CITY OF RIVERSIDE, CA Riverside, CA, United States
Oct 21, 2020Full Time
The Position The City of Riverside seeks an experienced Chief Innovation Security Officer (CISO) to direct and oversee Innovation and Technology (IT) Security programs and operations Citywide; including the member owned Riverside Public Utilities Department with a separate Board of Directors. The CISO will set the City's cyber security vision, develop policy, mitigate risk, train others on security policies and practices, ensure systems and data are working and be an IT security business partner for our 17 departments, Chief Innovation Officer, and executive leaders. The ideal candidate will be a hands-on participative leader with extensive experience writing and optimizing IT security policy and procedures, mitigating risk, and serving as a subject matter expert and business partner to the organization. Our CISO should be creative, agile, flexible, and forward thinking to stay on the forefront of IT security. The City of Riverside is nationally recognized for the innovative technology services provided to its constituents, if you are looking to join a forward-thinking organization in a unique and expanding urban center, this is the job for you! IDEAL CANDIDATE The ideal candidate will be a hands-on participative leader with extensive experience writing and optimizing IT security policy and procedures, mitigating risk, and serving as a subject matter expert and business partner to the organization. Our CISO should be creative, agile, flexible, and forward thinking to stay on the forefront of IT security. We are looking for solutions-oriented business partner that finds ways to say "yes" and will unite the department and City under a single mission and vision to elevate security strategy. Our idealCISO will also be able to: Assess multiple data types and various IT systems and architectures, and identify how major systems and applications interconnect and apply defense in depth security best practices. Review and measure system dependencies, confidentiality, integrity and availability to identify value systems and controls needed to protect the systems at the appropriate level. Recommend cyber security policy that is tailored to address business operational needs and unique system and data considering context, regulatory compliance and appropriate levels of risk. Present IT risk findings and mitigation strategies to system owners and ensure remediation. Provide industry best practices, lending expertise crafting new/updated cyber security policy. Incorporate local, state and federal regulations when developing cyber security policy, RFP scopes, technology architecture design and recommendations (e.g., HIPAA, CJIS, etc.). Develop an organization-wide information technology security strategic plan. Conduct regular internal/external learning and training sessions to educate staff and stakeholders regarding IT cyber security practices, policy, and how to identify, mitigate and manage risk. Provide security oversight, technical guidance, escalations and strategies to technical and business users to improve security, mitigate threats and protect the City's data and technology infrastructure. Leadership/Interpersonal: Collaborate with and advise department heads and City leaders on all information security related matters. Ensure that awareness for cyber security is promoted and taught throughout the organization. Be an influential leader to move projects forward past technical and business challenges and barriers. Demonstrate innovation, achieve client goals and have a strong customer service orientation. Bring new ideas, make things happen, and be a transformational thinker and leader. Balance technological savvy with strong interpersonal skills to communicate effectively and build positive relationships and trusts with others. Be self-directed, motivated, detail oriented and flexible. FOR MORE INFORMATION, PLEASE SEE THE RECRUITMENT BROCHURE . HOW TO APPLY This is an open continuous recruitment; applications will be reviewed until the needs of the City are met. Apply by completing an application to https://wbcpinc.com/job-board/ and attaching your cover letter and resume. Please contact your recruiter, Wendi Brown, with any questions: Email to: email@example.com 541-664-0376 866-929-WBCP (9227) Save the Dates: Interview dates are November 17th and 18th (candidates selected to interview will need to be available for both days). Work Performed Some of the City's innovative programs include: Access our virtual, 24/7 City Hall at https://riversideca.gov/ where almost all citywide services are available and offered online. An advanced Traffic Management Center to monitor bottlenecks in real-time. Leading edge mobile applications such as: Explore Riverside - a visitor and tourist friendly app. 311 Riverside - an app where community constituents can report issues: graffiti, potholes, etc. Riverside Tour Guide - a fun and technically advanced way to explore the monuments along Main Street. Reverse 911 - a solution to notify citizens about power outages and emergencies. THE JOB The CISO will articulate security risks, form and direct policy, lead short- and long-term security strategies, direct disaster recovery and business continuity plans, and create a culture of awareness and appreciation for cyber security/cyber hygiene by developing and implementing curriculum and training organization-wide. This position also develops and directs information security (cyber security) programs, architecture, vendors and policies that protect the City's information, digital and physical assets. The CISO is an at-will position that reports to the Chief Innovation Officer (CIO), and oversees an approximate budget of $750K and a security analyst, with dotted-line security oversight of all information technology staff and Citywide technology. We are looking for a highly experienced technical and strategic leader with exposure to more than one of the following regulations: Payment Card Industry (PCI), Critical Infrastructure Protection (CIP), Health Information Privacy and Portability Act (HIPPA), and/or Criminal Justice Information systems (CJIS). Riverside IT's Upcoming Challenges/Opportunities: Optimize the security information event management system within the Microsoft 365 rollout. Design and implement IT security as we rebuild our entire network, including implementing device posture assessment, micro-segmentation and security zones. Redesign the City's internet perimeter. Lead replication, redundancy and disaster recovery systems for an active/active data center that is currently being built using software defined firewalls, networking and data center Redesign SCADA systems. Implement unsupervised machine learning that recognizes threats. Under general direction of the Chief Innovation Officer, direct citywide information security and cyber security programs that are designed to provide the protection and confidentiality of data, along with other information assets of the City of Riverside; and perform other related duties as required. When assigned to the Innovation and Technology Department, typical duties may include, but are not limited to, the following: Oversee the development and implementation of Citywide information security policies and procedures to protect the City from internal and external information technology threats and vulnerabilities Direct the preparation of short and long-term strategies for optimizing the City's Information Security Plan, and formulate and recommend citywide policies for detecting, deterring, and mitigating information security threats. Direct and participate in the identification of security risks, development, and implementation of security management practices, and the measurement and monitoring of security protection measures. Review and recommend the professional development curriculum for City's Innovation and Technology, security and privacy staff to ensure adequate and appropriate training standards in information security and protection measures, and coordinate related training and awareness programs. Direct the development and promotion of security and privacy awareness training and education for all levels of the City's organization structure on an ongoing basis. Participate in the development and implementation of disaster recovery and business continuity plans, to ensure that appropriate information technology security measures are addressed. Participate in the development, implementation, and compliance monitoring of IT security agreements, business associate agreements, chain-of-trust agreements, Memoranda of Understanding (MOUs), and similar documents that involve access to or exchange of City information to ensure all security concerns are addressed. Lead vendor activities, write and evaluate proposals, and negotiate contracts for citywide information security related software, equipment and services, and present recommendations for funding and approvals to the Chief Innovation Officer. Respond to and assist in due diligence and audit requests. Conduct periodic departmental cyber security audits. Ensure that technology decisions made are compliant with enterprise security architecture. Collaborate with City Departments on security solutions. Participate in systems design to ensure implementation of appropriate cyber security policies. Respond to network and system intrusive activity and analyze network traffic and system logs to determine corrective action and implement countermeasures. Manage a computer crime or incident scene, including recognition of the proper investigative approach, conducting a field of search to establish probable cause for seizure, proper collection methods, evidence preservation, transportation, analysis, and case management. When assigned to the Public Utilities Department, typical duties may include, but are not limited to, the following: Establish information security system design requirements and policies for operational technology to meet emerging needs, regulatory standards, and insurance requirements. Work with Innovation and Technology and departmental managers and staff to improve systems security for a range of operational technology platforms and technologies. Lead operational technology responses to major security incidents and required reporting; coordinate legal reviews and the consideration of liability for security actions as part of technology compliance. Conduct strategic capability assessments to review internal and external operational technology security processes, tools, and industry resources and to identify strengths, weaknesses, opportunities, and security threats within the workplace. Evaluate and prioritize operational technology cyber security threats and issues and impacts upon user capabilities within assigned operations and affecting assets and resources. Demonstrate experience with all stages of enterprise applications, networks, server infrastructure, SCADA, OT and security systems life-cycle management. Work collaboratively with the Innovation Security Officer to improve security and protect OT and City demarcation points. Guide and develop personnel in strengthening operational technology systems to reduce cyber threats and improve security practices on a daily basis. Direct the development and promotion of security and privacy awareness education for all levels of management and staff within the utility. Prepare reports and make presentations to senior management and elected representatives related to operational technology security practices and operational technology security threats and incidents. Lead and participate in regional and industry planning councils to gain insights into the latest trends and technology applications and promote community and industry engagement. Research and recommend products, applications, and processes to meet user needs in a cost effective manner. May train assigned personnel, explain work procedures and methods, resolve technical problems, and conduct performance evaluations and may participate in the selection of new employees. Qualifications Recruitment Guidelines: Option I: Education: Equivalent to a Bachelor's degree from an accredited college or university with major study in cyber security administration, information technology, computer science, or a related field. A Master's degree may substitute for one year of the required experience. Experience: Eight years of progressively responsible information security, server and network security, and information technology experience, including intrusion detection and prevention systems, and preferably involving regulated industries and/or public organizations, and supervisory accountability. Option II: Education : Associate's Degree from an accredited college or university with major study in cyber security administration, information technology, computer science, or a related field. Experience : Tenyears of progressively responsible information security, server and network security, and information technology experience, including intrusion detection and prevention systems, and preferably involving regulated industries and/or public organizations, and supervisory accountability. Highly Desired Qualifications: Preferred Certifications : Chief Information Security Officer (CISO) Information Systems Security Professional (CISSP) Information Infrastructure Library (ITIL) GIAC Information Security Computer Security Incident Response (CSIRT) Preferred Experience and Education: Experience in a regulated industries and/or public agency. Supervisory accountability. Master's degree in information security, or a related field. Any equivalent combination of experience and training which provides the knowledge and abilities necessary to perform the work may be considered. Necessary Special Requirement: Possession of an appropriate, valid class "C" California Motor Vehicle Operator's License.