City of San Jose
City Information Security Officer (CISO)
City of San Jose, San Jose, California, United States, 95199
The City of San José innovates to provide exceptional civic services using advanced technologies to help our community thrive.
As one of the largest cities in the nation, the City manages a large set of services and assets. The City operates on a budget of $5 billion, with approximately 7,000 employees serving about 1 million residents and 80,000 businesses in the heart of Silicon Valley.
The Information Technology Department’s (ITD) mission is to enrich the quality of life in San José through innovation, collaboration, and engagement. ITD enables that mission through business and infrastructure systems, cybersecurity, data management and analysis, responsible use of Artificial Intelligence (AI), productivity and collaboration tools, the San José 311 resident experience platform, data equity and privacy programs, and strategic planning. San José is powered by truly great people, a robust technology environment, and a strong sense of purpose.
The IT department is a leader in innovation, embracing cutting-edge technologies and pioneering solutions to enhance efficiency and quality of life in San José. As part of this effort, the City leads a national initiative for AI through the GovAI Coalition, which was established to give local governments a voice in shaping the future of AI, ensuring it is developed responsibly for the public good.
At the City of San José, we promote work-life integration and a focus on growth to bring out the best in our people. Come join us in making San José the most vibrant, equitable, sustainable, and innovative city in the nation!
The City of San José Information Technology Department seeks an experienced City Information Security Officer (CISO) to lead cybersecurity Citywide initiatives.
The CISO will direct the Cybersecurity Office as the City’s principal executive leader for information and systems security. In partnership with the Chief Information Officer (CIO), they will manage risk identification, protection and compliance, threat detection, incident response (IR), and recovery services for all City departments to ensure business resilience.
Key responsibilities include but are not limited to:Lead and mentor the Cybersecurity team, offering expertise and support to foster growth and a collaborative environment.Collaborate with business units and solution providers to provide optimal security measures and achieve a balance between sustaining business operations and achieving security compliance.Coordinate with stakeholders within the City and partners/vendors outside of the City to ensure information and systems meet the City’s standards for threat identification, protection, and risk detection.Develop, operationalize, and enhance the City’s cybersecurity strategic plan, programs, policies, and architecture, including vulnerability, risk, and threat management programs through remediation.Conduct training programs to educate City personnel on relevant security best practices, foster diligence, and ensure compliance.Provide expert security guidance to City departments and officials in service planning, procurements, contract negotiations, vendor management, and project management.Oversee and lead incident management/response processes in coordination with City departments to respond and recover from incidents.Resolve security-related audits in partnership with City staff.Ensure comprehensive security strategies align with resilience plans and emergency management exercises.Oversee vendor relationships and manage the City’s procurement and utilization of cybersecurity products and services across departments.Lead the annual Cybersecurity Assessment of the City’s technology infrastructure.Provide strategic and operational leadership to address cybersecurity in the City’s emerging Internet-of-Things, smart communities, privacy, and equity through data initiatives.Collaborate with the Digital Privacy Officer to address privacy challenges emerging from new technologies, including AI.Implement governance policies to ensure responsible AI usage across the organization, aligning with ethical standards and risk management protocols.Support the GovAI Coalition’s initiatives to promote responsible and safe use of AI in government.Please note that the City Information Security Officer (CISO) position is currently eligible for a hybrid telework schedule. The schedule for working remotely and onsite is subject to change.
Education and Experience:A Bachelor’s degree from an accredited college or university in computer science, management information systems, business/public administration, or a closely related field
AND
seven (7) years of increasingly responsible experience in cybersecurity application and infrastructure, technology management, or telecommunications, including a combination of five (5) years of supervisory and project personnel management experience, with at least three (3) years of supervision experience in direct support of information security programs of significant scale and scope similar to a large government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams in delivering goals and measured service levels.
Acceptable Substitution:A master's degree in a relevant field from an accredited college or university may be substituted for one (1) year of the required three (3) years of supervision experience in direct support of information security programs of significant scale and scope similar to a large municipal government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams.
Licenses or Certificates:Possess and maintain a current, terminal-level cybersecurity credential such as:
Certified Information Systems Security Professional (CISSP);Certified Information Systems Auditor (CISA);Certified Information Security Manager (CISM);Certified in the Governance of Enterprise IT (CGEIT);Certified in Risk and Information Systems Control (CRISC); orAn equivalent professional, industry-recognized certification acceptable to the City.Obtain and maintain SECRET Security Clearance within a reasonable period of time acceptable to the City.Passing the San Jose Police Department (SJPD) background check is also a condition of employment.
Competencies
The ideal candidate will possess the following competencies, as demonstrated in past and current employment history. Desirable competencies for this position include:
1) Job Expertise
– The ideal candidate should have the following qualifications and experience:
Manage major technology services, programs, and products across multiple departmental technology environments and ensure cross-coordination between departments, including adherence to Citywide procedures/policies and state and federal regulations.Relevant regulations and standards (FISMA, FedRAMP, CJIS, PCI-DSS, HIPAA, etc.).Knowledge of local, state, and federal cybersecurity regulations.Cybersecurity frameworks and standards (NIST, ISO, IEEE, CIS controls and frameworks such as COBIT and ITIL, etc.).Threat and vulnerability management, including understanding of common cyber threats, vulnerabilities, attack vectors, and the tools to defend against them (e.g., intrusion detection systems, SIEM, firewalls, etc.).Encryption and cryptography, including proficiency in data protection techniques, encryption methods, and secure communication protocols.Hands-on experience with crisis management and managing Incident Response to security breaches, including incident detection, containment, eradication, forensics, recovery, and post-incident analysis.Identity and Access Management (IAM) and expertise in managing user privileges, multi-factor authentication (MFA), and other access controls.Cloud security, including familiarity with security challenges and solutions in cloud environments (Azure, Hyperconverged Infrastructure, private cloud).Network security, including a strong understanding of securing network architecture, VPNs, secure web gateways, firewalls, and network segmentation.Business continuity and disaster recovery planning, including developing and overseeing business continuity plans and disaster recovery strategies.2) Analytical Thinking
– Approaching a problem or situation by using a logical, systematic, sequential approach.
3) Conflict Management
– Identifies and understands issues, problems, and opportunities; uses effective approaches for choosing a course of action or developing appropriate solutions.
4) Leadership
– Leads by example; demonstrates high ethical standards; remains visible and approachable and interacts with others on a regular basis; promotes a cooperative work environment, allowing others to learn from mistakes; provides motivational supports and direction.
5) Political Acumen
– Demonstrates an understanding and consideration of how it will impact stakeholders and affected areas in the organization.
6) Decision Making
– Identifies and understands issues, problems, and opportunities; uses effective approaches for choosing a course of action or developing appropriate solutions.
7) Vision/Strategic Thinking
– Support, promote, and ensure alignment with the organization’s vision and values. Understand how an organization must change in light of internal and external trends and influences. Builds a shared vision with others and influences others to translate vision into action.
8) Project Management
– Ensures support for projects and implements agency goals and strategic objectives.
9) Communication Skills
– Effectively conveys information (e.g., complex security concepts) to non-technical executives, council/committee members, and other stakeholders, and expresses thoughts and facts clearly, orally and in writing; demonstrates effective use of listening skills and displays openness to other people's ideas and thoughts; public relations during a crisis.#J-18808-Ljbffr
As one of the largest cities in the nation, the City manages a large set of services and assets. The City operates on a budget of $5 billion, with approximately 7,000 employees serving about 1 million residents and 80,000 businesses in the heart of Silicon Valley.
The Information Technology Department’s (ITD) mission is to enrich the quality of life in San José through innovation, collaboration, and engagement. ITD enables that mission through business and infrastructure systems, cybersecurity, data management and analysis, responsible use of Artificial Intelligence (AI), productivity and collaboration tools, the San José 311 resident experience platform, data equity and privacy programs, and strategic planning. San José is powered by truly great people, a robust technology environment, and a strong sense of purpose.
The IT department is a leader in innovation, embracing cutting-edge technologies and pioneering solutions to enhance efficiency and quality of life in San José. As part of this effort, the City leads a national initiative for AI through the GovAI Coalition, which was established to give local governments a voice in shaping the future of AI, ensuring it is developed responsibly for the public good.
At the City of San José, we promote work-life integration and a focus on growth to bring out the best in our people. Come join us in making San José the most vibrant, equitable, sustainable, and innovative city in the nation!
The City of San José Information Technology Department seeks an experienced City Information Security Officer (CISO) to lead cybersecurity Citywide initiatives.
The CISO will direct the Cybersecurity Office as the City’s principal executive leader for information and systems security. In partnership with the Chief Information Officer (CIO), they will manage risk identification, protection and compliance, threat detection, incident response (IR), and recovery services for all City departments to ensure business resilience.
Key responsibilities include but are not limited to:Lead and mentor the Cybersecurity team, offering expertise and support to foster growth and a collaborative environment.Collaborate with business units and solution providers to provide optimal security measures and achieve a balance between sustaining business operations and achieving security compliance.Coordinate with stakeholders within the City and partners/vendors outside of the City to ensure information and systems meet the City’s standards for threat identification, protection, and risk detection.Develop, operationalize, and enhance the City’s cybersecurity strategic plan, programs, policies, and architecture, including vulnerability, risk, and threat management programs through remediation.Conduct training programs to educate City personnel on relevant security best practices, foster diligence, and ensure compliance.Provide expert security guidance to City departments and officials in service planning, procurements, contract negotiations, vendor management, and project management.Oversee and lead incident management/response processes in coordination with City departments to respond and recover from incidents.Resolve security-related audits in partnership with City staff.Ensure comprehensive security strategies align with resilience plans and emergency management exercises.Oversee vendor relationships and manage the City’s procurement and utilization of cybersecurity products and services across departments.Lead the annual Cybersecurity Assessment of the City’s technology infrastructure.Provide strategic and operational leadership to address cybersecurity in the City’s emerging Internet-of-Things, smart communities, privacy, and equity through data initiatives.Collaborate with the Digital Privacy Officer to address privacy challenges emerging from new technologies, including AI.Implement governance policies to ensure responsible AI usage across the organization, aligning with ethical standards and risk management protocols.Support the GovAI Coalition’s initiatives to promote responsible and safe use of AI in government.Please note that the City Information Security Officer (CISO) position is currently eligible for a hybrid telework schedule. The schedule for working remotely and onsite is subject to change.
Education and Experience:A Bachelor’s degree from an accredited college or university in computer science, management information systems, business/public administration, or a closely related field
AND
seven (7) years of increasingly responsible experience in cybersecurity application and infrastructure, technology management, or telecommunications, including a combination of five (5) years of supervisory and project personnel management experience, with at least three (3) years of supervision experience in direct support of information security programs of significant scale and scope similar to a large government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams in delivering goals and measured service levels.
Acceptable Substitution:A master's degree in a relevant field from an accredited college or university may be substituted for one (1) year of the required three (3) years of supervision experience in direct support of information security programs of significant scale and scope similar to a large municipal government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams.
Licenses or Certificates:Possess and maintain a current, terminal-level cybersecurity credential such as:
Certified Information Systems Security Professional (CISSP);Certified Information Systems Auditor (CISA);Certified Information Security Manager (CISM);Certified in the Governance of Enterprise IT (CGEIT);Certified in Risk and Information Systems Control (CRISC); orAn equivalent professional, industry-recognized certification acceptable to the City.Obtain and maintain SECRET Security Clearance within a reasonable period of time acceptable to the City.Passing the San Jose Police Department (SJPD) background check is also a condition of employment.
Competencies
The ideal candidate will possess the following competencies, as demonstrated in past and current employment history. Desirable competencies for this position include:
1) Job Expertise
– The ideal candidate should have the following qualifications and experience:
Manage major technology services, programs, and products across multiple departmental technology environments and ensure cross-coordination between departments, including adherence to Citywide procedures/policies and state and federal regulations.Relevant regulations and standards (FISMA, FedRAMP, CJIS, PCI-DSS, HIPAA, etc.).Knowledge of local, state, and federal cybersecurity regulations.Cybersecurity frameworks and standards (NIST, ISO, IEEE, CIS controls and frameworks such as COBIT and ITIL, etc.).Threat and vulnerability management, including understanding of common cyber threats, vulnerabilities, attack vectors, and the tools to defend against them (e.g., intrusion detection systems, SIEM, firewalls, etc.).Encryption and cryptography, including proficiency in data protection techniques, encryption methods, and secure communication protocols.Hands-on experience with crisis management and managing Incident Response to security breaches, including incident detection, containment, eradication, forensics, recovery, and post-incident analysis.Identity and Access Management (IAM) and expertise in managing user privileges, multi-factor authentication (MFA), and other access controls.Cloud security, including familiarity with security challenges and solutions in cloud environments (Azure, Hyperconverged Infrastructure, private cloud).Network security, including a strong understanding of securing network architecture, VPNs, secure web gateways, firewalls, and network segmentation.Business continuity and disaster recovery planning, including developing and overseeing business continuity plans and disaster recovery strategies.2) Analytical Thinking
– Approaching a problem or situation by using a logical, systematic, sequential approach.
3) Conflict Management
– Identifies and understands issues, problems, and opportunities; uses effective approaches for choosing a course of action or developing appropriate solutions.
4) Leadership
– Leads by example; demonstrates high ethical standards; remains visible and approachable and interacts with others on a regular basis; promotes a cooperative work environment, allowing others to learn from mistakes; provides motivational supports and direction.
5) Political Acumen
– Demonstrates an understanding and consideration of how it will impact stakeholders and affected areas in the organization.
6) Decision Making
– Identifies and understands issues, problems, and opportunities; uses effective approaches for choosing a course of action or developing appropriate solutions.
7) Vision/Strategic Thinking
– Support, promote, and ensure alignment with the organization’s vision and values. Understand how an organization must change in light of internal and external trends and influences. Builds a shared vision with others and influences others to translate vision into action.
8) Project Management
– Ensures support for projects and implements agency goals and strategic objectives.
9) Communication Skills
– Effectively conveys information (e.g., complex security concepts) to non-technical executives, council/committee members, and other stakeholders, and expresses thoughts and facts clearly, orally and in writing; demonstrates effective use of listening skills and displays openness to other people's ideas and thoughts; public relations during a crisis.#J-18808-Ljbffr