Hillsborough County Government logo or seal
Hillsborough County Government

Chief Information Security Officer (#CHFISOGU99) GU99
$10.00-$99.99 Hourly / $1,733.33-$17,331.60 Monthly / $20,800.00-$207,979.20 Yearly


Chief Information Security Officer (#CHFISOGU99) GU99
$10.00-$99.99 Hourly / $1,733.33-$17,331.60 Monthly / $20,800.00-$207,979.20 Yearly




JOB OVERVIEW

The Chief Information Security Officer (CISO) develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization. The incumbent focuses on Cyber Security risk management, significant changes in our business environment, and the ever-more complicated technology and threat landscape.  It is expected that the incumbent will formalize a security and risk program and facilitate information security governance through implementation of a hierarchical governance program.

MINIMUM QUALIFICATIONS

Possession of a Bachelor's Degree from an accredited college or university with a major in Computer Information Security, or a closely related business or computer security technology field.  Possession of a Master's Degree from an accredited college or university with a major in Cyber security, Computer Information Security, Business, or closely related computer security field is preferred.;

AND

A minimum of 7 years of direct technical information security experience, with at least 5 years of experience in a significant leadership role;

AND

Possession of a Certified Information Systems Security Professional (CISSP) certification.  Possession of a Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA) are preferred.

CORE COMPETENCIES

  • Customer Commitment - Proactively seeks to understand the needs of our customers and provide the highest standards of service
  • Dedication to Professionalism and Integrity - Demonstrates and promotes fair, honest, professional and ethical behaviors that establishes trust throughout the organization and with the public we serve
  • Organizational Excellence - Takes ownership for excellence through one's personal effectiveness and dedication to the continuous improvement of our operations
  • Success through Teamwork - Collaborates and builds partnerships through trust and the open exchange of diverse ideas and perspectives to achieve organizational goals

WORK CATEGORY

Sedentary work - Exerts up to 10 pounds of force occasionally, and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body.  Sedentary work involves sitting most of the time.  Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

PHYSICAL REQUIREMENTS

Occasional intermittent sitting, standing, bending or stooping.

Occasional light lifting or carrying 25 lbs. or less. 

Speaking, vision, hearing, sitting, standing, and use of office machinery such as PCs, Smart Phones, Tablets, Calculators and Multi-Function Devices.

DUTIES AND RESPONSIBILITIES

Develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.

Manages the enterprise's security organization consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations), including hiring, training, staff development, performance management and annual performance review.

Facilitates information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. Works directly with the business units to facilitate IT risk assessment and risk management processes, and works with stakeholders through the enterprise on identifying acceptable levels of residual risk.

Develops, maintains and publishes up-to-date security policies, standards and guidelines, and oversees training and dissemination of security policies and practices.

Creates a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection, and creates and manages information security and risk management awareness training programs for all employees, contractors and approved system users.

Creates, communicates and implements a risk-based process for vendor risk management, including assessment of and treatment for risks that may result from partners, consultants and other service providers.

Develops and manages information security budgets and monitors them for variances.

Provides periodic reporting on the current status of the information security program to enterprise risk teams, and senior management leaders as part of a strategic enterprise risk management program.

In the event of an emergency or disaster, the incumbent may be required to respond promptly to duties and responsibilities as assigned by the employee’s department, the County’s Office of Emergency Management, or County Administration. Such assignments may be for before, during or after the emergency/disaster.

Performs other duties as assigned.

JOB SPECIFICATIONS

Knowledge of common information security management frameworks, such as ISO 27001, ITIL, COBIT and NIST.

Considerable knowledge of the principles and practices of information technology and information security.

Considerable knowledge of intranets, extranets, network protocols, UNIX and Windows systems.

Considerable knowledge of industry security standards and governance, implementing security management products, and international privacy and security regulations.

Critical Thinking - Excellent analytical skills with ability to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall information security objectives.

Decision Making - Project management skills including financial/budget management, scheduling and resource management, with a high level of personal integrity and the ability to professionally handle confidential matters and display a high level of judgment and maturity.

Communications - Requires regular interfacing with multiple entities and individuals including political and community leaders, County department management and staff, state and local governmental agency representatives, the Executive Team, and the Board of County Commissioners. Requires considerable tact, discretion and persuasion in gaining the cooperation of others.  Builds support and inspires confidence through clear verbal and written communications, adjusts communication style and content to fit the audience, and encourages open expression of diverse ideas and opinions.

Strategic Planning - Formulates objectives and priorities, and implements plans consistent with the long-term interest of the organization in a global environment that capitalizes on opportunities, manages risks, and provides balanced long-term and short-term strategic vision.

Managerial / Operational Skills - Demonstrates a high degree of initiative, dependability and ability to work with minimal supervision.

Leadership - Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

EMERGENCY MANAGEMENT RESPONSIBILITIES

In the event of an emergency or disaster, the incumbent may be required to respond promptly to duties and responsibilities as assigned by the employee’s department, the County’s Office of Emergency Management, or County Administration. Such assignments may be for before, during or after the emergency/disaster.

CLASS: CHFISOGU99; EST: 1/15/2020; REV: ;
CLASS: CHFISOGU99; EST: 1/15/2020; REV: ;