Santa Barbara County seeks an experienced Chief Information Security Officer (CISO) to serve as the County’s subject matter expert related to cyber security and IT risk management across the County. The CISO is a newly created position who understands IT risk at an enterprise level and will oversee all risk management and cyber security across all IT divisions and the County’s 25 departments. The CISO provides a structured approach to managing risk at an appropriate level, interacts with system owners to assess interconnections, and reviews and measures system dependencies, confidentiality, integrity and availability. The CISO will articulate cyber security risks, participate in crafting cyber security policy, develop a risk profile for each department and systems within those departments, present IT risk findings to system owners, develop an information technology security strategic plan and recovery plan, and create a culture of awareness and appreciation for cyber security/cyber hygiene.
Interact with system owners and have a high degree of trust.
Sit on the County’s newly developed IT governance framework and policy committee.
Assess multiple data types and various IT systems and architectures, and identify how major systems and applications interconnect.
Review and measure system dependencies, confidentiality, integrity and availability to identify value systems and controls needed to protect the systems at the appropriate level.
Develop a risk profile for each department and systems within those departments.
Recommend cyber security policy that is tailored to the unique system and data considering context, regulatory compliance and appropriate levels of risk.
Present IT risk findings to system owners and ensure remediation.
Provide industry best practices, lending expertise crafting new/updated cyber security policy.
Incorporate local, state and federal regulations when developing cyber security policy and recommendations (e.g., HIPPA, CJIS, etc.).
Develop an organization-wide information technology security strategic plan.
Develop a risk profile and a category of systems for each department and major systems within those departments (e.g., Financial Information Network (FIN), social service databases, etc.)
TRAINING /CYBER RECOVERY / PUBLIC RELATIONS:
Craft continuity and contingency recovery plan and test the plan with tabletop and live exercises.
Ensure recovery plan is resilient and reliable, and staff are trained.
Ensures that awareness for cyber security is promoted and taught throughout the organization.
Conducts regular internal/external learning and training sessions to educate staff and stakeholders regarding IT cyber security practices, policy, and how to identify, mitigate and manage risk.
Creates a culture of awareness and appreciation for cyber security.
Promotes cyber hygiene and develops an organizational appreciation for protecting information.
Educates fiduciary responsibility and risks associated with data breaches; i.e., financial loss, lawsuits, loss of good will and poor public image, etc.
Respond to security breaches internally and externally working with elected officials, county executives and the public regarding risk and mitigation efforts.
Very seasoned information security specialist who possess experience and/or education directly related to the level of leadership and the scope of organizational authority/responsibility required by the position.
Work effectively with county staff, executive leadership, and other managers and IT system owners.
Ability to possess a valid California Class C Driver’s License (this position will require independent travel)
Bachelor’s degree in computer science, management, IT management, management information systems, Business Administration or other related field is not required but desirable.
Familiar with one or more of the below:
HIPPA and its legal requirements related to data compliance and regulations
CJIS – Criminal Justice Information Services (FBI standard for how a system processes criminal data), as this position will be working with systems for the District Attorney, Sheriff’s department, etc.
PCI – payment card information – credit card payment regulations
FTI – Federal Tax Information standards, which is regulated by the IRS, and will be valuable while working with Clerk Recorder, Treasurer-Tax Collector, Assessor, and other departments.
Information privacy law and fiduciary law
Understanding security frameworks and should be familiar with one or more of the below:
NIST - National Institute of Standards and Technology
Desirable: one or more of the below certificates:
CISSP – Certified Information Systems Security Professional
CISA - Certified Information Systems Auditor
CISM – Certified Information Security Manager
CEH – Certified Ethical Hacker
CGEIT – Certified in the Governance of Enterprise IT
CRISC – Certified in Risk and Information Systems Control from ISACA.org
GIAC – Global Information Assurance Certification – SANS institute certification
SALARY / BENEFITS:
Annual Salary: $94,275 – $129,046. This salary range reflects the negotiable range for hire, however the top of the range for future career and salary advancement tops at $151,545.
The County of Santa Barbara offers a generous benefits package. For details:CLICK HERE
Relocation: The County may provide reimbursement for reasonable relocation expenses.
HOW TO APPLY: for first consideration APPLY by July 27that:
We actively welcome, value, respect and recognize employee differences and similarities. We believe a robust exchange of ideas creates an atmosphere of cultural acceptance. We believe that the more diverse we are, the better decisions we make.