Chief Information Security Officer

JOB

ABOUT THE ROLE

As a Chief Information Security Officer (CISO) under the administration direction of the Director of Information Technology, the Chief Information Security Officer plans, organizes, implements, and directs the County-wide information security program; and performs related duties as required.

DISTINGUISHING CHARACTERISTICS

The incumbent in this single position class reports directly to the Information Technology Director and is responsible for advising and training County departments on the proper management of security risks to their information systems and assets, directing and overseeing the County’s defensive architecture systems and efforts, monitoring County information/computer assets for compromise, assisting in the recovery of compromised assets, overseeing the investigation of suspicious computer-related activities, developing County-wide policies and procedures, and overseeing end-user security awareness efforts. This position will focus executive and management attention on the secure and uninterrupted operation of County information systems through minimization of exposure and vulnerability to risk and loss factors.

The Chief Information Security Officer is distinguished from the next higher class of Information Technology Director in that the latter is responsible for the overall development and successful implementation of the policies, goals, and mission of the Information Technology Department and satisfying the information technology requirements and needs of the entire County.

CLASSIFICATIONS SUPERVISED

N/A

EXAMPLE OF DUTIES

ESSENTIAL DUTIES AND RESPONSIBILITIES

Nothing in this specification restricts management’s right to assign or reassign duties and responsibilities to this job at any time.

1. Develops, establishes, implements, and directs the County's information technology security program across all departmental divisions and units.
2. Develops, coordinates, and maintains policies pertaining to information technology security.
3. Works with countywide task forces, committees, and departmental liaisons to implement security policies, procedures, and infrastructure modifications.
4. Acts as the central point of contact related to violations of information technology security policies and investigates or assists in the investigation of violations.
5. Writes and maintains appropriate reports and records.
6. Upon request, conducts security risk assessments, and business impact analysis of all county departments, in coordination with departmental security assessment teams/staff.
7. Acts as a consultant to all County information technology functions in the review of security policies, computer operations, access controls, system security, computer applications, and network and data security.
8. Develops, promotes, and presents security awareness education to all levels of the county organization.
9. Reviews all system-related information security plans throughout the county's network to ensure alignment between security practices.
10. Maintains current knowledge of applicable federal and state laws, accreditation standards, and monitors information security technologies to ensure organizational adoption and compliance; maintains up-to-date knowledge of general threats to local government and methods of attack.
11. Plans, prioritizes, delegates, and reviews the work of assigned staff.
12. Develops and leads and trains the Information Security Response Team; coordinates all incident preparedness activities.
13. Consults with the County Counsel’s Office to provide legal investigative services related to information technology.
14. Coordinates with the Network Infrastructure Team on the monitoring of county systems and networks for malicious or unusual activity that may allow unauthorized access and/or attacks, such as the presence of malware, viruses, worms, botnets, backdoors, and runaway services.
15. May be assigned as a Disaster Service Worker as required.
16. Perform the related duties as required.