Chief Information Security Officer

Chief Information Security Officer

Purpose: This position is responsible for the Citywide information security program, including safeguarding the City's information, data, and technology infrastructure, and for overseeing the information security governance committee.

Essential duties and functions, pursuant to the Americans with Disabilities Act, may include the following. Other related duties may be assigned.

• Leads the cyber team that monitors and protects the City's information and data from current and emerging internal and external security threats.
• Designs, develops, implements, evaluates, refines, monitors, and reports on all security-related aspects of the City's information and data systems and architecture.
• Leads the development and implementation of cyber-incident response plans and procedures to ensure timely recovery of business-critical services during security events; delivers guidance, support, and internal consulting on incident response practices; works with the resiliency team to ensure incident responses are a coordinated effort across the City.
• Assess current IT security best practices and systems controls to identify areas for improvement, based on NIST control sets.
• Collaborates with the enterprise architecture team to align security and enterprise reference architectures, ensuring cybersecurity requirements are embedded by design and integrated into all architectural frameworks.
• Researches and evaluates Citywide data security solutions through the citywide enterprise architecture process.
• Develops and presents budget recommendations, long- and short-term plans, and key performance indicators and targets.
• Directs security threat assessments, risk analyses, and system audits; leads and participates in tabletop exercises for cybers; and develops information and data security standards.
• Collaborates with other departments and stakeholders for cybersecurity best practices and preparedness for cyber events.
• Represents the City on information security strategy to internal and external organizations and maintains an information security governance committee.
• Oversees relevant and appropriate communications, awareness, and training programs.
• Oversees the coordination of the Citywide Security Operations.
• Champions and educates the organization about the latest security initiatives, strategies and technologies.

• Responsible for the full range of supervisory activities including selection, training, evaluation, counseling, and recommendation for dismissal.

Must possess required knowledge, skills, abilities, and experience and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.

• Knowledge of Local, State, and Federal laws and regulations relevant to information security, privacy, and computer crime.
• Knowledge of the principles and practices of public administration and management.
• Knowledge of the capabilities and limitations of computer systems and technology.
• Knowledge of operating systems, Internet technologies, databases, and security infrastructure.
• Knowledge of information security controls, procedures, and regulations.
• Knowledge of concepts and techniques for enterprise risk management, audits, and risk assessments.
• Knowledge of incident response program practices and procedures.
• Skill in quickly resolving advanced security issues in diverse and decentralized environments.
• Skill in foreseeing technology threats and keeping ahead of security needs.
• Ability to establish and maintain effective working relationships with City staff, executive management, peers, State and County officials, outside agencies and partners, vendors, community groups, general public, and media representatives.
• Ability to direct and organize program activities; to identify problems, evaluate alternatives, and implement effective solutions.
• Ability to develop and evaluate policies and procedures and to prepare reports.
• Ability to communicate effectively in writing, verbally, and in presentations.
• Ability to plan, assign, or supervise the work of others.
• Ability to manage and oversee the development, monitoring, and maintenance of technology security processes and controls.

• Graduation with a Bachelor's degree from an accredited college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field, plus six (6) years of related experience, including two (2) years of experience which were in a supervisory capacity.

• Maintain relevant security, privacy or risk leadership certification (i.e., CISSP, CISM, CISA, CRISC, CDPSE, CIPP, CIPM, CIPT, CCSK, ISO/IEC 27001, ISO/IEC 27701) or obtain within six (6) months of employment.

• Demonstrated experience leading…