Chief Information Security Officer

J  o  b    D  e  s  c  r  i  p  t  i  o  n

Job Information

Title:

Chief Information Security Officer

Market Range:

IT18

Approved Date:

3/8/2024 1:02:47 PM

FLSA:

Exempt

EEO Code:

PROFESSIONALS

Career Level:

M4

Career Level Description:

Management Level 4

Job Code:

100100

Job Family:

Information Technology

Sub Family:

IT Security

Primary Purpose

Build a comprehensive security program and an accountable, information security-conscious culture and security architecture based on policies and procedures that are compliant with applicable Federal, State, and local laws, ordinances, and guidelines. Balance the safety and security of County IT resources with a forward-thinking and flexible approach that provides a high degree of customer satisfaction. Provide strategic and operational information security leadership Countywide, including the continuous improvement of enterprise information security technology, policies, practices, and standards.

•

Manage the Countywide Information Security Program including oversight of the County’s Information Risk Management Core Team and the development and maintenance of the County’s information security and privacy policies and procedures. Serve as the HIPAA Security Officer. Lead critical security and records management projects. Examples include the implementation of platforms such as

1.  Enhanced Endpoint Protection Platforms

2.  Network segmentation for the Data Center

3.  Multi-factor Authentication for VPN

4.  User Behavior Analytics Platform

5.  Data Classification Platform for Structured and Unstructured Data

1

40%

•

Develop and manage an information security training and awareness program for County employees. Monitor information security trends, threats and vulnerabilities and keep the County informed about information security related issues and activities affecting the organization.

2

10%

•

Mange the County’s information security incident response plan. Perform incident response planning, including developing, maintaining and enforcing the County’s information security incident response plan in addition to managing security incidents  when they occur.  Direct and coordinate the investigation and resolution of information security problems. Coordinate information security related audits and inspections required by the County (annual Financial audit, etc.). Perform security reviews of project documents (requirements, RFP’s, vendor responses, etc.) and County contracts with IT components.

3

25%

•

Oversee the development of the County Records Management program ensuring management of the records of the County throughout their life cycle.

4

10%

•

Serve on the Information Services (IS) leadership team and provide input into the department's strategic planning efforts, annual business plan update and organizational design. Manage the Security Services and Records Management team and associated operating and CIP budgets.

5

15%

Position(s) may perform other duties in addition to the above as assigned by management.

*IMPORTANT* In the event of an emergency, as determined by the County Manager or designee, participation in preparedness and response operations should be expected. Employee may be required to fill a temporary assignment in a role different from standard duties, work hours and/or work location in preparation for, during and after the emergency. Employee may also be required to participate in relevant exercises and regular preparedness training.

Career Level Dimensions

Career Level:

M4

Career Level Description:

Management Level 4

•

Directs a Division.

•

Creates the short-term strategy for the Division or Function and creates operational plans for Division that align with Department plan.  Actions have direct impact on results of the Department.

•

Responsible for Budget planning and justification.

•

Responsible for making significant improvements of processes, systems or standards to enhance performance of Division or multiple divisions.

•

Oversees employees who pioneer unique ideas or generate new, viable solutions to make improvements or respond to issues.

•

Communicates within and outside the Division(s).

•

Influences others regarding the area of responsibility’s practices and approaches.

•

Achieves goals through teams of managers.  May be responsible for creating workforce and staffing plans for job area to ensure availability of employees and resources.

•

Has hiring, firing, promotion and reward authority for direct reports.

•

Requires broad management and leadership knowledge to lead multiple Work Groups. Typically has master-level knowledge and skills within a specific technical or professional discipline with broad understanding of other areas within the job function.

Qualifications

•

Bachelor's degree in Computer Science, Information Systems, Computer Engineering or related field

•

Six years of experience in information security design and administration including at least two years of supervisory experience

•

Equivalent education and experience are accepted

•

5 Years

Experience managing and directing IT security staff to ensure security program objectives are met.

•

Information Technology\CISSP Certified Information Systems Security Professional

Within 1 Year

Or

•

Information Technology\CISM - Certified Information Security Manager

Within 1 Year

•

Knowledge of operations, services and activities of comprehensive information security programs.

•

Knowledge of advanced principles and best practices of system security design, deployment, analysis and testing.

•

Knowledge of advanced concepts, principles and practices for secure application architecture and design.

•

Knowledge of business continuity, disaster planning, auditing, risk management and policy management.

•

Understanding of legislative and regulatory issues pertaining to information security such as knowledge of Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), and open records statues.

•

Experience leading information security training for employees, contractors, volunteers, partners, and other third parties as appropriate.

•

Experience developing strategies for secure cloud based services.

•

Experience performing security risk assessments.

•

Demonstrated exceptional communication skills and ability to clearly discuss and convey complex information technology security concepts and terminology with both technical and non-technical staff at all levels within and outside the County.

•

Ability to foster an innovative, collaborative, success-oriented team environment.

An individual must be able to perform each essential duty satisfactorily to perform this job successfully. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Competencies

Adaptability & Flexibility

Changes behavioral style or method of approach when necessary to achieve a goal; adjusts style as appropriate to the needs of the situation. Responds to change with a positive attitude and a willingness to learn new ways to accomplish work activities and objectives.

Consulting

Applies knowledge of policies and procedures in the area of work to advise others across the organization on critical issues.

Technical Expertise

Applies and improves extensive or in-depth specialized knowledge, skills, and judgment to accomplish a result or to accomplish one's job effectively.

Problem Solving

Builds a logical approach to address problems or opportunities or manage the situation at hand by drawing on one's knowledge and experience base, and calling on other references and resources as necessary.

Cooperative Leadership

Promotes and generates cooperation among one's peers in leadership to achieve a collective outcome; fosters the development of a common vision and fully participates in creating a unified leadership team that gets results.

Strategic Vision

Sees the big, long-range picture and leads others accordingly.

Integrity

Act with honesty, transparency and respect in our interactions with co-workers and those we serve. Adhere, without exception, to laws, policies, procedures and professional standards.

Accountability

Establish high-quality standards for work. Add value. Measure results and hold self and others accountable for making progress toward desired outcomes. Take a logical and data-driven approach to decision-making.

Diversity

Believe that different backgrounds and experiences strengthen the organization and produce better results. Value inclusion across race, gender, age, religion, identity and experience, and strive to reflect in our workforce the diversity of our community.

Collaboration

Foster a work culture in which different ideas and opinions are encouraged and expected. Listen carefully and speak thoughtfully. Work together toward shared goals with mutual respect and cooperation.

Continuous Improvement

Continuously improve work processes and products. Provide a safe environment to be innovative and creative and try new things. When things don't go as planned, use it as an opportunity to learn, regroup and begin again. Provide time and resources for individuals to grow and develop both personally and professionally.

Wellness

Take proactive steps to be physically fit and healthy, emotionally strong, financially secure and socially fulfilled, while inspiring and empowering others to do the same.

Service Orientation

Commit to making a difference within the community. Actively engage in and enjoy our work. Deliver services that exceed expectations, with courtesy, politeness and sensitivity to the experiences, concerns and feelings of all co-workers and customers.

ADA Checklist

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions

Standard ADA Selection:

Office Environment

Standing

X

Walking

X

Sitting

X

Lifting/Carrying 0-10 pounds

X

Lifting/Carrying 10-20 pounds

X

Lifting/Carrying 20-50 pounds

X

Lifting/Carrying 50-100 pounds

X

Pushing

X

Pulling

X

Climbing

X

Balancing

X

Stooping

X

Kneeling

X

Crouching

X

Crawling

X

Reaching

X

Handling

X

Grasping

X

Fingering

X

Feeling

X

Talking

X

Hearing

X

Visual Perception

X

Repetitive Motions

X

Eye/Hand/Foot Coordination

X

Memorization/Concentration

X

Learning/Knowledge Retention

X

Preparing/Analyzing Numerical Figures

X

Use of Interfaced Commmunication Devices (Phone, Computer, Radio etc.)

X

Analyzing/Examining/Testing Data

X

Emotional/Behavioral Self-Regulation

X

Interacting with Others

X

Comprehension

X

Organization

X

Decision Making

X

Comprehension

Understand complex problems and collaborate to explore alternative solutions

Organization

Organize and prioritize the work schedules of others to manage multiple tasks and/or projects

Decision Making

Make decisions that have significant impact on a department's credibility, operations and/or services

Communication

Communicate in-depth information for the purpose of interpreting and/or negotiating

Extreme cold

X

Extreme heat

X

Humid

X

Wet

X

Noise

X

Hazards

X

Temperature Change

X

Atmospheric Conditions

X

Vibration

X

Computers/Monitors

X