(Unclassified)
Plan, direct, implement and manage the Countywide Information Security Program that includes security awareness, risk assessment, business impact analysis, disaster recovery, and business resumption; protect the confidentiality, integrity, and availability of the County’s information assets; develop and implement information and communications security standards, guidelines, and procedures.
This is a single position classification responsible for the management and oversight of the Countywide Information Security Program.
Receives administrative direction from the Chief Information Officer.
Exercises direct supervision over supervisory, professional, technical, and clerical staff.
Duties may include, but are not limited to, the following:
- Supervise the information technology security program team; manage the daily operational functions of the program.
- Maintain and continually revise the Countywide Information Security Program and related policies.
- Establish the Countywide cyber security roadmap ensuring policies are followed.
- Perform role of HIPAA Security Officer; attend monthly and quarterly meetings; review contracts for information security compliance; prepare HIPAA training; review and update countywide HIPAA policies.
- Maintain current knowledge of developing security threats, train management and staff on security risks and vulnerabilities.
- Lead investigations into suspicious County network activity; recommend and execute remediation steps.
- Develop and manage Countywide security awareness training.
- Develop and maintain the Countywide Business Continuity Plan; conduct business impact analysis for each County department and perform disaster recovery tests.
- Develop, administer, and maintain security program budget; monitor expenditures; implement adjustments to expenditures.
- Direct and manage the work of consultants; manage program contracts and purchases; set expectations and priorities and monitor outcomes.
- Perform security assessment on new and proposed projects.
- Organize and communicate with the Cyber Security Incident Response Team (CSIRT) under the leadership of the Chief Information Officer (CIO).
- Contract with and supervise third party penetration tests and network assessments for security.
- Build and maintain positive working relationships with co-workers, other County employees and managers, outside agencies, and the community utilizing accepted principles of effective customer service.
- Process, research, and provide recommendations to Leadership Committee on Security Exemption requests.
- Represent the County of Placer to the public and other agencies in a positive and productive manner; lead the Countywide Security Working Committee.
- Perform related duties as required.
Work is typically performed in an indoor office environment with controlled temperature conditions.
Position may require travel to and from locations in a variety of outdoor weather conditions.
Experience and Training:
Any combination of experience and training that would provide the required knowledge and abilities is qualifying. A typical way to obtain the required knowledge and abilities would be:
Experience: Five years of increasingly responsible experience in Information Technology Security involving direct experience in system development, management and/or operations, including two years of supervisory responsibility.
Training: Equivalent to a bachelor’s degree from an accredited college or university with major course work in cyber security, computer science, information systems, information technology, business administration, public administration, or related field.
Required License or Certificate:
- Must complete the Certified Information Systems Security Professional (CISSP) certification within twelve (12) months of appointment .
- May need to possess a valid driver’s license as required by the position. Proof of adequate vehicle insurance and medical clearance may also be required.
Length of Probation:
This classification serves at the pleasure of the Appointing Authority and has no specific term and no right to continuous employment.
Bargaining Unit: