point of contact for information technology related security incidents or violations; assists County departments (e.g., law enforcement, auditors, etc.) in the investigation of security threats, incidents, or violations.
• Plans, coordinates, and participates in conducting cyber security risk assessments and business impact analyses of County department processes and information technology infrastructure and systems to identify and address threats and vulnerabilities; facilitates the development of effective disaster recovery and business continuity plans.
• Evaluates and ensures the installation, management, operation, and maintenance of information technology infrastructure, systems, and support environments.
• Adheres to information assurance policy and guidelines; troubleshoots and resolves security-related issues.
• Develops, promotes, and presents information assurance security training and education to all levels of the County organization structure on an ongoing basis.
• Leads security research and development; conducts an extensive review of processes, regulatory changes, or business requirements with user focus groups; identifies options to develop new or modify existing applications and databases to respond to these needs.
• Analyzes work processes and flows and creates technical documentation; audits installation projects to ensure compliance; identifies need for integration of technology infrastructure or systems and creates specifications for same; ensures adherence to Countywide information technology policies, procedures, protocols, and standards.
• Collaborates with and coordinates the County information technology security program with state and federal agencies.
• Plans, prioritizes, assigns, supervises, reviews, and participates in the work of staff responsible for information technology security projects and activities.
• Participates in the development and implementation of information technology goals, objectives, policies, and priorities; monitors work activities to ensure compliance with established policies and procedures; makes recommendations for changes and improvements to existing standards and procedures.
• Selects, trains, motivates, and evaluates assigned staff; works with employees to correct deficiencies.
• Participates in the preparation and administration of assigned program and project budgets; submits budget recommendations; coordinate vendor activities, write and evaluate proposals, and negotiate contracts for information technology security related equipment and services; monitors expenditures.
• Writes and maintains County information technology security policies and procedures; maintains systems certification, authorization documentation, and related documents.
• Attends and participates in professional group meetings; stays abreast of new trends and innovations in the field of information technology security.
• Performs related duties as assigned.