Information Security Compliance & Audit Manager

CAREER DESCRIPTION

Information Security Compliance & Audit Manager


(Technology Services Manager)

Salary may be negotiable within the applicable range of the classification and successful candidate's qualifications, subject to appropriate authorization.

OPEN TO THE PUBLIC
This recruitment will establish an open eligible list that will be used to fill current and future Technology Services Manager positions. The eligible list established may also be used to fill positions in similar and/or lower classifications throughout the County of Orange.

DEADLINE TO APPLY
This recruitment will be open for a minimum of five (5) business days and will close on
Sunday May 17, 2026 at 11:59pm (PST).

ORANGE COUNTY INFORMATION TECHNOLOGY
The mission of Orange County Information Technology (OCIT) is to provide innovative, reliable, and secure technology solutions that support County departments in the delivery of quality public services. OCIT provides IT solutions across County departments for voice communications, network services, application support, service desk, desktop support, as well as data center services.

Click here for more information on OCIT.
Click here for more information on the County of Orange.

THE OPPORTUNITY
The Orange County Information Technology (OCIT) Countywide Services is seeking an experienced and dynamic manager who will provide audit support, vendor security risk assessment, and PCI (Payment Card Industry) compliance management. The Information Security Compliance & Audit Manager (Technology Services Manager) serves as the enterprise owner of OCIT's centralized audit coordination services and is the County's primary liaison for IT audits, security assessment, external auditors, vendors, and internal stakeholders. This position requires strong analytical and comprehension skills with written and communication experience.

The Information Security Compliance & Audit Manager's duties and responsibilities include the following:

• Working in a multidisciplinary IT environment, including IT teams and coordinating efforts to meet audit requirements.
• Serving as the primary audit liaison and advocate between internal stakeholders and OCIT, fostering strong partnerships and ensuring effective communication across organizations.
• Leading audit planning and execution, communications and escalation paths.
• Providing guidance and recommendations to County departments with PCI audit scoping, executing recurring vulnerability site scans and evaluating new device purchases.
• Explaining and presenting executive-level audit status reporting, trend analysis, and lessons learned to drive continuous improvement.
• Coordinating cross-functional review involving OCIT Security, OCIT Functional Services Team (Server, Desktop, Cloud), OCIT Business Relationship Management Team, Privacy, Legal, Procurement departments
• Ensuring all new technologies and service providers align with County Information security, privacy, and procurement requirements.
• Facilitating the Countywide Security Review & Approval (SRA) process for new technologies, cloud services, SaaS platforms, and third-party vendors.
• Conducting security and privacy evaluations of vendor solutions to meet County security compliance.
• Leading the development of training materials and facilitating training sessions and workshops.
• Maintaining a centralized vendor risk inventory within the GRC (Governance, Risk and Compliance) platform, Optro.
• Utilizing project organization management including scheduling, milestones, deliverables to achieve successful outcomes.
• Making policy and business decisions using sound judgement and risk management.
• Traveling throughout Orange County and attending staff meetings as needed, along with performing related duties as assigned.

DESIRABLE QUALIFICATIONS AND CORE COMPETENCIES
In addition to the minimum qualifications, the ideal candidate will possess at least three (3) years of work experience performing audit support, IT audits, IT compliance, PCI DSS (Payment Card Industry Data Security Standard), or a combination of the above.

A certification in one of the following is preferred but not required:

• CISA: Certified Information System Auditor
• CISSP: Certified Information Systems Security Professional
• CRISC: Certified in Risk and Information Systems Control
• PCI ISA: Internal Security Assessor or equivalent

The ideal candidate will have experience in the following competencies:

Technical Knowledge | Technical Experience

• Analyzing, administering, and maintaining information security architecture, information security technologies, tools, appliances, practices and controls
• Understanding Information Technology and applying advanced methodologies, principles, and concepts to coordinate major projects
• Understanding of audit coordination, audit readiness, and audit remediation management
• Understanding of PCI (Payment Card Industry Data Security Standard) 4.0.1 requirements, assessment methodologies, and validation processes
• Utilizing risk management and internal control frameworks applicable to public-sector and regulated environments
• Utilizing technical project management methodology
  
• Evaluating and monitoring Information Security Risk strategies to maintain efficiency, accuracy, and compliance
  
• Utilizing GRC (Governance, Risk and Compliance) and service management platforms (i.e. Optro, ServiceNow), evidence repositories (i.e. SharePoint), and security tooling outputs (i.e. vulnerability management, SIEM)
• Understanding payment technologies, cardholder data environments, and secure system architectures
• Working knowledge and familiarity with HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), CJIS Security Policy (Criminal Justice Information Services), NIST Cybersecurity Framework & NIST SP-800 Series

Leadership Skills

• Acting as a department liaison for Information Security Risk management best practices and security awareness
• Working collaboratively and establishing rapport with staff, managers, and people across County departments
• Acting as the department liaison and providing accurate information related to IT audits, IT security compliance, operations, and programs
• Leading training sessions and workshops to non-IT business users
• Building and maintaining positive forward focused customer-oriented work environments

Oral | Written Communication Skills

• Preparing and orally presenting program training and support information to various groups
• Communicating, coordinating, and collaborating with County agencies to ensure effective service delivery
• Translating and developing technical findings into clear, actionable reports and documentation for non-technical stakeholders

LICENSE REQUIREMENT
Possession of a California Class C Driver License is Required.

MINIMUM QUALIFICATIONS
Please click here for details on this classification, including the physical, mental, environmental and working conditions.

SPECIAL REQUIREMENT | BACKGROUND INVESTIGATION
Part of the selection process for positions within Orange County Information Technology (OCIT) requires that all candidates undergo an extensive background investigation process, to the satisfaction of the Department. Candidates must successfully clear prior to the start of their employment. All employment offers are contingent upon successful completion of a background investigation.

RECRUITMENT PROCESS
Human Resource Services (HRS) will screen all application materials to identify qualified applicants. After screening, qualified applicants will be referred to the next step and notified of all further procedures applicable to their status in the competition.

Application Screening (Refer/Non-Refer)
Applications and supplemental responses will be screened for qualifications that are highly desirable and most needed to successfully perform the duties of this job. Only those applicants that meet the qualifications as listed in the job bulletin will be referred to the next step.

Structured Oral Interview | SOI (Weighted 100%)
Applicants will be interviewed and rated by an oral interview panel of job knowledge experts. Each applicant's rating will be based on responses to a series of structured questions designed to elicit the applicant's qualifications for the job. Only the most successful candidates will be placed on the eligible list.

Eligible List
Once the assessment has been completed, HRS will establish an eligible list of candidates. Candidates placed on the eligible list may be referred to a selection interview to be considered for present and future vacancies.

Based on the Department's needs, the selection procedure listed above may be modified. All candidates will be notified of any changes in the selection procedure.

Veterans Employment Preference
The County is committed to providing a mechanism to give preferential consideration in the employment process to veterans and their eligible spouses and will provide eligible participants the opportunity to receive interviews in the selection process for employment and paid internship openings. Please click here to review the policy.

ADDITIONAL INFORMATION

EMAIL NOTIFICATION
Email is the primary form of notification during the recruitment process. Please ensure your correct email address is included in our application and use only one email account.

NOTE: User accounts are established for one person only and should not be shared with another person. Multiple applications with multiple users may jeopardize your status in the recruitment process for any positions for which you apply.

Candidates will be notified regarding their status as the recruitment proceeds via email through the GovernmentJobs.com site. Please check your email folders, including spam/junk folders, and/or accept emails ending with "governmentjobs.com" and "ocgov.com." If your email address should change, please update your profile at www.governmentjobs.com.

FREQUENTLY ASKED QUESTIONS

Click here for additional Frequently Asked Questions.

For specific information pertaining to this recruitment, contact Joanna Xue at joanna.xue@ceo.oc.gov or (714)-834-7338.

EEO INFORMATION

Orange County, as an equal employment opportunity employer,
encourages applicants from diverse backgrounds to apply.

Administrative Management *
In addition to the County's standard suite of benefits -- such as a variety of health plan options, sick and vacation time and paid holidays -- we also offer an excellent array of benefits such as:

• Retirement: Benefits are provided through the Orange County Employees' Retirement System (OCERS). Please go to the following link to find out more about Defined Benefit Pensions and OCERS Plan Types/Benefits.
  http://www.ocers.org/active-member-information.
• Paid Leave: Twelve holidays per year plus sick and vacation time
• Health & Dependent Care Reimbursement Accounts
• Dental Insurance: County pays 100% of employee and dependent premiums
• Paid Life Insurance: $100,000 life insurance policy
• Paid Accidental & Death and Dismemberment Insurance: $100,000 AD&D insurance policy
• Paid Short & Long Term Disability insurance programs
• 457 Defined Contribution Program

*Effective 07/01/20, management employees who are sworn Public Safety Managers receive health insurance benefits through the AOCDS Medical Benefit Plans.

Click here for information about benefits offered to County of Orange employees.

Closing Date/Time: 5/17/2026 11:59 PM Pacific

• 

• County of Orange

• 714.834.5315

Show more