US Government, County Executive Office
- Full Time
OFFICE OF INFORMATION TECHNOLOGY
The mission of Orange County Information Technology (OCIT) is to provide innovative, reliable, and secure technology solutions that support County departments in delivering quality public services. OCIT provides IT solutions across County departments for voice communications, network services, application support, service desk, desktop support, as well as data center services.
Click here for more information on OCIT
Click here for more information on the County of Orange.
The Chief Information Security Officer (CISO) position reports directly to the Assistant Chief Information Officer (ACIO) and manages the design, development, implementation, operation and maintenance of Countywide information security programs which are designed to protect the confidentiality, integrity, and availability of all voice, data network, application and computer infrastructure and their associated information assets. The CISO is responsible for building a comprehensive security program and an accountable, information security-conscious culture and a security infrastructure built on policies and procedures that are compliant with applicable Federal, State, and local laws, ordinances, and guidelines. The CISO will provide strategic and operational IT leadership Countywide and will establish, support, and continuously improve enterprise Information Security technology, policies, practices, and standards.
This requires a specific knowledge of security operations, security management, and the use of threat intelligence into cybersecurity practice, policies and procedures. This position must be able to translate technical cybersecurity issues/concerns into possible business implications that are meaningful to executive management and the Board of Supervisors.
Additionally, the CISO oversees vulnerability assessments and penetration testing, performs incident response and security analysis, provides forensic investigation, assists with internal and external audits, disaster recovery and business continuity, manages the Security Operations Center (SOC), and supports County departments in eDiscovery.
In addition, the CISO will perform, but is not limited to, the following duties:
- Providing guidance and direction to County Departments on Cybersecurity practices and procedures
- Creating and implementing a strategy for the deployment of information security technologies
- Performing IT security risk assessments and reporting on ways to minimize threats
- Monitoring security vulnerabilities and cybersecurity threats in network and host environments
- Managing development and implementation of cybersecurity threat intelligence services
- Overseeing integration of cybersecurity operations management into network management practices
- Tracking the latest IT security innovations and keeping abreast of the latest cybersecurity technologies
- Ensuring business continuity, compliance, and governance is met
- Developing and implementing business continuity plans to ensure service is continuous when a change strategy is introduced, or a security breach occurs or in the event that the disaster recovery plan needs to be triggered
- Communicating with key County stakeholders about IT security threats
- Develop and improve cyber incident response management
- Overseeing the investigation of reported security breaches
- Implementing an effective process for the report of security incidents
- Managing the IT security team, security experts and advisors
- Complying with the latest regulations and compliance requirements
- Managing the daily operation and implementation of the IT security strategies
- Protecting the intellectual property of the County at all times
- Devising risk-based strategies and implementing IT solutions to minimize the risk of cyber-attacks
- Reviewing, analyzing, and overseeing the processing of the release of information in compliance with the California Public Records Act and eDiscovery activities associated with internal and external investigations
- Developing and maintaining relationships with other government jurisdictions to include local intelligence fusion centers and law enforcement partners
DESIRABLE QUALIFICATIONS & CORE COMPETENCIES
The ideal candidate will possess a Bachelor's degree in information security, computer science, information systems, computer engineering, or a related field and possess a minimum of seven (7) years of experience in comprehensive security program management in planning, administering, and ensuring effective and secure large-scale information security operations covering applications, servers, voice and data network, Internet, or other systems. In addition, the ideal candidate will possess extensive knowledge and/or experience in the following core competencies:
Information Technology Knowledge | Information Security Experience
- Understanding and application of security and privacy technologies and current best practices
- Understanding and application of cybersecurity, risk management and control frameworks (such as National Institute of Standards and Technology (NIST) Cybersecurity Framework, NIST Risk Management Framework, and NIST 800-53 controls)
- Administering operations, services, and activities of comprehensive information systems security programs
- Understanding and application of advanced principles and best practices of system security design, development, analysis, and testing
- Understanding and application of advanced methods and techniques of evaluating information security and developing appropriate solutions; converged voice and data network security; architecture and design
- Utilizing functional structures of various operating systems components and associated security features
- Developing strategies for secure, cloud-based services
- Possessing advanced project management principles and techniques including project budgeting, quality assessment and control and resource management
- Working knowledge of regulatory requirements including Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), and Criminal Justice Information Services (CJIS)
Leadership | Supervisory Skills
- Leading a high performance, results oriented team to implement organizational goals while balancing competing needs and objectives
- Leading information security training for employees, contractors, partners, and other third parties as appropriate
- Supervising various levels of managerial, supervisory, technical, and support staff as well as partnering with other Agencies, such as Human Resources, County Counsel, Risk Management, etc.
- Monitoring compliance with the organization's information security policies and procedures among employees, contractors, partners, and other third parties and resolve potential issues as needed
- Leading complex IT teams comprised of both direct and contracted vendors effectively
Strategic Thinking and Planning | Organizational and Analytical Skills
- Planning and leading the execution of challenging projects to ensure that projects are resourced, budgeted, scheduled, planned, and implemented in a timely manner
- Interpreting and analyzing complex data to identify critical issues
- Thinking logically and organizing thoughts and work priorities to accomplish work efficiently
Oral | Written Communication Skills
- Developing and implementing written materials, policies, and procedures for Administrative Services staff
- Implementing and acting as an advocate for security best practices and security awareness
- Preparing and orally presenting training and support information to various groups
- Developing clear requirements for internal information technology staff and third-party vendors
- Communicating, coordinating, and collaborating effectively with all organizational levels, and the public
Candidate shall possess a Certified Information Systems Security Professional (CISSP) certificate. They may also have one (1) or more of the following certifications: Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Advanced Security Practitioner Certification (CASP), Certified Chief Information Security Officer (C-CISO), or Certified in Healthcare Compliance (CHPC).
SPECIAL REQUIREMENT | BACKGROUND INVESTIGATION
Part of the selection process for positions within the County of Orange supporting the Probation Department requires that all candidates undergo an extensive background investigation process, to the satisfaction of the Department. Candidates must successfully clear prior to the start of their employment. All employment offers are contingent upon successful completion of a background investigation.
Please click here to learn about the minimum qualifications, including the physical and mental requirements as well as the environmental conditions for the Technology Services Deputy Director classification.
Human Resource Services (HRS) screens all applications to identify the qualified candidates for the position based on the skills required to meet the needs of the County. After the initial screening, the qualified candidates will be referred to the next step and notified of all further procedures applicable to their status in the competition.
Structured Oral Interview (SOI) (Weighted 100%)
Applicants will be interviewed and rated by an oral interview panel of job knowledge experts. Each applicant's rating will be based on responses to a series of structured questions designed to elicit the candidate's qualifications for the job.
Based on the Department's needs, the selection procedures listed above may be modified. Applicants will be notified of any changes in the selection procedures.
Once the assessment has been completed, HRS will establish an eligible list of candidates. Candidates placed on the eligible list may be referred to a selection interview to be considered for present and future vacancies.
Veterans Employment Preference Policy (VEPP)
The County is committed to providing a mechanism to give preferential consideration in the employment process to veterans and their eligible spouses and will provide eligible participants the opportunity to receive interviews in the selection process for employment and paid internship openings. Please click here (Download PDF reader) to review the policy.