Information Technology Security Officer

About The Position

Requirements

• Option A: Bachelor's degree in Business Administration, Computer Information Systems, Information Technology or closely related field from an accredited college or university and five (5) years of paid experience performing IT security management; and at least two (2) years in an administrative or management capacity responsible for cyber security risk assessment, implementation of security management practices, monitoring of security protection measures, managing SIEM, vulnerability management, and other security tools in an enterprise environment.
• Option B: Master's degree in Computer Science or closely related field is highly desirable from an accredited college or university and four (4) years of paid experience performing IT security management; and at least two (2) years in an administrative or management capacity responsible for cyber security risk assessment, implementation of security management practices, monitoring of security protection measures, managing SIEM, vulnerability management, and other security tools in an enterprise environment.
• Knowledge of: Computers and Electronics: Electric circuit boards, processors, chips, and computer hardware and software.
• Knowledge of: Principles, methods, and practices of systems/network administration and maintenance.
• Knowledge of: Agency policies and procedures and practices regarding data security.
• Knowledge of: Network security design principles, practices, and related tools and software.
• Ability to objectively assess situations or circumstances using all the relevant information, apply experience, evaluate the problem objectively, calculate risks, and make an ethical and informed decision.
• Manage the performance of staff by coaching for performance.
• Motivating, developing, and directing people as they work.
• Acknowledge, value and support diversity of thought, opinion and approach with customers and colleagues regardless of background, culture and organizational level.
• Execute work that adheres to the City’s stated principles of Diversity, Equity, and Inclusion including, but not limited to, your “duty to act” to ensure fair and equitable treatment of all persons and historically underrepresented groups.
• Fostering an inclusive and supportive environment in which everyone in the City has an opportunity to thrive.
• Incorporating an equity perspective to day-to-day work in all responsibilities, decisions and actions of providing public service.
• Effectively communicating information and ideas in writing, as well as through speech, so others will understand.
• Persuasion: Convincing others to approach things differently.
• Working independently and with minimal supervision.
• Speech recognition: Identifying and understanding the speech of another person.
• Project analysis; weighing the costs/benefits of a potential action.
• Possession of at least one of the following certifications is required: Certification as a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Global Information Assurance Certification (GIAC), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), or equivalent information security certification.

Nice To Haves

• Master's degree in Computer Science or closely related field is highly desirable

Responsibilities

• Plans, organizes, manages, and participates in the development, implementation, and monitoring of the City’s information security programs, information technology risk management programs, and information security policies.
• Supervises and reviews the work of professionals and serves as a subject matter expert in information security.
• Develops and executes a cyber security strategy that is aligned with internal stakeholders, organizational priorities, facilitates city operations, and meets industry standards.
• Directs and participates in the identification of security risks, development and implementation of security management practices, and the measurement and monitoring of security protection measures.
• Ensures compliance with regulatory requirements such as Criminal Justice Information Services (CJIS), Payment Card Industry Data Security Standards (PCI), Health Insurance Portability and Accountability Act (HIPAA), California Privacy Protection Agency, and federal, state, and local laws.
• Monitors agency infrastructure, devices, and information systems for security integrity.
• Provides planning and guidance to information technology staff on vulnerability management and security incident response procedures.
• Oversees portfolio of cyber risk and security applications and procedures, implements new security processes and related technologies to ensure a continuous improvement of the City’s cyber security posture.
• Oversees assigned staff in performing their responsibilities and provides guidance as necessary.
• Analyzes information, situations, problems, policies, and procedures to identify, recommend, and implement solutions systemically.
• Formulates, recommends, and executes enterprise-wide policies and procedures for detecting, deterring, and mitigating information security threats.
• Serves as a subject matter expert and internal consultant on data security implications for proposed information technology projects and programs and makes recommendations to align new technologies to security standards.
• Prepares oral and written reports for executive leadership, the City Manager’s Office, and City Council.
• Develops cyber security, cyber risk, and security awareness training programs for City staff.
• Monitors training effectiveness by documenting and reporting data point trends on user awareness and vulnerability assessments.
• Builds and maintains positive relationships with City stakeholders.
• Attends City/Industry-related functions.
• Performs other duties as required.

Benefits

• 4/10 schedule