Recruitment #2303-0763-001



The City of Tucson is seeking a high energy, creative, problem-solving Chief Information Security Officer (CISO) to join the City’s Information Technology Team.

The City of Tucson Information Technology Department (ITD) provides support services for all departments within the City, including citizen services, public safety, public works, back-office business applications, project management, analytics & GIS, and web applications. The diversity of City business functions and supporting technologies makes for a dynamic work environment that is both challenging and rewarding.

This position reports directly to the IT Director (CIO).

The Information Technology Department is a 24/7 operation.  The successful candidate will be required to respond to emergencies occurring after normal business hours.


The City of Tucson offers a wide range of generous benefits for eligible employees. Some of those benefits include:

· Medical: Choice between a high deductible plan (HSA or HRA), or Network plan. 

· Dental: Choice between a national dental PPO and a local dental HMO. 

· Vision: Coverage for annual eye exam and glasses or contacts, plus LASIK. 

· Life: City-paid coverage for you & dependents, plus option to buy more. 

· Long-Term Disability: Income replacement of up to 60% of your base salary in the event of a qualifying disability. 

· Employee Assistance Program: Enhance your wellbeing when life doesn’t go as planned. 

· Flexible Spending: Pay for qualified health and dependent care expenses using pretax dollars. 

· Colonial Voluntary Benefits: Financial help in the event of cancer, hospitalization, accident, more.

Your Security and Future

· Pension: Generous pension plans that help employees retire more comfortably. 

· Deferred Compensation: Save more toward a comfortable retirement with a 457(b) plan. 

· Training & Tuition Assistance: Pursue your dream through internal training or financial help toward a degree. 

· Back-Up Care: Care for your loved ones when your regular care is unavailable. 

 Your Peace of Mind

· Paid Parental Leave: Six (6) weeks paid leave when you welcome a child, plus other generous leave policies for FML, Medical and USERRA. 

· Paid Time Away: New hires enjoy 37 days of paid time off in the first year, with time increasing steadily thereafter (In year one: 13 accrued days of vacation, 13 accrued days of sick leave, and 11 paid holidays). 

· Employee Discounts: Generous discounts, ranging from car rentals to computers, gifts to groceries, electronics to entertainment. 

· Social Connectedness: Forge connections with the community we serve through paid volunteerism and payroll-deducted charitable giving.

For a full description of benefits offered to eligible employees, or to inquire further about the City of Tucson's benefits options, please visit:

General Description

Designs and directs a citywide information security program and partners with city leadership on risk management to provide the protection and confidentiality of data and other information assets of the city.

This job reports to: Chief Information Officer

Essential Functions

Establishes and maintains city operations risk register with risk management department, executive leadership, and designated staff with special accountability tracking and acting on cybersecurity risks to maintain intended level of protection.

Leads the development and promotion of security and privacy awareness training and education for all levels of the organization.

Oversees the development and implementation of citywide information related security policies, guidelines, and governance models to protect the city from internal and external threats and vulnerabilities.

Sets city-wide roles and processes for electronic and physical environment protection, and data governance with detailed cross-departmental processes for responding to identification and handling of process violations and compromised data.

Prepares short and long-term strategies for optimizing the city’s information security plan and formulates and recommends city-wide policies for detecting, deterring, and mitigating information security threats.

Participates in the development and implementation of disaster recovery and business continuity plans, with a focus on holistic operational effectiveness and comprehensive Information Technology engagement.

Serves as a subject matter expert and internal consultant on the data security implications of proposed new major information technology projects and programs, making recommendations to the Chief Information Officer, City Manager's Office, and affected departments.

Designs & enacts architecture and governance for secured limited access to information through technical infrastructure, including processes to monitor, manage, and evaluate ongoing performance of security. Ensure new solutions adhere to policy and standards and solutions are properly controlled and isolated given risk to systems and network.

Leads the handling of information security breaches and related incidents, including overseeing the activation of the City's cybersecurity insurance company, departmental incident response teams, and joint task force response teams pre-arranged with external partners / governmental agencies.


Skill in superior interpersonal and communication skills (oral and written), investigation, critical and coordination of security anomalies and events, road mapping, strategic planning, program management, strong customer service skills, negotiation and mediation, presentation, and public speaking, performing security incident investigations or forensic analysis of a security incident or event.

Knowledge of standard security practices, network architecture, routing and Transmission Control Protocol/Internet Protocol (TCP/IP), general business processes and standards associated with areas of assignment, Risk and Threat assessment processes and practices; project planning and management; business continuity planning, documentation and evaluation; managing the evidentiary process; the use of Third Party Applications and native scripts and languages; maintaining the chain-of-custody process and procedures; strong working knowledge of pertinent laws and the law enforcement community, and knowledge of the principles and methods used in the analysis and development of information security systems and procedures; currently accepted information security standards, guidelines, and theories; advanced computer technology equipment operational capacity & capability.

Ability to analyze and interpret complex data, effectively supervise personnel, and motivate and direct the work of others, prepare and present effective, clear, and concise reports and correspondence, identify and recommend information security needs for the city, analyze problems and identify alternative solutions, deal effectively and harmoniously with city executives, department and assigned staff, customers, and the public.

Minimum Qualifications

Education Level & Type: Bachelor’s degree in computer science, cyber security, information systems, electronics engineering, voice/data communications, information security, public/business administration, or a related field.

Experience: Ten years in information technology or security management with five years in concentrated information security. Must have experience and working knowledge with firewalls, routers, anti-virus, virtual private networks (VPN), Multi-factor authentication, public key infrastructure (PKI), encryption, governance, risk and compliance management (including policy and procedure management); zero-trust infrastructure (design, setup and ongoing assurance).

Driver’s License & Type: Valid and Unrestricted Class D - Driver's License

Special Job Requirements

Must possess and maintain certification as a Certified Information Systems Security Professional (CISSP), issued by the International Information Systems Security Certification Consortium, Inc. (ISC)2, or achieve certification within the first 6 months of employment.

Preferred Qualifications

Experience in remote access systems (RAS), digital certificates, sniffers, DMZ/Transaction Zones, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information and Event Management (SIEM), cloud security, business continuity planning, auditing, HIPAA/CJIS/PCI and related regulatory compliance requirements, risk management, contract and vendor negotiation, and physical security.

Selection Plan

PLEASE NOTE: Resumes must be uploaded as a PDF or Word document to be considered. Failure to upload your Resume in the application will be considered an incomplete application.

Applicants who meet the minimum qualifications will be evaluated on the education and work experience in their employment profile, the responses to their supplemental questions and their resumes. The highest scoring applicants will then be invited to participate in an Oral Board interview with presentation. 

  • Virtual Oral Board Interviews with presentation will be held the week of April 24, 2023 via Microsoft Teams
Upon completion of all examination processes, the highest scoring applicants will be placed on the Civil Service Employment List.  An applicant's ranking on the Civil Service list will be based on their final score which will be calculated as:   

  • 10% of your rating for education and work experience
  • 20% of your  resume score
  • 70% of your rating for virtual panel interview
This recruitment will establish a civil service list that will be utilized to fill vacancies occurring within the next 6 months.

Veterans, Native American, or Disability preference points will be added to the final score for those that are placed on the Civil Service Employment List.  If you qualify for preference points as outlined in the Employment Profile, you must present your documentation prior to your oral board interview.  The DD 214 must be a copy that indicates characterization of service.

If you are in need of Americans with Disabilities Act-related accommodation during the testing process, please email at least 48 hours prior to the evaluation.


You are encouraged to print this bulletin because it contains important dates and information that will not be available online once this position closes. 

Additionally, communication during this process will be sent via email to the email address on file, so please ensure your browser accepts emails from and check your email account regularly; this may include your junk box/spam filter. Failure to respond or follow instructions may result in disqualification.

Pursuant Tucson Code Sections 2-25 and 2-25.5, this is a sensitive position and successful candidates shall be subject to full fingerprint background and criminal history checks to determine suitability and fitness for the position.

Pre-employment Medical Testing Requirements


Bulletin Footer

To ensure accurate payroll information for tax purposes, the successful candidate will need to provide their original Social Security Card or original letter from the Social Security Administration with their social security number prior to beginning work with the City of Tucson.

The City of Tucson hires lawful workers only - US citizens or nationals and non-citizens with valid work authorization - without discrimination. Federal immigration laws require all employers to verify both the identity and employment eligibility of all persons hired to work in the United States. In its efforts to meet the law's requirements, the City of Tucson participates in the E-Verify program established by the Department of Homeland Security (DHS) and the Social Security Administration (SSA) to aid employers in verifying the eligibility of workers.

Retired City of Tucson employees receiving benefits from the Tucson Supplemental Retirement System who are considering reemployment with the City should be aware that pursuant to Section 22-37(g) of the Tucson City Code, retirement benefits shall be suspended during the period of reemployment with the City of Tucson unless you have been separated at least twelve consecutive months before returning to work AND you return to a non-permanent employment classification. Creditable service does not accrue during any reemployment period.