County of Mono
Chief Information Security Officer
County of Mono, Mammoth Lakes, California, United States, 93546
ABOUT THE ROLEAs a Chief Information Security Officer (CISO) under the administration direction of the Director of Information Technology, the Chief Information Security Officer plans, organizes, implements and directs the County-wide information security program; and performs related duties as required.DISTINGUISHING CHARACTERISTICSThe incumbent in this single position class reports directly to the Information Technology Director and is responsible for advising and training County departments on the proper management of security risks to their information systems and assets, directing and overseeing the County’s defensive architecture systems and efforts, monitoring County information/computer assets for compromise, assisting in the recovery of compromised assets, overseeing the investigation of suspicious computer-related activities, developing County-wide policies and procedures, and overseeing end-user security awareness efforts. This position will focus executive and management attention on the secure and uninterrupted operation of County information systems through minimization of exposure and vulnerability to risk and loss factors.The Chief Information Security Officer is distinguished from the next higher class of Information Technology Director in that the latter is responsible for the overall development and successful implementation of the policies, goals, and mission of the Information Technology Department and satisfying the information technology requirements and needs of the entire County.CLASSIFICATIONS SUPERVISEDN/AESSENTIAL DUTIES AND RESPONSIBILITIESNothing in this specification restricts management’s right to assign or reassign duties and responsibilities to this job at any time.Develops, establishes, implements, and directs the County's information technology security program across all departmental divisions and units.
Develops, coordinates, and maintains policies pertaining to information technology security.
Works with countywide task forces, committees, and departmental liaisons to implement security policies, procedures, and infrastructure modifications.
Acts as the central point of contact related to violations of information technology security policies and investigates or assists in the investigation of violations.
Writes and maintains appropriate reports and records.
Upon request, conducts security risk assessments, and business impact analysis of all county departments, in coordination with departmental security assessment teams/staff.
Acts as a consultant to all County information technology functions in the review of security policies, computer operations, access controls, system security, computer applications, and network and data security.
Develops, promotes, and presents security awareness education to all levels of the county organization.
Reviews all system-related information security plans throughout the county's network to ensure alignment between security practices.
Maintains current knowledge of applicable federal and state laws, accreditation standards, and monitors information security technologies to ensure organizational adoption and compliance; maintains up-to-date knowledge of general threats to local government and methods of attack.
Plans, prioritizes, delegates, and reviews the work of assigned staff.
Develops, leads, and trains the Information Security Response Team; coordinates all incident preparedness activities.
Consults with the County Counsel’s Office to provide legal investigative services related to information technology.
Coordinates with the Network Infrastructure Team on the monitoring of county systems and networks for malicious or unusual activity that may allow unauthorized access and/or attacks, such as the presence of malware, viruses, worms, botnets, backdoors, and runaway services.
May be assigned as a Disaster Service Worker as required.
Perform the related duties as required.
Required Condition of Employment:Incumbent will be required to successfully pass a background investigation including but not limited to a fingerprint clearance from the Department of Justice. Incumbent will be required to possess a valid California License Class “C” driver’s license with a satisfactory driving record or be able to provide suitable transportation that is approved by the appointing authority.Be available to work outside of normal business hours as needed, including evenings, weekends, holidays and during times of emergency and/or disaster.Examples of Experience/Education/TrainingAny combination of training, education and/or experience which provides the knowledge, skills and abilities and required conditions of employment listed above is qualifying. An example of a way these requirements might be acquired is:Education:Possession of a bachelor’s degree in information security, Computer Science, or a closely related field from an accredited, four-year college or university.Experience:At least six (6) years of increasingly responsible professional experience performing varied and complex work in the areas of information security administration, network systems, and/or desktop systems, including at least two (2) years of experience supervising or managing technical staff, and/or serving as a technical expert.Licenses/Certifications:Certification in an information security discipline (i.e., GIAC, ISACA or ISC2 certifications) is desirable.Typical Physical Requirements:Sit for extended periods, frequently stand, and walk; normal manual dexterity and eye-hand coordination; lift and move objects weighing up to 25 pounds; corrected hearing and vision to normal range; verbal communication; use of office equipment, including computer, telephone, copiers, and FAX.Typical Working Conditions:Work is usually performed in an office environment, with frequent contact with staff and the public.
#J-18808-Ljbffr
Develops, coordinates, and maintains policies pertaining to information technology security.
Works with countywide task forces, committees, and departmental liaisons to implement security policies, procedures, and infrastructure modifications.
Acts as the central point of contact related to violations of information technology security policies and investigates or assists in the investigation of violations.
Writes and maintains appropriate reports and records.
Upon request, conducts security risk assessments, and business impact analysis of all county departments, in coordination with departmental security assessment teams/staff.
Acts as a consultant to all County information technology functions in the review of security policies, computer operations, access controls, system security, computer applications, and network and data security.
Develops, promotes, and presents security awareness education to all levels of the county organization.
Reviews all system-related information security plans throughout the county's network to ensure alignment between security practices.
Maintains current knowledge of applicable federal and state laws, accreditation standards, and monitors information security technologies to ensure organizational adoption and compliance; maintains up-to-date knowledge of general threats to local government and methods of attack.
Plans, prioritizes, delegates, and reviews the work of assigned staff.
Develops, leads, and trains the Information Security Response Team; coordinates all incident preparedness activities.
Consults with the County Counsel’s Office to provide legal investigative services related to information technology.
Coordinates with the Network Infrastructure Team on the monitoring of county systems and networks for malicious or unusual activity that may allow unauthorized access and/or attacks, such as the presence of malware, viruses, worms, botnets, backdoors, and runaway services.
May be assigned as a Disaster Service Worker as required.
Perform the related duties as required.
Required Condition of Employment:Incumbent will be required to successfully pass a background investigation including but not limited to a fingerprint clearance from the Department of Justice. Incumbent will be required to possess a valid California License Class “C” driver’s license with a satisfactory driving record or be able to provide suitable transportation that is approved by the appointing authority.Be available to work outside of normal business hours as needed, including evenings, weekends, holidays and during times of emergency and/or disaster.Examples of Experience/Education/TrainingAny combination of training, education and/or experience which provides the knowledge, skills and abilities and required conditions of employment listed above is qualifying. An example of a way these requirements might be acquired is:Education:Possession of a bachelor’s degree in information security, Computer Science, or a closely related field from an accredited, four-year college or university.Experience:At least six (6) years of increasingly responsible professional experience performing varied and complex work in the areas of information security administration, network systems, and/or desktop systems, including at least two (2) years of experience supervising or managing technical staff, and/or serving as a technical expert.Licenses/Certifications:Certification in an information security discipline (i.e., GIAC, ISACA or ISC2 certifications) is desirable.Typical Physical Requirements:Sit for extended periods, frequently stand, and walk; normal manual dexterity and eye-hand coordination; lift and move objects weighing up to 25 pounds; corrected hearing and vision to normal range; verbal communication; use of office equipment, including computer, telephone, copiers, and FAX.Typical Working Conditions:Work is usually performed in an office environment, with frequent contact with staff and the public.
#J-18808-Ljbffr