ASSISTANT DIRECTOR OF INFORMATION TECHNOLOGY - INFORMATION SECURITY OFFICER - 40009103

This position oversees the County's information, cyber, and technology security. The position is responsible for developing, executing, and maintaining the County's cybersecurity strategic plan, ensuring alignment with business objectives and regulatory requirements. The role works closely with the Director/Chief Information Officer (CIO) to establish and maintain the enterprise strategy and architecture with a multi-year roadmap to safeguard the County's digital assets. The role directs countywide information security and privacy efforts, ensuring compliance with HIPAA (Health Insurance Portability and Accountability Act) and other regulatory frameworks while fostering a culture of cybersecurity awareness. The position requires strong leadership to drive interdepartmental compliance, integrate security best practices, and manage a high-performing security team., * Develops and maintains an enterprise-wide information security program, including policies, procedures, and controls to protect critical data, infrastructure, and information assets.

• Works with the Director/CIO to establish and execute a multiyear cybersecurity strategy and roadmap.
• Ensures alignment of security goals with the department's business plan, overseeing the development, execution, and updates of the cybersecurity strategic plan.
• Directs countywide information security efforts through departmental security professionals.
• Oversees Information Technology (IT) security policies, including disaster recovery, vulnerability management, and regulatory compliance.
• Coordinates and ensures compliance with HIPAA security requirements across County departments.
• Establishes continuous monitoring, auditing, and compliance reviews to safeguard County systems.
• Identifies and reports key performance metrics to measure the effectiveness of security programs.
• Leads IT security audits, including internal assessments and external compliance testing.
• Works with IT teams to implement security automation, vulnerability assessments, and risk management initiatives.
• Collaborates with the Training Officer to develop and deliver cybersecurity awareness programs.
• Other duties as required.

• The Assistant Director of Information Security must have extensive expertise in cybersecurity frameworks National Institute of Standards Technology (NIST), ISO 27001, Computer Information Systems (CIS), Control Objectives for Information and Related Technologies (COBIT) and regulatory compliance (HIPAA, General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley Act (SOX).
• A deep understanding of security technologies (Security Information and Event Management (SIEM), Identity and Access Management (IAM), Endpoint Detection and Response (EDR), firewalls, Zero Trust, and cloud security) best practices, and risk management strategies are essential.

This position requires:

• Strong leadership and collaboration skills to engage IT, legal, and compliance teams effectively.
• The ability to align cybersecurity strategies with business objectives and articulate risks to executives.
• Proficiency in security policy development, incident response, and vendor security evaluations.
• Exceptional organizational and interpersonal skills to collaborate with internal and external stakeholders., * Bachelor's degree in Information Technology, Cybersecurity, or a related field.
• Seven to ten years of progressively responsible IT experience, including enterprise-level support and information security field (or equivalent combination of education and experience).
• Proven experience leading cybersecurity teams and managing IT security initiatives.

PREFERRED

• Advanced degree in Information Technology, Cybersecurity, or a related field.
• Relevant information security certifications such as (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Privacy Manager (CIPM).
• Experience with public sector IT management.
• Familiarity with additional compliance programs such as Gramm-Leach-Billey Act (GLBA) and Family Educational Rights and Privacy Act (FERPA).