City Information Security Officer (CISO)
City of San Jose San Jose, California, United States
- Location: San Jose, California, United States
- Categories: Information Technology and Communication Services
- Job Type: Full Time
- Posted: Oct 15, 2024
Job Description:
City Information Security Officer (CISO)
Description
Our diverse and inclusive workforce of more than 7,000 employees play a key role in the success of San José, the heart of the Silicon Valley. All City of San José employees work together as one team to make San José a vibrant, innovative, and desirable place to live and work. Visit here to learn more about our One Team Leadership Values and Expectations, including quality and excellent customer service and here to learn more about San José.About the Department
The City of San José innovates to provide exceptional civic services using advanced technologies to help our community thrive.
As one of the largest cities in the nation, the City manages a large set of services and assets. The City operates on a budget of $5 billion, with approximately 7,000 employees serving about 1 million residents and 80,000 businesses in the heart of Silicon Valley.
The Information Technology Department’s (ITD) mission is to enrich the quality of life in San José through innovation, collaboration, and engagement. ITD enables that mission through business and infrastructure systems, cybersecurity, data management and analysis, responsible use of Artificial Intelligence (AI), productivity and collaboration tools, the San José 311 resident experience platform, data equity and privacy programs, and strategic planning. San José is powered by truly great people, a robust technology environment, and a strong sense of purpose.
The IT department is a leader in innovation, embracing cutting-edge technologies and pioneering solutions to enhance efficiency and quality of life in San José. As part of this effort, the City leads a national initiative for AI through the GovAI Coalition, which was established to give local governments a voice in shaping the future of AI, ensuring it is developed responsibly for the public good.
Promoting the City’s commitment to equity and inclusion, we believe that all members of the community, regardless of background, have access to the tools and resources needed to thrive in the digital age. San José is located in the heart of Silicon Valley, which boasts a rich history in technology, education, and agriculture. Over half of San José residents speak a language other than English at home, highlighting the importance of language accessibility in all City services. By fostering inclusivity, promoting digital literacy, and building accessible platforms, we are advancing technology while creating a more equitable future for everyone.
At the City of San José, we promote work-life integration and a focus on growth to bring out the best in our people. Come join us in making San José the most vibrant, equitable, sustainable, and innovative city in the nation! Visit the Information Technology Department’s website to learn about our culture, vision, leadership, and innovative initiatives.
Position Duties
NOTE - The first application review will be on Friday, November 1, 2024. Please submit your application by Friday, November 1, 2024, at 12:00 p.m. (PST), if you would like your application to be included in the first review. Candidates who pass the first application review round will be invited to interviews on the week of November 18, 2024.
For more information about the position and duties, please visit the recruitment brochure at this link: https://flipbooks.fleepit.com/f-69425-city_information_security_officer_recruitment_brochure.
The City of San José Information Technology Department seeks an experienced City Information Security Officer (CISO) to lead cybersecurity Citywide initiatives.
The CISO will direct the Cybersecurity Office as the City’s principal executive leader for information and systems security. In partnership with the Chief Information Officer (CIO), they will manage risk identification, protection and compliance, threat detection, incident response (IR), and recovery services for all City departments to ensure business resilience.
The City’s CISO must be able to apply expertise in security strategy, cybersecurity frameworks, managing staff and vendor services, leading incident management, and optimizing resources to achieve desired security outcomes.
Key responsibilities include but not limited to:
- Lead and mentor the Cybersecurity team, offering expertise and support to foster growth and a collaborative environment.
- Collaborate with business units and solution providers to provide optimal security measures and achieve a balance between sustaining business operations and achieving security compliance.
- Coordinate with stakeholders within the City and partners/vendors outside of the City to ensure information and systems meet the City’s standards for threat identification, protection, and risk detection.
- Develop, operationalize, and enhance the City’s cybersecurity strategic plan, programs, policies, and architecture, including vulnerability, risk, and threat management programs through remediation.
- Conduct training programs to educate City personnel on relevant security best practices, foster diligence, and ensure compliance.
- Provide expert security guidance to City departments and officials in service planning, procurements, contract negotiations, vendor management, and project management.
- Provide expert guidance on regulations and standards (FISMA, FedRAMP, CJIS, PCI-DSS, HIPAA, etc.) the City must meet in providing municipal services, as well as security frameworks (NIST, ISO, IEEE, etc.) to shape City operations.
- Oversee and lead incident management/response processes in coordination with City departments to respond and recover from incidents.
- Resolve security-related audits in partnership with City staff.
- Ensure comprehensive security strategies align with resilience plans and emergency management exercises.
- Oversee vendor relationships and manage the City’s procurement and utilization of cybersecurity products and services across departments.
- Lead the annual Cybersecurity Assessment of the City’s technology infrastructure.
- Provide strategic and operational leadership to address cybersecurity in the City’s emerging Internet-of-Things, smart communities, privacy, and equity through data initiatives.
- Collaborate with the Digital Privacy Officer to address privacy challenges emerging from new technologies, including AI.
- Implement governance policies to ensure responsible AI usage across the organization, aligning with ethical standards and risk management protocols.
- Support the GovAI Coalition’s initiatives to promote responsible and safe use of AI in government.
Minimum Qualifications
Education and Experience:
A Bachelor’s degree from an accredited college or university in computer science, management information systems, business/public administration, or a closely related field AND seven (7) years of increasingly responsible experience in cybersecurity application and infrastructure, technology management, or telecommunications, including a combination of five (5) years of supervisory and project personnel management experience, with at least three (3) years of supervision experience in direct support of information security programs of significant scale and scope similar to a large government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams in delivering goals and measured service levels.
Acceptable Substitution:
A master's degree in a relevant field from an accredited college or university may be substituted for one (1) year of the required three (3) years of supervision experience in direct support of information security programs of significant scale and scope similar to a large municipal government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams.
Licenses or Certificates:
Possess and maintain a current, terminal-level cybersecurity credential such as:
- Certified Information Systems Security Professional (CISSP);
- Certified Information Systems Auditor (CISA);
- Certified Information Security Manager (CISM);
- Certified in the Governance of Enterprise IT (CGEIT);
- Certified in Risk and Information Systems Control (CRISC); or
- An equivalent professional, industry-recognized certification acceptable to the City.
- Obtain and maintain SECRET Security Clearance within a reasonable period of time acceptable to the City.
Other Qualifications
Competencies
The ideal candidate will possess the following competencies, as demonstrated in past and current employment history. Desirable competencies for this position include:
1) Job Expertise - The ideal candidate should have the following qualifications and experience:
- Manage major technology services, programs, and products across multiple departmental technology environments and ensure cross-coordination between departments, including adherence to Citywide procedures/policies and state and federal regulations.
- Relevant regulations and standards (FISMA, FedRAMP, CJIS, PCI-DSS, HIPAA, etc.).
- Knowledge of local, state, and federal cybersecurity regulations.
- Cybersecurity frameworks and standards (NIST, ISO, IEEE, CIS controls and frameworks such as COBIT and ITIL, etc.).
- Threat and vulnerability management, including understanding of common cyber threats, vulnerabilities, attack vectors, and the tools to defend against them (e.g., intrusion detection systems, SIEM, firewalls, etc.).
- Encryption and cryptography, including proficiency in data protection techniques, encryption methods, and secure communication protocols.
- Hands-on experience with crisis management and managing Incident Response to security breaches, including incident detection, containment, eradication, forensics, recovery, and post-incident analysis.
- Identity and Access Management (IAM) and expertise in managing user privileges, multi-factor authentication (MFA), and other access controls.
- Cloud security, including familiarity with security challenges and solutions in cloud environments (Azure, Hyperconverged Infrastructure, private cloud).
- Network security, including a strong understanding of securing network architecture, VPNs, secure web gateways, firewalls, and network segmentation.
- Business continuity and disaster recovery planning, including developing and overseeing business continuity plans and disaster recovery strategies.
3) Conflict Management - Identifies and understands issues, problems, and opportunities; uses effective approaches for choosing a course of action or developing appropriate solutions.
4) Leadership - Leads by example; demonstrates high ethical standards; remains visible and approachable and interacts with others on a regular basis; promotes a cooperative work environment, allowing others to learn from mistakes; provides motivational supports and
direction.
5) Political Acumen - Demonstrates an understanding and consideration of how it will impact stakeholders and affected areas in the organization.
6) Decision Making - Identifies and understands issues, problems, and opportunities; uses effective approaches for choosing a course of action or developing appropriate solutions.
7) Vision/Strategic Thinking - Support, promote, and ensure alignment with the organization’s vision and values. Understand how an organization must change in light of internal and external trends and influences. Builds a shared vision with others and influences others to translate vision into action.
8) Project Management - Ensures support for projects and implements agency goals and strategic objectives.
9) Communication Skills - Effectively conveys information (e.g., complex security concepts) to non-technical executives, council/committee members, and other stakeholders, and expresses thoughts and facts clearly, orally and in writing; demonstrates effective use of listening skills and displays openness to other people's ideas and thoughts; public relations during a crisis.
Additional Information:
Employment Eligibility: Federal law requires all employees to provide verification of their eligibility to work in this country. Please be informed that the City of San Jose will NOT sponsor, represent or sign any documents related to visa applications/transfers for H1-B or any other type of visa which requires an employer application.
Please note that applications are currently not accepted through CalOpps or any other third party job board application system.
This recruitment may be used to fill multiple positions in this, or other divisions or departments. If you are interested in employment in this classification, you should apply to ensure you are considered for additional opportunities that may utilize the applicants from this recruitment.
Please allow adequate time to complete the application and submit before the deadline or the system may not save your application. If your online application was successfully submitted, you will receive an automatic confirmation email to the email address you provided. IF YOU DO NOT RECEIVE THE CONFIRMATION, please email CityCareers@sanjoseca.gov and we will research the status of your application.
The City of San Jose offers a wide range of core health benefits including Medical, Dental, Vision, Employee Assistance Program, Life Insurance, Disability, and Savings Plans. Please visit the City's benefits pagefor detailed information on coverage, cost, and dependent coverage.
For information on the City’s Retirement Plan(pension for full-time employees), please visit the Office of Retirement Services website. You will be able to view information based on different Sworn/Federated job classification.
In additional to the benefits above, there is an additional perks siteto explore further benefits of working for the City of San Jose like paid leave, educational reimbursements, and holiday pay are specific to the job classification and union membership.