Chief Information Security Officer

About the Position

The Office of Information Technology (OIT) is seeking a highly experienced and strategic technology leader to serve as the Chief Information Security Officer (CISO). This executive-level management position is responsible for overseeing the County’s enterprise cybersecurity strategy, governance framework, security policies, standards, and programs to ensure information assets, systems, and technologies are protected against internal and external threats. The CISO serves as the County’s subject matter expert on cybersecurity concepts, risk management, compliance requirements, and industry standards including ISO 27000 series, SOX, GDPR, PII, PCI, and related regulatory frameworks.

The incumbent directs cybersecurity operations, security monitoring, threat assessment, incident response, cyber continuity planning, and resiliency initiatives across on-premises, cloud, and externally hosted environments supporting County applications, infrastructure, communications, endpoints, and data systems. This position develops risk-based security strategies, operational recommendations, and budget initiatives to support enterprise cybersecurity objectives and collaborates extensively with OIT technology divisions, the Office of Homeland Security, regional partners, and intergovernmental cybersecurity organizations including the COG IT Security Subcommittee and related State and regional work groups.

The position operates with considerable independence and requires exceptional leadership, sound judgment, strategic vision, and ethical conduct under the general supervision of the Chief Information Officer (CIO).

The Office of Information Technology (OIT) provides support for all of the agencies, departments, and branches of County government. The OIT Service Desk provides information technology support and maintenance services to Prince George’s County personnel. The Office of Information Technology is wholly dedicated to aligning technology efforts to support the strategic goals of the County. OIT will provide leadership, expertise, and resources in the ideation, development, and deployment of innovative technologies and streamlined processes to improve government efficiency, business interaction, and citizen access to government information and services.

• Lead official for county-wide cyber and IT security strategy, policy and enforcement, Cyber office program development; develops fluid strategy and concepts regarding cyber security and data privacy.
• Develop and manage a comprehensive enterprise Cyber/IT security and risk management program.
• Lead and develop an effective and high performing Infosec team, integrated to work with the IT organization and County agencies and partners.
• Develop and recommend policies and procedures for appropriate use, and for detecting, deterring, and mitigating IT security threats; directs implementation, compliance and enforcement of enterprise-wide IT/Cyber security policy, standards and practices.
• Develop strategies for safeguarding the county's IT environment from cyber threats.
• Ensure that IT architecture and design comply with law and regulations.
• Interface with internal and external stakeholders serving as the public face for Cyber Security.
• Advise county leadership on cyber security awareness and issues.
• Advise and collaborate with the Office of Emergency Management regarding COOP, state legislation regarding cyber incident management and reporting, training and exercises, and physical security regarding access controls, policies and supporting technologies.
• Inform CIO of issues and recommend determinations.
• Advise OIT directors of IT/cyber polices, practices and protective measures regarding the IT environment and Cyber/IT security solutions.
• Respond to and address IT/Cyber security breaches and incidents, including overseeing the activation of the OIT IT security emergency response team and/or departmental incident response teams.
• Oversee security audits and tasks to confirm the integrity, confidentiality and availability of the enterprise's information technology environment.
• Oversee data searches that may be conducted by Infosec for MPIA, FOIA, e-discovery, document preservation and legal holds.
• Works with Office of Law, CEX Offices of IG, COS Communications, OEA, PAB and ACC, and law enforcement related to cyber incidents.
• Prepare reports and advisements.
• Ensure that tools are implemented for early threat detection to reduce the risk of attacks against the IT environment and systems.
• Conduct enforcement and compliance activities and implement threat and Cyber Security awareness campaigns.
• Conduct and/or support investigations of suspected information security misuse.
• Practice the utmost discretion in communicating security exposures, misuse and non-compliance, and communicate status and updated requirements of security matters to management as appropriate.
• Manage the IT Security Office (Infosec), establishes staff, resource requirements,…