IS Manager II - Security (Open and Promotional)

Description

We are seeking a highly experienced and adaptable IS Manager II - Security to lead a critical cybersecurity program within a fast-paced, constantly evolving threat landscape. This role oversees a team of cybersecurity professionals and is responsible for protecting the organization's systems, data, and infrastructure against increasingly sophisticated threats.

This position requires a leader who can operate effectively in a dynamic, high-risk environment, where cyber threats evolve rapidly and require both proactive strategy and reactive response. You will play a key role in shaping security architecture, leading incident response efforts, and ensuring compliance with industry standards and regulatory frameworks.

The IS Manager II - Security will directly manage a supervisor and a team of four security engineers, as well as a full-time investigative and compliance resource, providing leadership, direction, and oversight across multiple critical security domains.

The ideal candidate will bring:

• 5+ years of management experience over Cybersecurity related staff and projects
• Advanced experience with firewalls, IDS, IDPS, SIEM, SOAR, host protections
• Security compliance experience related to CJIS, PCI, and IRS 1075
• Deep, hands-on expertise in cybersecurity operations, architecture, and incident response
• Proven experience managing and developing high-performing security teams
• Strong knowledge of security frameworks and standards, including:
  • NIST 800-53 (Security and Privacy Controls)
  • NIST 800-61 (Computer Security Incident Handling Guide)
  • CIS 18 Critical Security Controls
• Experience with and deep understanding of enterprise level security platforms, including technologies and relevant solutions such as the Palo Alto security ecosystem
• Demonstrated ability to operate in a rapidly changing, high-threat environment with the proven ability to quickly pivot as conditions change during cyber events
• Expertise in system design and security architecture, with a focus on minimizing risk while achieving operational requirements
• Ability to design around insecure customer, vendor, and contractor new system requests to maintain a high level of security
• Strong understanding of:
  • Security processes and governance
  • Documentation and development of standard operating procedures (SOPs)
  • Incident response planning, management and execution
• Experience handling sensitive investigative requests, including collaboration with:
  • Human Resources
  • County Counsel/Attorney
  • District Attorney and law enforcement agencies
• Excellent judgment, communication skills, and the ability to balance technical and organizational priorities

In this role, you will:

• Lead and manage cybersecurity operations across multiple critical security domains
• Direct and oversee incident response efforts, including major cybersecurity events
• Maintain numerous comprehensive incident response plans and coordinate/conduct annual response training
• Guide the design and implementation of secure system architectures, ensuring risk is minimized
• Establish and maintain standard operating procedures (SOPs) and security processes
• Oversee the administration and effectiveness of enterprise security tools and technologies
• Ensure alignment with security frameworks, policies, and regulatory requirements
• Respond to and support investigative requests (criminal and non-criminal) in coordination with internal and external partners
• Collaborate with cross-functional teams to strengthen the organization's overall security posture
• Stay ahead of emerging threats, adapting strategies in response to evolving attack methods

Examples Of Duties

Duties may include, but are not limited to, the following:

• Responsible for managing the security team, security operations, associated technologies including but not limited to network security, incident management, threat assessments, endpoint security, vendor reviews, and security architecture.
• Serve as the main point of contact for county wide security initiatives and communications working with each partner agency and core county resources.
• Remediating security as a result of cybersecurity incidents, audit findings, or agency related compliance reviews.
• Manage and participate in the administration and maintenance of department specific business applications and platforms; evaluate, participate in, and manage information technology and business process redesign; evaluate, select, and recommend departmental applications; establish support processes to ensure availability of application and database services.
• Plan, manage, and oversee the daily functions, operations, and activities of assigned information services programs.
• Participate in the development and implementation of goals, objectives, policies, and strategic and project priorities for assigned programs; recommends within departmental policy, appropriate service and staffing levels; recommends and administers policies and procedures.
• Participate in the development, administration, and oversight of assigned budgets.
• Develop and standardize procedures and methods to improve and continuously monitor the efficiency and effectiveness of assigned programs, service delivery methods, and procedures; assess and monitor workload, administrative, and support systems, and internal reporting relationships; identify opportunities for improvement and make recommendations as needed.
• Participate in the selection of, train, motivate, and evaluate assigned personnel; work with employees to correct deficiencies; work with manager and Human Resources to recommend related disciplinary actions.
• Oversee special projects as assigned.
• Oversee the development of consultant requests for proposals and qualifications for professional services; evaluate proposals and recommend project award; develop, negotiate, and review contract terms and amendments; ensure contractor compliance with County and department standards and specifications.
• Provide highly complex staff assistance to TSD Management.
• Perform other duties as assigned.

Qualifications
Education and Experience:
Any combination of education and experience that would likely provide the required knowledge, skills and abilities is qualifying. A typical way to qualify is:

Three (3) years of increasingly responsible experience in systems development or programming; including one (1) year in a project lead capacity.

Knowledge of:

• Advanced principles and practices of program management, including planning, implementation, and evaluation.
• Job planning and prioritizing techniques.
• Information management platforms and systems.
• Principles and techniques of advanced systems analysis and design.
• Supervisory principles and practices, including work planning and evaluation, project management, scheduling, and training.
• Principles of budget preparation and monitoring.
• Principles of personnel training, supervision, and evaluation.
• Data processing principles, concepts, and terminology.
• Methods and practices of computer system design, programming and implementation.
• Structuring techniques for efficient program construction and maintenance.
• Tools and methods used to standardize and facilitate system design and project management.
• Current technologies for systems design and delivery.
• Phases of software life cycles.
• PERT and/or CPM or other project scheduling methodology.
• Cost estimating and cost/benefit analysis.
• Principles of personnel training, supervision and evaluation.

Skill/Ability to:

• Plan, organize and coordinate programs and services on a comprehensive, county-wide level to meet customer needs.
• Coordinate program area activities with other County departments, programs and/or outside agencies.
• Integrate a variety of activities and services to achieve program goals, objectives and priorities.
• Work cooperatively with other County departments and public and private organizations.
• Analyze problems accurately, develop recommendations and take appropriate action to resolve them.
• Prepare complex and detailed written reports, procedures, grant applications and contracts.
• Use initiative and sound independent judgement within established procedural guidelines.
• Maintain accurate records and files.
• Organize work, set priorities, and meet critical deadlines.
• Establish and maintain effective working relationships with those contacted in the course of the work.
• Utilize appropriate interpersonal style and methods of communication to gain acceptance, cooperation, or agreement of a plan, activity, and/or program idea.
• Communicate effectively both orally and in writing.
• Analyze complex operational, programming and systems problems, evaluate alternatives and reach sound conclusions.
• Plan, schedule and manage large-scale projects.
• Identify critical paths and jeopardies.
• Negotiate agreement between differing individuals and groups of individuals.
• Supervise, evaluate and train assigned personnel.

Application/Examination

Open and Promotional. Anyone may apply. Current County of San Mateo and County of San Mateo Superior Court of California employees with at least six months (1040 hours) of continuous service in a classified regular, probationary, or extra-help/limited term position prior to the final filing date will receive five points added to their final passing score on this examination.

This is a continuous recruitment which may close at any time. The final filing date will be posted five days in advance on this job announcement.

A supplemental application form must be submitted in addition to our regular employment application form. Resume or CV will not be accepted as a substitute for the required employment application and supplemental questionnaire.

The examination process will consist of an application screening (pass/fail) based on the candidates' application and responses to the supplemental questions. Candidates who pass the application screening will be invited to a panel interview (weight: 100%). Depending on the number of applicants, an application appraisal of education and experience may be used in place of other examinations or further evaluation of work experience may be conducted to group applicants by level of qualification . All applicants who meet the minimum qualifications are not guaranteed advancement through any subsequent phase of the examination. All examinations will be given in San Mateo County, California and applicants must participate at their own expense.

IMPORTANT: Applications for this position will only be accepted online . If you are currently on the County's website, you may click the "Apply" button . If you are not on the County's website, please go to https://jobs.smcgov.org to apply. Online applications must be received by the Human Resources Department before midnight on the final filing date.

TENTATIVE RECRUITMENT SCHEDULE
Final Filing Date: Continuous until filled
Screening: TBD
Combined Panel Interviews: TBD

About the County
San Mateo County is centrally located between San Francisco, San Jose, and the East Bay. With over 750,000 residents, San Mateo is one of the largest and most diverse counties in California and serves a multitude of culturally, ethnically, and linguistically diverse communities.

The County of San Mateo, as an employer, is committed to advancing equity to ensure that all employees are welcomed in a safe and inclusive environment. The County seeks to hire, support, and retain employees who reflect our diverse community. We encourage applicants with diverse backgrounds and lived experiences to apply. Eighty percent of employees surveyed stated that they would recommend the County as a great place to work.

The County of San Mateo is an equal opportunity employer committed to fostering diversity, equity, and inclusion at all levels.



HR Contact: Arlene Cahill (IS Manager II - D115)

• 

• County of San Mateo Human Resources Department

Show more