IT Deputy Director - Information Security

As the head of Information Security for Tulare County, the incumbent will be responsible for managing design, development, implementation, operation, and maintenance of the County’s enterprise information security program. This will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.

This classification is in the non-competitive service of the County and, as such, is appointed by and serves at the will of the Information Technology (IT) Director.

Typical Duties

Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board; creates the necessary internal networks among the information security team and Department Heads, County compliance, audit, physical security, legal, and HR management teams to ensure alignment as required; develops and enhances an up-to-date information security management framework based on frameworks such as: Center for Internet Security (CIS) Critical Security Controls, State of California Cyber Security standards, National institute of Standards and Technology (NIST) Cybersecurity Framework, and/or ISO/IEC 27001; lead the information security function across the County to ensure consistent and high-quality information security management in support of County business objectives; will supervise assigned personnel for the purposes of hiring, determining workload and delegating assignments, training, monitoring, and evaluating performance, and initiating corrective or disciplinary actions; develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the County’s business objectives, ensures senior stakeholder buy-in, and implements mandates; manages the budget for the information security function, monitoring, and reporting discrepancies; will partner with fiscal staff to actively seek out, apply for, and manage relevant cybersecurity grants from State, Local, and Federal agencies such as the State and Local Cybersecurity Grant Program (SLCGP) and the State Homeland Security Grant Program (SHSGP) inclusive of oversight of funds utilized in accordance with the grant’s guidelines and objectives while maintaining detailed records of grant usage and progress; responsible for ensuring the completion of the NCSR, National Cybersecurity Review; liaises with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design; provides regular reporting on the status of the information security program to enterprise risk teams, department heads and the board of supervisors as part of a strategic enterprise risk management program; develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled and/or processed by the organization; works collaboratively with departments to ensure that eDiscovery activities and systems follow best practices and meet regulatory requirements; develops, socializes, and coordinates approval and implementation of security policies; assists with the identification of non-IT managed IT services in use ("citizen IT") and collaborates with departments to bring these services into the scope of the IT function and apply standard controls and rigor to these services; works effectively with departments to facilitate information security risk assessment and risk management processes and empowers them to determine the appropriate balance of risk tolerance for department services.; facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the security program, facilitates appropriate resource allocation, increases the maturity of information security, and reviews it with stakeholders at the executive and board levels; works with compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the county is processed and stored in accordance with applicable Federal, State, and local laws and other regulatory requirements, such as data privacy; manages and contains information security incidents and events to protect county IT assets, intellectual property, regulated data, and the County's reputation; develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the County perimeter; provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls; directs the creation of a targeted information security awareness training program for all employees, contractors, and approved system users, and establishes metrics to measure the effectiveness of this security training program for different audiences; coordinates the development of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security incident; provides direction, support, and in-house consulting in these areas; facilitates and supports the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem. Essential job duties may be assigned that are not listed above but are relative to this job classification.

Minimum Qualifications

MINIMUM QUALIFICATIONS

Minimum qualifications are used as a guide for establishing the education, training, experience, special skills and/or license which are required and equivalent to the following.

Education: Graduation from an accredited four-year college or university with a bachelor’s degree in public administration, Business Administration, Computer Science, or a closely related field with major course work in risk management, information security, information technology or closely related field.

Experience: Four (4) years of experience in a senior leadership role involving administrative management of technology, risk management, and/or information security.

Knowledge of: Relevant legal and regulatory requirements, such as: Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) standards, Criminal Justice Information Services (CJIS), and/or Sarbanes-Oxley Act (SOX); common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework; understanding and application of advanced principles and best practices of system security design, development, analysis and testing; understanding and application of advanced methods and techniques of evaluating information security and developing appropriate solutions; data network security; architecture and design; principles and practices of supervision; methods of long-term strategic technical planning; personnel policies and procedures.

Skill/Ability to: Work and communicate effectively with people of various education and socioeconomic backgrounds by respecting beliefs, interpersonal styles and behaviors of both clients and co-workers; operate contemporary office equipment inclusive of computer, keyboard, and all applicable electronic equipment; excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences.; speak effectively before the Board of Supervisors, committees, and other groups; plan, organize, direct, and evaluate the activities of professional, technical, and administrative support staff; negotiate terms of contracts; prepare clear and comprehensive reports; read and interpret complex legislation and regulations; manage resources of a unit within budget and policy parameters; work effectively in emergency and stressful situations; analyze various complex problems and situations and take an effective course of action; analyze and assess policies and operational needs and make appropriate recommendations; understand highly complex information technology systems and issues; show a high degree of initiative, dependability, and ability to work with little supervision while being resilient to change; ability to professionally handle confidential matters and show an appropriate level of judgement and maturity with a high degree of personal integrity.

License or Certificate: Possession of, or ability to obtain, an appropriate, valid California driver's license.

DESIRABLE EMPLOYMENT STANDARDS (if applicable)

License or Certificate: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Global Information Assurance Certification (GIAC), or other similar credentials.

Education: Master’s degree in Public Administration, Business Administration, Computer Science, or closely related field desirable.

Additional Information

Conditions of Employment
Candidates selected will be required to pass a pre-employment drug and alcohol screening. Additionally, a background investigation may also be conducted, which may include a re-investigation every 10 years for some positions. An Employment Eligibility Verification using E-Verify may be required on the first day of employment for some positions. Some job classes may also require a physical exam.

College Cost Reduction Access Act
This may be a qualifying position for student loan forgiveness through the College Cost Reduction and Access Act (CCRAA). Only student loan payments made after October 1, 2007 and in a qualified repayment plan are eligible. For more information you are encouraged to speak with your student loan servicer or visit : https://studentaid.gov/manage-loans/forgiveness-cancellation/public-service

EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER

Bargaining Unit 11

The information listed is a general summary of benefits. These provisions do not constitute an expressed or implied contract and are subject to change.

Benefit Amount : An annual benefit amount is provided and may be applied towards health insurance premiums(medical, dental, vision andlife) and long-term disability insurance premiums. This benefit is pro-rated and paid on a pay period basis (24 pay periods).

Health Insurance : A choice of PPO and HMOmedical plans which include PPOor HMO dental plans whichinclude dentaland vision coverage. Dependent coverage is available. Providers include Anthem Blue Cross, Kaiser Permanente, Delta Dental, andVision Services Plan (VSP).

Retirement : The retirement plan is a defined benefit plan administered pursuant to the 1937 Act County Employees Retirement Act and integrated with Social Security. In addition to ordinary retirement benefits, the plan provides disability and death benefits. Retirement contributions are made by both the County and the employee. The County has reciprocity with the State of California, contracting PERS agencies, and all County 1937 Act Retirement Systems.

Paid Holiday Leave : 12 set days and 1 personal holiday.

Vacation Accrual :
2 weeks per year (0-3 years of service)
3 weeks per year (3-7 years of service)
4 weeks per year (7-11 years of service)
5 weeks per year (11+ years of service)
Limit of 300 hours .

FLSA exempt employees accrue an additional 5 days of vacation per year.

Sick Leave Accrual : 12 days per year with unlimited accumulation, 48 hours of which may be used toward family sick leave.

Group Term Life Insurance and AD&D : $50,000; Provided by Standard Insurance Company.

Long Term Disability Insurance : A Long Term Disability plan is provided. This provides financial protection for you by paying a portion of your income while you are disabled. Provided by Standard Insurance Company.

Deferred Compensation : A voluntary deferred compensation plan is available.

To view more detailed descriptions of Tulare County's benefits, please view the Benefits section of our Web site at https://tularecounty.ca.gov/hrd/benefits-wellness/health-plans-active-employees/

The Provisions Of This Bulletin Do Not Constitute An Expressed Or Implied Contract And Are Subject To Change.

Closing Date/Time: 12/2/2024 11:59 PM Pacific

• 

• County of Tulare - HR&D

• 559-636-4900

Show more