The Chief Information Security Officer is responsible for enterprise governance, risk, and compliance strategies and ensuring the confidentiality, integrity, and availability of County data. Oversees the development, implementation, and enforcement of information security, data privacy, and regulatory compliance-focused standards and procedures. This is the primary individual in charge of information security risk evaluations, business impact analysis, audits, and security incident investigation. Under direction, performs work of unusual difficulty identifying, managing, and mitigating the risks presented by information security threats; performs related work as assigned.
At Coconino County, public service matters. Our dedication to public service promotes a culture that elicits employee growth, cultivates inspiration, and creates future leaders by empowering employees to solve internal and external customer needs and exceed customer service expectations. As an award-winning organization with high regard for cultural diversity and the positive contributions of the many thriving cultures within our county, our nation, and our society, Coconino County leads a variety of initiatives that celebrate diversity; from our Annual Diversity Day, and monthly Heritage Lunch & Learns, to book clubs, and professional development academies which target diverse workforce segments. Coconino County's respect for diversity is shared throughout the organization. Be part of this optimistic, innovative team where outstanding customer service creates dynamic solutions and engages leadership at every level.
Please note:
The full salary range of this position is minimum $104,141 to maximum $152,147.
Presently, this position is up to 75% remote work and 25% minimum in office time. When working remotely, 1.5 hour response time is required for urgent IT matters and is subject to change at any time. (Illustrative Only)
- Establishes, administers, and manages an information security program including cybersecurity policies and procedures
- Advises senior management regarding information security risks, employee security awareness, network and application access control, information security audits (AD Users, network enumeration testing, vulnerability scans, disaster recovery testing, incident response, continuity of operations planning, physical security as it pertains to protecting information systems, etc.)
- Serves as the process owner of all ongoing activities related to the confidentiality, integrity and availability of information and resources of customers, business partners, employees and business information, in compliance with Coconino County information security policies
- Researches and understands regulatory standards for Coconino County (GLBA, PII, HIPAA, CIPA, PCI-DSS, GDPR, CJIS, and Arizona Supreme Court, etc.)
- Coordinates with internal and external stakeholders to share information, provide training, evaluate/mitigate risk, and improve service delivery.
- Liaises with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
- Participates in regional events and professional communities to maximize value of partnerships when developing and operating an effective cybersecurity program.
- Oversees planning and response to internal and third-party information security audits and serves as primary point of contact
- Develops and maintains an information security architecture roadmap that will identify security controls as well as identify and assess technologies that will enforce the organization’s security priorities.
- Ensures security programs are in compliance with relevant laws, regulations, and policies
- Stay current with new and emerging security-related threats and potential impacts to County infrastructure
- Acts as cybersecurity project manager including the planning, scheduling, coordinating of resources and completing project tasks
- Responds to, investigates, and follow up on cybersecurity incidents, as well as manages full-scale cyber security incidents
- Coordinates with Risk Management and County Attorney’s Office to review cyber liability risk including risk control, mitigation, and risk transfer requirements for County contracts
- Audits new and existing systems to ensure security compliant configuration and system hardening, with an emphasis on Cloud tools and enterprise infrastructure
- Supervises, mentors, and evaluates information security staff
- Other duties as assigned.
Essential functions of this position include but are not limited to: walking; working with and around other staff and County employees; dealing with interruptions; repetitive motion (hand-wrist) for keyboarding; vision-acuity (near) for monitoring PC screen data; Color vision necessary for working with color coded cables; hearing and speech (ordinary conversation) for communicating with staff and customers; touch (finger dexterity) for keyboarding; Environmental hazards include electrical hazards associated with working with computers, servers and circuits, and potential for falls from ladders. Bachelor's Degree in Computer Science or related field, and five years of experience in information security, risk, and/or compliance; OR
Associate Degree in Computer Science or related field, and six years of experience in information security, risk, and/or compliance; OR
Seven years of experience in information security, risk, and/or compliance; OR
Any equivalent combination of education, training and experience which demonstrates the ability to perform the duties of the position.
ADDITIONAL REQUIREMENTS:
Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) or Certified in the Governance of Enterprise IT (CGEIT), and Background Check.
PREFERRED QUALIFICATIONS: - Administering security assessments and/or administration of network security technologies (e.g. VPN, intrusion, detection, email scrubbers, intrusion prevention, firewalls, web application firewalls, network access control, data loss prevention (DLP), SIEM, and vulnerability assessments, vulnerability scanning, penetration testing, and/or auditing of one or more information resources servers, networks, network devices, databases, web, software/code, application). Excellent written and verbal communication skills and high level of personal integrity.
- Familiarity with GLBA, PII, HIPAA, CIPA, PCI-DSS, GDPR, and CJIS.
- Knowledge of security frameworks, including NIST 800-53, NIST CSF, CSC, ISO 27001, etc.
This position is exempt from overtime. Please Note: Individuals in exempt classifications as part time employees may be classified as non-exempt per FLSA law regarding minimum weekly salary requirements.
PLEASE CLICK HERE FOR BROCHURE
Thorough knowledge of:
- Regulatory requirements (GLBA, PII, HIPAA, CIPA, PCI-DSS, GDPR, CJIS, and Arizona Supreme Court)
- Managing a cybersecurity program using industry best practices and frameworks (NIST 800-53, NIST CSF, CSC, ISO 27001, etc.)
- Threat Intelligence (APT, TTP)
- Endpoint hardening and validation (DISA STIG, SCAP, CIS)
- Layered defense topologies (Segregation, Jump host, MFA, PAM, PIM etc.)
- OSI Layers
- Pen testing activities including rules of engagement
Skill In:
- Conduct risk assessments, suggests mitigation controls, audits and reports on information security incidents, activities, controls, and compliance
- Experience overseeing third-party vendors; managing contracts and procurement processes
- Written and oral communications, technical writing and policy development
- Cybersecurity training program development
- Leadership through influence
- Cybersecurity program strategy and governance development
Ability to:
- Analyze complex cyber security problems and develop appropriate solutions
- Articulate the impact of cybersecurity to stakeholders
- Plan, initiate, and manage projects from beginning to end, with minimal direction
- Work safely and support the culture of workplace safety
- Establish and maintain effective working relationships with elected officials, appointed department directors, staff, other agencies, the media, and the public
- Follow written and oral instructions
- Communicate effectively both orally and in writing
- Multi-task in fast paced, mission critical environment
Coconino County is an Equal Opportunity Employer.
AmeriCorps, Peace Corps and other national service alumni are encouraged to apply.