Cyber Resilience Manager

CAREER DESCRIPTION


Cyber Resilience Manager

(Technology Services Manager, Senior)

In addition to performance-based merit increases, this position is scheduled to receive salary range increase on the following date:

Effective June 27, 2025 - 4.00% increase

Salary may be negotiable within the range listed above, based on position requirements and successful candidate's qualifications, subject to appropriate authorization.

OPEN TO THE PUBLIC

This recruitment will establish an open eligible list that will be used to fill current and future Technology Services Manager, Senior positions. The eligible list established may also be used to fill positions in similar and/or lower classifications throughout the County of Orange.

DEADLINE TO APPLY
This recruitment will be open for a minimum of five (5) business days and will close Monday, August 5, 2024 at 11:59PM (PST).

ORANGE COUNTY INFORMATION TECHNOLOGY
The mission of Orange County Information Technology (OCIT) is to provide innovative, reliable, and secure technology solutions that support County departments in the delivery of quality public services. OCIT provides IT solutions across County departments for voice communications, network services, application support, service desk, desktop support, as well as data center services.

Click here for more information on OCIT
Click here for more information on the County of Orange.

THE OPPORTUNITY
The purpose of this vital and interactive role is to provide a broad range of subject matter expertise on Information Security Risk areas. The Cyber Resilience Manager provides oversight regarding the first line of defense for all County of Orange IT systems and data. The incumbent will work with and for the Chief Information Security Officer and provides Information Security Risk Governance strategies, frameworks, policies, and standards to support the County of Orange.

The Cyber Resilience Manager duties and responsibilities include the following:

• Providing technical and best practice guidance on Information Security Risk to the business based on specific platform and County complexities and issues.
• In collaboration with other groups, performing reviews and Information Security Risk assessments (application, third party) including deep dive assessments, scenario analysis, and new product or change initiative assessments.
• Providing expert advisory on National Institute of Standards and Technology (NIST) Information Security Risk framework, policies, standards and guidelines to a complex level and contribute to their development where appropriate.
• Developing and maintaining key Information Security Risk Management relationships in order to provide advice and oversight on new initiatives.
• Overseeing various cybersecurity audit processes in accordance with the different compliance requirements of County departments and penetration testing efforts.
• Contributing to reports on the County's business platform Information Security Risk profile including application, infrastructure and third party.
• Overseeing day-to-day multi-vendor information Security Risk Management operations for Orange County's enterprise security environment.
• Engaging the Chief Information Officer, Chief Information Security Officer, and County IT managers for Disaster Recovery and IT continuity, infrastructure, data quality, performance and scalability, and change management and development practices to obtain technical domain advice as appropriate.
• Providing input into the setting of risk appetite based on platform specific differences and specific considerations.
• Reviewing security and control processes along with associated documentation and reports.
• Promoting a risk-aware culture and communicating best practices to County business and IT contacts.
• Researching and leveraging information on current threats to focus County's business and IT programs on emerging risk themes and issues.
• Engaging County IT teams to assist with the prevention of complex emerging global threats, vulnerabilities, malware, data loss and intrusion attempts.
• P roviding advice and guidance regarding use of security tools, such as cryptography, identity and access management tools and services, single sign-on, authentication and authorization, security monitoring and compliance, end point security, anti-virus and intrusion detection and prevention services.
• Conducting reviews and oversight of risk processes and tools such as logical access and data loss prevention to identify and simplify key risk trends, themes, and opportunities.

DESIRABLE QUALIFICATIONS & CORE COMPETENCIES
In addition to the minimum qualifications, the ideal candidate will demonstrate at least four (4) years of experience as an Information Security Risk Manager/Analyst, responsible for selection, development, and deployment of Information Security Risk solutions to address business requirements.
Although not required the desirable candidate will possess a Bachelor's degree in Computer Science, Information Systems or closely related field from an accredited college or university (a Master's degree is preferred).

Possession of current Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Auditor (CISA) is required.

In addition to above, the ideal candidate will possess extensive experience and/or knowledge in the following:

Technical Knowledge/Experience

• Understanding Information Technology and applying advanced methodologies, principles, and concepts to coordinate major projects
• Understanding of information security architecture, information security technologies, tools, appliances, practices and controls
• Understanding of cybersecurity audit process, and familiarity with different compliance audit rules such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), FBI Criminal Justice Information Systems (CJIS) Security Policy, etc.
  
• Utilizing project management methodology
  
• Utilizing information security architecture, information security technologies, tools, practices, and controls
  
• Using mobile computing applications, controls, appliances, management, and deployment
  
• Understanding and using desktop support and help desk operations
  
• Applying system analysis concepts and principles
  
• Developing technical statements of work that will be leveraged to create request for proposals in support of contracted services.
  
• Managing multi-million dollar budgets and large portfolios of associated contracts.
  

Leadership Skills/Interpersonal Skills

• Managing and evaluating the work of staff, service providers, and vendors
• Maintaining excellent interpersonal relationships with executive staff, clients and external vendors
• Proactively oversee the implementation and application of security best practices and policies
• Establishing effective working relationships with management, employees, employee representatives and the public.

Oral/Written Communication Skills

• Communicating consistently with clients to ensure service-related requirements are being met to their satisfaction
• Discussing and conveying complex Information Security Risk concepts and terminology with both technical and non- technical staff at all levels within and outside the County
• Implementing and acting as an advocate for Information Security Risk management best practices and security awareness
• Writing and presenting succinct and informative communication, which conveys clear and concise meaning
• Developing clear requirements for internal Information Technology staff and third-party vendors
• M arketing new concepts and championing change
• Communicating consistently with client to ensure service related requirements are being met to their satisfaction

Problem Solving/Strategic Thinking

• Proactively thinking and communicating in a strategic manner
• Proactively detecting problem areas and recommending/implementing solutions Accurately identifying issues, impacts, and solutions
• Strategically developing plans for secure, cloud-based services
• Fostering an innovative, collaborative, success-oriented team environment
• Planning, developing, establishing, monitoring and maintain Information Security Risk strategies, processes and control techniques
• Recommending, evaluating, and testing complex security systems
• Coordinating and managing complex Information Security projects

MINIMUM QUALIFICATIONS
Please click here for details on this classification, including the physical, mental, environmental and working conditions.

SPECIAL REQUIREMENT | CERTIFICATION
Possession of current Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Auditor (CISA) is required.

SPECIAL REQUIREMENT | BACKGROUND INVESTIGATION
Part of the selection process for positions within the County of Orange supporting th e Probation Department requires that all candidates undergo an extensive background investigation process, to the satisfaction of the Department. Candidates must successfully clear prior to the start of their employment. All employment offers are contingent upon successful completion of a background investigation.

RECRUITMENT PROCESS
Human Resource Services (HRS) will screen all application materials to identify qualified applicants. After screening, qualified applicants will be referred to the next step and notified of all further procedures applicable to their status in the competition.

Application Screening (Refer/Non-Refer)
Applications and supplemental responses will be screened for qualifications that are highly desirable and most needed to successfully perform the duties of this job. Only those applicants that meet the qualifications as listed in the job bulletin will be referred to the next step.

Structured Oral Interview (Weighted 100%)
Applicants will be interviewed and rated by an oral interview panel of job knowledge experts. Each applicant's rating will be based on responses to a series of structured questions designed to elicit the applicant's qualifications for the job. Only the most successful candidates will be placed on the eligible list.

Eligible List
Once the assessment has been completed, HRS will establish an eligible list of candidates. Candidates placed on the eligible list may be referred to a selection interview to be considered for present and future vacancies. Based on the County's needs, the selection procedures listed above may be modified. All candidates will be notified of any changes in the selection procedure.

Veterans Employment Preference Policy (VEPP)
T he County is committed to providing a mechanism to give preferential consideration in the employment process to veterans and their eligible spouses and will provide eligible participants the opportunity to receive interviews in the selection process for employment and paid internship openings. Please clic k here (Download PDF reader) to review the policy.

ADDITIONAL INFORMATION

Please see below for important information regarding COVID-19 related recommendations.

Effective April 3, 2023, it is strongly recommended that County employees working in health care settings and correctional facilities follow vaccination and booster guidelines provided by the California Department of Public Health (CDPH) and the Centers for Disease Control and Prevention (CDC). Please click here to see the latest guidance for more details.

EMAIL NOTIFICATION
Email is the primary form of notification during the recruitment process. Please ensure your correct email address is included in our application and use only one email account.

NOTE: User accounts are established for one person only and should not be shared with another person. Multiple applications with multiple users may jeopardize your status in the recruitment process for any positions for which you apply.

Candidates will be notified regarding their status as the recruitment proceeds via email through the GovernmentJobs.com site. Please check your email folders, including spam/junk folders, and/or accept emails ending with "governmentjobs.com" and "ocgov.com." If your email address should change, please update your profile at www.governmentjobs.com .

FREQUENTLY ASKED QUESTIONS

Click here for additional Frequently Asked Questions.
For specific information pertaining to this recruitment, contact Aniko Ruha at aniko.ruha@ocgov.com or (714) 834-7370.

EEO INFORMATION

Orange County, as an equal employment opportunity employer,
encourages applicants from diverse backg rounds to apply.

Administrative Management *
In addition to the County's standard suite of benefits -- such as a variety of health plan options, sick and vacation time and paid holidays -- we also offer an excellent array of benefits such as:

• Retirement: Benefits are provided through the Orange County Employees' Retirement System (OCERS). Please go to the following link to find out more about Defined Benefit Pensions and OCERS Plan Types/Benefits.
  http://www.ocers.org/active-member-information .
• Paid Leave: Twelve holidays per year plus sick and vacation time
• Health & Dependent Care Reimbursement Accounts
• Dental Insurance: County pays 100% of employee and dependent premiums
• Paid Life Insurance: $100,000 life insurance policy
• Paid Accidental & Death and Dismemberment Insurance: $100,000 AD&D insurance policy
• Paid Short & Long Term Disability insurance programs
• 457 Defined Contribution Program

*Effective 07/01/20, management employees who are sworn Public Safety Managers receive health insurance benefits through the AOCDS Medical Benefit Plans.

Click here for information about benefits offered to County of Orange employees.

Closing Date/Time: 8/5/2024 11:59 PM Pacific

, California United States View Map