Chief Information Security Officer

About The Position

Requirements

• Communication: Act as a trusted liaison between the technical security and engineering teams, Senior Executives, and Elected Officials/Board of Commissioners. This requires an exceptional ability to translate complex technical language into clear, understandable business value.
• Compliance Expertise: Deep mastery of HIPAA, CJIS, PII, and PCI frameworks.
• Cyber Insurance Management: Responsible for negotiating and maintaining cyber insurance policies.
• Supply Chain Integrity: Develop and oversee robust Third-Party Risk Management (TPRM) initiatives to ensure all technology vendors meet the County's rigorous security and privacy standards by design.
• Tech Stack: Expertise in cloud architecture, AI-assisted Endpoint Detection and Response (EDR)/ Extended Detection and Response (XDR), and Security Orchestration, Automation, and Response (SOAR) platforms to stop attacks.
• Crisis Management: Maintains composure under pressure with deep experience leading digital forensics.
• Strategic Mindset: Ability to align security with County goals and technology strategic plans.
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Public Administration, or a related field (qualifying professional-level experience may substitute for the required education on a year-for-year basis.)
• Six (6) years focused on managing information security in a complex, matrixed environment
• Advanced experience in building, executing, and overseeing enterprise-level information security programs, including budgetary planning and large-scale programmatic oversight.
• Experience managing and professional development of an experienced team of direct reports (5)
• Experience with Federal and State security legislation (e.g., HIPAA, CJIS, PII, PCI) and the implementation of strategic frameworks (e.g., NIST Cybersecurity Framework, ISO/IEC 27001, or CIS Controls).
• Expert-level understanding of secure software development lifecycles (DevSecOps), artificial intelligence, data governance, and enterprise application integrity.
• Experience implementing IAM or Zero Trust Architecture in complex government and regulatory environments.
• Certified Information Systems Security Professional (CISSP)
• Criminal Justice Information Systems (CJIS) authorization is required prior to the start of this position, which includes a records check and fingerprinting upon acceptance of the employment offer.
• Required: A cover letter that expands on your resume, addresses why you are interested in this position and demonstrates how your experience and skill set align with the minimum and preferred qualifications listed.
• All employees must reside in Oregon or Washington.

Nice To Haves

• Experience working in the public sector or another highly regulated industry, such as healthcare or finance.
• Active involvement in MS-ISAC or other national information security organizations.
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Cloud platform specific professional certifications, e.g. Google Cloud, Microsoft Azure, AWS etc.
• Transferable skills: Your transferable skills are any skills you have gained through education, work experience (including the military) or life experience that are relevant for this position. Be sure to describe any transferable skills on your application and clearly explain how they apply to this position.

Responsibilities

• Build a culture where security is a shared responsibility
• Cultivate deep relationships across departments and use emotional empathy to foster trust and layered security
• Oversee sophisticated threat-hunting operations to neutralize adversaries before they reach the perimeter
• Act as a high-profile advocate
• Lead the charge in integrating AI-driven security tools
• Leverage automation to eliminate alert fatigue and use machine learning to predict emerging patterns
• Direct high-stakes incident response with calm, clinical precision
• Manage the technical, legal, and reputational fallout of breaches while maintaining the trust of County employees and the community
• Spearhead immersive, behavioral-based training programs that empower employees to be our strongest line of defense
• Act as a trusted liaison between the technical security and engineering teams, Senior Executives, and Elected Officials/Board of Commissioners
• Negotiating and maintaining cyber insurance policies
• Develop and oversee robust Third-Party Risk Management (TPRM) initiatives to ensure all technology vendors meet the County's rigorous security and privacy standards by design
• Align security with County goals and technology strategic plans

Benefits

• Multnomah County offers an exceptional benefits package, including employer-funded retirement savings; health and dental insurance at very low cost to full-time employees and their dependents; paid parental leave; wellness programs; a focus on work-life balance; and much more.