Los Angeles Community College District

Designs and implements a comprehensive information security program for the District, which includes strategies, policies, standards, risk assessment, response plans, and procedures designed to protect the integrity and confidentiality of enterprise systems, assets, and communication technology throughout the District from cyberattacks, intrusion, infiltration, and natural disasters; and ensures legal compliance with all cybersecurity laws and regulations.

Develops, implements, evaluates, and monitors a District-wide strategic, comprehensive enterprise information security and IT risk management program which enables the District to identify, protect, detect, respond, and recover from unauthorized access, use, disclosure, disruption, modification, or destruction of technology assets, systems, and information.

Serves as a visionary leader and strong communicator who conceives, constructs, and advances solutions to support organizational information security projects and initiatives.

Develops, implements, and manages strategies, policies, standards, processes, and tools necessary to prevent, detect, document, remedy and prevent hazards and threats to digital and non-digital information both in transit and in at-rest storage.

Oversees and participates in risk analysis of IT infrastructure and systems to: isolate potential threats and hazards; assess the potential impact on business assets; identify measures to minimize or eliminate any negative effects; and inform plans to mitigate and/or prevent such hazards or threats.

Ensures that the District’s information security program is in compliance with all cybersecurity laws and regulations.

Manages response efforts to information security incidents throughout the District; utilizes metrics and evaluation criteria to assess recovery success and continually improve response performance; engages, interacts and coordinates with third-party incident responders, including law enforcement.

Serves as the lead for incident response situations and crisis management as a result of an information security incident or data breach.

Provides executive leadership and Board of Trustees with cybersecurity situational awareness across the District and provides annual reporting on established information security program.

Designs, implements, and manages a structured disaster recovery plan for responding to unplanned incidents and threats to the information technology infrastructure and systems of the District and colleges, including hardware and software, networks, procedures, and people; regularly tests plan capabilities to ensure they operate effectively.

Designs, implements and manages a business continuity plan which identifies mission-critical functions and data, and outlines procedures and protocols to maintain/protect such functions during a crisis or incident.

Designs, implements, and maintains data and document security plans, standards, and measures in accordance with District, government, and industry standards.

Serves as the technical advisor on projects related to enterprise architecture, hardware, software, and technical controls that have security requirements and implications.

Analyzes and recommends security controls and procedures to business process owners using information systems and assets.

Oversees the administration of authentication and access controls, including provisioning, changes, and deactivation of user and system accounts, security/access roles, and access permissions.

Analyzes and recommends security controls and procedures related to the acquisition, development, and lifecycle change of information systems, and provides oversight to ensure compliance.

Coordinates and assesses the work of third-party resources and vendors employed for special projects related to the development, implementation, and monitoring of security program initiatives and ensures consistent evaluation of the security controls of third-party resources as required by applicable laws and regulations.

Manages, leads, and evaluates staff members assigned to the information security unit.

Provides technical training, mentoring, and coaching to professional and technical staff on complex matters related to information security.

Creates and conducts education and awareness programs related to information security activities, issues, and vulnerabilities for a broad range of audiences including administrators, managers, supervisors, staff, and students.

Maintains effective and cooperative working relationships with administrators, functional and technical team members, and users.

Plans and manages the unit’s operating budget and program budgets for information security initiatives and projects.

Performs related duties as assigned.

A Chief Information Security Officer plans, develops, implements, and enforces District-wide information security strategies, policies, standards, response plans, and procedures; conducts risk analysis and assessments; ensures legal compliance with all cybersecurity laws and regulations, and coordinates day-to day incident monitoring, response, and reporting activities designed to protect enterprise systems, assets, and communication technology throughout the District.

An Information Security Analyst analyzes and evaluates information systems, assets, and communication technology of the District and colleges to ensure compliance with the District’s information security plan. Employees in this class work at a journey-level and are expected to work independently and without immediate supervision.

General supervision is received from the Vice Chancellor/Chief Information Officer. General supervision is exercised over professional and technical staff assigned to technology security.

Knowledge of:

Communications and network architecture and design including operating systems, network utilities, access control, transmission media, and communication hardware

Concepts and countermeasures related to information security including workstation security, perimeter security, account management, application security, cryptography, and network security

Principles of security engineering and process design and modeling

Security assessment and testing tools

Technical sources of information for vulnerability alerts and advisories, security threat intelligence, and computer security standards, trends, and developments

Principles of IT security governance

Federal, state, and local regulations and guidelines related to information security such as HIPAA, FERPA, FISMA, and GLBA

Principles and methods of risk management and analysis as applied to technology and information security

Principles of data management including data replication, retention, and security controls

Methods and techniques of technical documentation and record keeping

Principles and practices of supervision, team building, and training

Principles and practices of budget preparation and control

Ability to:

Develop and implement a District-wide strategic, comprehensive enterprise information security and IT risk management program

Conduct vulnerability audits, forensic investigations, and risk management assessments

Detect, investigate, and analyze threats and emergency security incidents

Respond immediately to security-related incidents and provide a thorough post-event analysis

Design, implement, and evaluate controls and procedures to mitigate risk, hazards, and threats to IT systems and their operation

Ensure compliance with all systems security policy, legal requirements, and updates

Assess, test and select new security products and technologies; identify integration issues and prepare cost and resource estimates

Provide effective and timely liaison among management, programmers, security team staff, and auditors on IT security issues and activities

Implement District-wide technical and general audience training in security awareness, protocols, and procedures

Manage personal and institutional data in accordance with legal, regulatory, administrative and contractual requirements

Consistently use and promote professional standards and practices related to assignments

Actively contribute to a culture of constructive collaboration and innovation with colleagues

Maintain high levels of customer service and satisfaction

Effectively communicate highly technical information accurately, concisely and in understandable terms both orally and in writing

Motivate, direct, train, and develop others

Foster a culture of constructive and effective collaboration and innovation within the architecture, solution designers, operations team and with other functions

Stay abreast of current trends and technical advancements and legal regulations in the area of information security and apply knowledge to operational problems

Effectively allocate and utilize the human, fiscal, and physical resources available for information security initiatives and activities throughout the District

Prepare and administer the unit budget and expenditures

Travel to offsite meetings

Education and Experience:

A bachelor's degree from a recognized college or university preferably with a major in computer science, computer engineering, network security, information security, information technology, mathematics, or a related field.

AND

Five years of recent, full-time, paid, professional-level experience in network administration and maintenance in an environment with a variety of network devices, DDNS, VPN, and firewalls. Three years of the required five years of experience must have included responsibility for security controls of an enterprise-scale data network for a public or private organization using SIEM technology. Experience with an institution of higher education is desirable. Experience in a supervisory capacity is desirable.

Certification:

Possession of the following certification or an equivalent is required:

• Certified Information Systems Security Professional (CISSP)

Possession of one or more of the following certifications or an equivalent is highly desirable:

• Certified Information Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

• Security Essentials Certification (GSEC)

• Information Security Fundamentals (GISF)

• Certified Intrusion Analyst (GCIA)

Special:

The required professional certification must remain current and valid throughout employment with the District.

A valid Class "C" California driver’s license must be obtained within 10 days of establishing residency in the State of California.

Travel to locations throughout the District is required.

Our class specification generally describes the duties, responsibilities, and requirements characteristic of the position(s) within this job class. The duties, responsibilities, and requirements of a particular position within this class may vary from the duties of other positions within the class.

In accordance with the Americans with Disabilities Act (ADA), the Los Angeles Community College District provides reasonable accommodation to qualified individuals with covered disabilities on a case-by-case basis throughout the application, examination, and hiring processes and throughout employment. If an individual is in doubt about their ability to perform the duties and responsibilities of a position or possession of any other requirement noted in a class specification or job announcement, they should always apply for a position and request reasonable accommodation at the appropriate time.