technology manager security - sandiegocounty.gov€¦ · records act. maintaining relationships and...
TRANSCRIPT
TECHNOLOGY MANAGER
SECURITY
COUNTY TECHNOLOGY OFFICE
Anticipated Hiring Range $120,000 to $145,000
Excellent Benefits Package
www. sand iego count y . gov
TECHNOLOGY MANAGER - SECURITY | COUNTY OF SAN DIEGO
COUNTY TECHNOLOGY OFFICE
COUNTY TECHNOLOGY OFFICE
The County Technology Office (CTO) supports a full range of information technology (IT) services for County employees and San Diego
County residents. The purpose of the CTO is to lead, guide, and facilitate the optimal business management of information technology
by County Business Groups and departments. The CTO oversees the County’s information services which enables innovation in the
delivery of County services and programs. To keep up with advances in IT, the County has and will continue to outsource its IT opera-
tions while maintaining strategic oversight of the technological direction. The County’s goal is to provide a reliable, integrated infor-
mation services environment that meets not only today’s needs for communication and business efficiency but also positions the
County to leverage new technology innovations and best practices for business transformation and improved service delivery in the
future. Click here to view the County’s IT Outsourcing Agreement.
THE POSITION
This position will collaborate extensively with the IT Outsourcer to develop and administer the County’s IT security and risk manage-
ment program, including the coordination of implementation with County departments. This position reports to the County’s Chief
Information Officer, works directly with the IT Outsourcer’s Chief Information Security Officer, and has no direct reports as the IT Out-
sourcer provides all security personnel. This position is responsible for:
Oversight of the IT Outsourcer's development, implementation, operation and maintenance of the County’s IT security program.
Creating a culture conscious of information security.
Developing and maintaining IT-related security policies, practices, standards and guidelines.
Ensuring all applicable Federal, State and local laws and regulations are integrated into the delivery of all IT services.
Providing strategic and operational IT Security Program leadership
Balancing business requirements with enterprise acceptable risk mitigations.
Providing guidance and direction to County departments on business application cyber security lifecycle management practices,
procedures, risk mitigation, budgeting and ownership responsibility.
Creating strategies for the deployment of information security programs, operational services and legal obligations.
Directing IT security risk assessments, managing oversite of risk registry, and closure of recommend/required security mitigations.
Developing, testing and improving cyber incident response management plans, security breaches investigations and legal notifi-
cation requirements.
Managing development and implementation of cybersecurity threat intelligence services.
Researching and keeping abreast of latest threats, attack vectors, mitigation methods, innovations and cybersecurity technologies.
Communicating with key County stakeholders about IT security threats and mitigation strategies/requirements.
Developing risk-based strategies, roadmaps, budget and project oversite of IT solutions that minimize the risk of cyber-attacks
and security breaches.
Managing ESI eDiscovery processes and safeguarding of records relating to litigation, investigations, and the California Public
Records Act.
Maintaining relationships and memberships with cyber security peer groups, organizations and government security associations
to include MS-ISAC, and local intelligence fusion centers (SD-LECC).
Overseeing the County’s annual PCI attestation of compliance Process and Procedure.
BENEFITS
Fifteen days of paid vacation, thirteen days of paid sick leave,
and thirteen paid holidays.
Medical, dental, and vision insurance plans.
Disability Insurance, Life Insurance, and Accidental Death/
Dismemberment Insurance.
Flexible Management Benefit Package – a monthly credit
may be used to select benefits from a group of options.
Defined benefit retirement program.
Reciprocity with other governmental retirement systems may
be granted; for further information, please review the San
Diego County Employees Retirement Association website
May be eligible for relocation allowance.
Deferred Compensation Program (457) and 401(a) plans.
THE IDEAL CANDIDATE
The ideal candidate will possess a bachelor’s degree in information security, computer science, information systems, computer engi-
neering, or a related IT field and possess a minimum of seven (7) years of experience in IT program management, administration, plan-
ning, budgeting and operations with at least two (2) years directly related to IT security and risk program management. Possession of
a Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) are highly desira-
ble. This individual will also possess a professional history that demonstrates extreme proficiency in the following knowledge, skills
and abilities:
An understanding of IT technology and operational practices used for the delivery of IT services
An understanding of business management principles, objectives and decision processes
Experience managing and administering contractual requirements, services, activities and protections for the delivery of complex
information system security programs
An understanding of advanced principles of system security architecture design, development, analysis, testing, operations and
lifecycle management
An understanding and ability to apply cybersecurity, risk management, and control frameworks
Working knowledge of regulatory requirements including Health Insurance Portability and Accountability Act (HIPAA), Payment
Card Industry Data Security Standard (PCI DSS), and Criminal Justice Information Services (CJIS)
A consensus builder for developing and establishing acceptable security controls required to protect an organization
A logical thinker on cybersecurity matters and being able to interpret and analyze complex data
Ability to address cybersecurity issues, risks and strategies in relevant business terms, impacts and outcomes
Ability to develop, implement, and communicate cybersecurity polices, procedures, manuals and related materials
Ability to balance the security risk mitigations with achieving the organizations desired business outcomes
Always researching and keeping abreast of the latest cyber threats, attack vectors, mitigation methods, and innovations
MINIMUM QUALIFICATIONS
Qualified candidates will possess a bachelor's degree from an accredited college or
university, or certified equivalency for foreign studies AND five (5) years of experi-
ence that demonstrates the ability to perform the essential functions of the classi-
fication which must include two (2) years of management or supervision, OR, a
combination of experience and/or education as stated above.
Note: A master's degree or higher degree may substitute for a total of one (1) year.
In order for education to substitute for work experience as indicated above, col-
lege level coursework must demonstrate progress toward a degree and may be
substituted on a year-for-year basis.
COMPENSATION
The anticipated hiring salary range upon appointment for this position will be $120,000 - $145,000. Placement within this range is de-
pendent upon the qualifications of the successful candidate. Annual salary reviews are performance-based and goal-oriented.
APPLICATION PROCESS AND RECRUITMENT SCHEDULE
Applications may be accessed and submitted online at www.sandiegocounty.gov/hr, select the link for jobs. In addition to completing
the online application, please submit a résumé which should include academic degrees held and dates conferred, employment history
and positions held, dates of service, areas of experience, levels of responsibility, reporting structure, key duties performed, and number
of direct reports or staff. An evaluation board will convene to review submittals and identify top competitors to be considered for fur-
ther evaluation. Interested candidates are encouraged to apply as soon as possible for consideration.
SPECIAL NOTES
Persons serving in positions in the Unclassified Service do not accrue tenure and serve at the pleasure of the appointing authority. The
provisions of this job announcement may be modified or revoked and do not constitute an expressed or implied contract. Qualified
women, veterans, minorities, and persons with disabilities are encouraged to apply. Reasonable accommodation may be made to ena-
ble an individual with qualified disabilities to perform the essential functions of a job, on a case-by-case basis.
NOTES
The County of San Diego and its employees embrace the Live Well San Diego vision: A region that is Building Better Health, Living
Safely and Thriving. For more information please visit www.livewellsd.org.
Under California Government Code Sections 3100 - 3109, public employees are designated as disaster service workers. The term
"public employees" includes all persons employed by the state or any county, city, state agency, or public district. Disaster service
workers are required to participate in such disaster service activities as may be assigned to them by their employer or by law.
The County of San Diego is committed to valuing diversity and practicing inclusion because our diverse workforce is our greatest asset
and our customers are our number one priority.
CONTACT INFORMATION
You may direct any questions regarding the application and selection process to Anna Lisa Acedo, Human Resources Services Manager
at [email protected] or 858-505-6350. Questions about the position or department should be directed to Brandy Win-
terbottom-Whitney, Deputy Director, Human Resources at [email protected] or 858-505-6324.
11/19/18
Class No. 0996