Chief Information Security Officer

About The Position

Requirements

• Bachelor's degree in a related field.
• Five (5) years of directly related experience in information technology or security management.
• Experience in information security principles and frameworks (NIST, ISO 27001/2).
• Experience in designing, implementing, and managing security programs.
• Experience with remote access systems, digital certificates, and intrusion detection/prevention systems.
• Knowledge of regulatory compliance requirements such as HIPAA, CJIS, and PCI.
• Certification in Certified Information Security Auditor (CISA) or CompTIA+ Security.

Nice To Haves

• Seven (7) years in information technology or security management with five (5) years concentrated in information security.
• At least 4 of the required 7 years in a Lead or Supervisory capacity.
• Active membership in professional information security organizations (ISSA, ISACA).

Responsibilities

• Develop short- and long-term strategies for the City's Information Security Plan.
• Formulate policies to detect and mitigate threats.
• Advise the City Manager's Office on data security for major IT projects.
• Oversee disaster recovery, business continuity, and the Cybersecurity team's budget and operations.
• Represent the division in meetings with county, state, and advisory bodies on City data security policies and programs.
• Collaborate with risk management and leadership to maintain the City's risk register.
• Oversee citywide security policies, the Written Information Security Program (WISP), and data governance.
• Promote ongoing security and privacy training across all organizational levels.
• Set citywide processes for protecting electronic and physical environments.
• Lead cross-departmental efforts to address process violations and compromised data.
• Design secure architecture and ensure compliance with policies while monitoring system performance.
• Track anomalies, investigate threats, and address vulnerabilities based on prioritized response plans.
• Conduct audits, resolve security gaps, and manage contracts for security software and equipment.
• Oversee threat and vulnerability assessments and conduct routine network evaluations.
• Manage penetration testing and investigate unsecured data or systems.
• Recommend professional development for IT security staff and coordinate training programs.
• Guide the public on cyber hygiene and awareness through the Public Information Office.
• Provide supervision, set performance expectations, and conduct performance reviews.

Benefits

• Medical, dental, vision, life, and disability insurance coverage.
• Flexible spending account (FSA) options.
• Rich pension plan with optional Roth and pretax deferred compensation savings.
• 38 paid days off in the first year of employment, increasing in subsequent years.
• Twelve weeks of paid parental leave.
• Paid tuition reimbursement and student loan repayment.
• Opportunities for off- and on-the-job training.
• Paid volunteer hours and employee resource groups.