TECHNOLOGY MANAGER

SECURITY

COUNTY TECHNOLOGY OFFICE

Anticipated Hiring Range $120,000 to $145,000

Excellent Benefits Package

www. sand iego count y . gov

TECHNOLOGY MANAGER - SECURITY | COUNTY OF SAN DIEGO

COUNTY TECHNOLOGY OFFICE

COUNTY TECHNOLOGY OFFICE

The County Technology Office (CTO) supports a full range of information technology (IT) services for County employees and San Diego

County residents. The purpose of the CTO is to lead, guide, and facilitate the optimal business management of information technology

by County Business Groups and departments. The CTO oversees the County’s information services which enables innovation in the

delivery of County services and programs. To keep up with advances in IT, the County has and will continue to outsource its IT opera-

tions while maintaining strategic oversight of the technological direction. The County’s goal is to provide a reliable, integrated infor-

mation services environment that meets not only today’s needs for communication and business efficiency but also positions the

County to leverage new technology innovations and best practices for business transformation and improved service delivery in the

future. Click here to view the County’s IT Outsourcing Agreement.

THE POSITION

This position will collaborate extensively with the IT Outsourcer to develop and administer the County’s IT security and risk manage-

ment program, including the coordination of implementation with County departments. This position reports to the County’s Chief

Information Officer, works directly with the IT Outsourcer’s Chief Information Security Officer, and has no direct reports as the IT Out-

sourcer provides all security personnel. This position is responsible for:

Oversight of the IT Outsourcer's development, implementation, operation and maintenance of the County’s IT security program.

Creating a culture conscious of information security.

Developing and maintaining IT-related security policies, practices, standards and guidelines.

Ensuring all applicable Federal, State and local laws and regulations are integrated into the delivery of all IT services.

Providing strategic and operational IT Security Program leadership

Balancing business requirements with enterprise acceptable risk mitigations.

Providing guidance and direction to County departments on business application cyber security lifecycle management practices,

procedures, risk mitigation, budgeting and ownership responsibility.

Creating strategies for the deployment of information security programs, operational services and legal obligations.

Directing IT security risk assessments, managing oversite of risk registry, and closure of recommend/required security mitigations.

Developing, testing and improving cyber incident response management plans, security breaches investigations and legal notifi-

cation requirements.

Managing development and implementation of cybersecurity threat intelligence services.

Researching and keeping abreast of latest threats, attack vectors, mitigation methods, innovations and cybersecurity technologies.

Communicating with key County stakeholders about IT security threats and mitigation strategies/requirements.

Developing risk-based strategies, roadmaps, budget and project oversite of IT solutions that minimize the risk of cyber-attacks

and security breaches.

Managing ESI eDiscovery processes and safeguarding of records relating to litigation, investigations, and the California Public

Records Act.

Maintaining relationships and memberships with cyber security peer groups, organizations and government security associations

to include MS-ISAC, and local intelligence fusion centers (SD-LECC).

Overseeing the County’s annual PCI attestation of compliance Process and Procedure.

BENEFITS

Fifteen days of paid vacation, thirteen days of paid sick leave,

and thirteen paid holidays.

Medical, dental, and vision insurance plans.

Disability Insurance, Life Insurance, and Accidental Death/

Dismemberment Insurance.

Flexible Management Benefit Package – a monthly credit

may be used to select benefits from a group of options.

Defined benefit retirement program.

Reciprocity with other governmental retirement systems may

be granted; for further information, please review the San

Diego County Employees Retirement Association website

May be eligible for relocation allowance.

Deferred Compensation Program (457) and 401(a) plans.

THE IDEAL CANDIDATE

The ideal candidate will possess a bachelor’s degree in information security, computer science, information systems, computer engi-

neering, or a related IT field and possess a minimum of seven (7) years of experience in IT program management, administration, plan-

ning, budgeting and operations with at least two (2) years directly related to IT security and risk program management. Possession of

a Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) are highly desira-

ble. This individual will also possess a professional history that demonstrates extreme proficiency in the following knowledge, skills

and abilities:

An understanding of IT technology and operational practices used for the delivery of IT services

An understanding of business management principles, objectives and decision processes

Experience managing and administering contractual requirements, services, activities and protections for the delivery of complex

information system security programs

An understanding of advanced principles of system security architecture design, development, analysis, testing, operations and

lifecycle management

An understanding and ability to apply cybersecurity, risk management, and control frameworks

Working knowledge of regulatory requirements including Health Insurance Portability and Accountability Act (HIPAA), Payment

Card Industry Data Security Standard (PCI DSS), and Criminal Justice Information Services (CJIS)

A consensus builder for developing and establishing acceptable security controls required to protect an organization

A logical thinker on cybersecurity matters and being able to interpret and analyze complex data

Ability to address cybersecurity issues, risks and strategies in relevant business terms, impacts and outcomes

Ability to develop, implement, and communicate cybersecurity polices, procedures, manuals and related materials

Ability to balance the security risk mitigations with achieving the organizations desired business outcomes

Always researching and keeping abreast of the latest cyber threats, attack vectors, mitigation methods, and innovations

MINIMUM QUALIFICATIONS

Qualified candidates will possess a bachelor's degree from an accredited college or

university, or certified equivalency for foreign studies AND five (5) years of experi-

ence that demonstrates the ability to perform the essential functions of the classi-

fication which must include two (2) years of management or supervision, OR, a

combination of experience and/or education as stated above.

Note: A master's degree or higher degree may substitute for a total of one (1) year.

In order for education to substitute for work experience as indicated above, col-

lege level coursework must demonstrate progress toward a degree and may be

substituted on a year-for-year basis.

COMPENSATION

The anticipated hiring salary range upon appointment for this position will be $120,000 - $145,000. Placement within this range is de-

pendent upon the qualifications of the successful candidate. Annual salary reviews are performance-based and goal-oriented.

APPLICATION PROCESS AND RECRUITMENT SCHEDULE

Applications may be accessed and submitted online at www.sandiegocounty.gov/hr, select the link for jobs. In addition to completing

the online application, please submit a résumé which should include academic degrees held and dates conferred, employment history

and positions held, dates of service, areas of experience, levels of responsibility, reporting structure, key duties performed, and number

of direct reports or staff. An evaluation board will convene to review submittals and identify top competitors to be considered for fur-

ther evaluation. Interested candidates are encouraged to apply as soon as possible for consideration.

SPECIAL NOTES

Persons serving in positions in the Unclassified Service do not accrue tenure and serve at the pleasure of the appointing authority. The

provisions of this job announcement may be modified or revoked and do not constitute an expressed or implied contract. Qualified

women, veterans, minorities, and persons with disabilities are encouraged to apply. Reasonable accommodation may be made to ena-

ble an individual with qualified disabilities to perform the essential functions of a job, on a case-by-case basis.

NOTES

The County of San Diego and its employees embrace the Live Well San Diego vision: A region that is Building Better Health, Living

Safely and Thriving. For more information please visit www.livewellsd.org.

Under California Government Code Sections 3100 - 3109, public employees are designated as disaster service workers. The term

"public employees" includes all persons employed by the state or any county, city, state agency, or public district. Disaster service

workers are required to participate in such disaster service activities as may be assigned to them by their employer or by law.

The County of San Diego is committed to valuing diversity and practicing inclusion because our diverse workforce is our greatest asset

and our customers are our number one priority.

CONTACT INFORMATION

You may direct any questions regarding the application and selection process to Anna Lisa Acedo, Human Resources Services Manager

at AnnaLisa.Acedo@sdcounty.ca.gov or 858-505-6350. Questions about the position or department should be directed to Brandy Win-

terbottom-Whitney, Deputy Director, Human Resources at Brandy.Winterbottom-Whitney@sdcounty.ca.gov or 858-505-6324.

11/19/18

Class No. 0996