Manager II - Security; and Promotional
Listed on 2026-07-08
-
IT/Tech
Cybersecurity, Information Security, Security Management & Operations
IS Manager II
- Security (Open and Promotional)
County of San Mateo, CA
We are seeking a highly experienced and adaptable IS Manager II
- Security to lead a critical cybersecurity program within a fast‑paced, constantly evolving threat landscape. This role oversees a team of cybersecurity professionals and is responsible for protecting the organization's systems, data, and infrastructure against increasingly sophisticated threats.
This position requires a leader who can operate effectively in a dynamic, high‑risk environment, where cyber threats evolve rapidly and require both proactive strategy and reactive response. You will play a key role in shaping security architecture, leading incident response efforts, and ensuring compliance with industry standards and regulatory frameworks.
The IS Manager II
- Security will directly manage a supervisor and a team of four security engineers, as well as a full‑time investigative and compliance resource, providing leadership, direction, and oversight across multiple critical security domains.
- 5+ years of management experience over Cybersecurity related staff and projects
- Advanced experience with firewalls, IDS, IDPS, SIEM, SOAR, host protections
- Security compliance experience related to CJIS, PCI, and IRS 1075
- Deep, hands‑on expertise in cybersecurity operations, architecture, and incident response
- Proven experience managing and developing high‑performing security teams
- Strong knowledge of security frameworks and standards, including:
- NIST 800-53 (Security and Privacy Controls)
- NIST 800-61 (Computer Security Incident Handling Guide)
- CIS 18 Critical Security Controls
- Experience with and deep understanding of enterprise level security platforms, including technologies and relevant solutions such as the Palo Alto security ecosystem
- Demonstrated ability to operate in a rapidly changing, high‑threat environment with the proven ability to quickly pivot as conditions change during cyber events
- Expertise in system design and security architecture, with a focus on minimizing risk while achieving operational requirements
- Ability to design around insecure customer, vendor, and contractor new system requests to maintain a high level of security
- Strong understanding of:
- Security processes and governance
- Documentation and development of standard operating procedures (SOPs)
- Incident response planning, management, and execution
- Experience handling sensitive investigative requests, including collaboration with:
- Human Resources
- County Counsel/Attorney
- District Attorney and law enforcement agencies
- Excellent judgment, communication skills, and the ability to balance technical and organizational priorities
- Lead and manage cybersecurity operations across multiple critical security domains
- Direct and oversee incident response efforts, including major cybersecurity events
- Maintain numerous comprehensive incident response plans and coordinate/conduct annual response training
- Guide the design and implementation of secure system architectures, ensuring risk is minimized
- Establish and maintain standard operating procedures (SOPs) and security processes
- Oversee the administration and effectiveness of enterprise security tools and technologies
- Ensure alignment with security frameworks, policies, and regulatory requirements
- Respond to and support investigative requests (criminal and non‑criminal) in coordination with internal and external partners
- Collaborate with cross‑functional teams to strengthen the organization's overall security posture
- Stay ahead of emerging threats, adapting strategies in response to evolving attack methods
- Responsible for managing the security team, security operations, associated technologies including network security, incident management, threat assessments, endpoint security, vendor reviews, and security architecture.
- Serve as the main point of contact for county wide security initiatives and communications working with each partner agency and core county resources.
- Remediating security as a result of cybersecurity incidents, audit findings, or agency related compliance reviews.
- Manage and participate in the administration and maintenance of department…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).