Login
FAQ
Contact Us
Job Responsibilities and Requirements: Represents the Chief Information Officer to County departments, information technology advisory bodies, and other committees or agencies involving County policies, plans, methodologies and programs related to security, privacy and confidentiality of data and information technology assets. Directs the preparation of short and long term strategies for optimizing the County's Information Security Plan, and formulates and recommends Countywide policies for detecting, deterring and mitigating information security threats. Directs and participates in the identification of security risks, development and implementation of security management practices, and the measurement and monitoring of security protection measures. Directs the handling of information security breaches and related incidents, including overseeing the activation of the County Network Security Emergency Response Team (CoNSERT) or departmental incident response teams. Manage a computer crime or incident scene, including recognition of the proper investigative approach, conducting a field of search to establish probable cause for seizure, proper collection methods, evidence preservation, transportation, computer forensic analysis and case management; use various security tools and prepare reports on findings; submit cases and work with the County Sheriff 'Computer And Technology Crime High-tech' (CATCH) Response Team in the event of a possible legal violation by a County employee or other person using County IT resources. Through the CIO, serves as a subject matter expert and internal consultant on the data security implications of proposed new major information technology projects and programs, and makes recommendations to the Board of Supervisors and affected departments. Reviews and recommends the professional development curriculum for County IT security and privacy staff to ensure adequate and appropriate training standards in information security and protection measures, and coordinates related training and awareness programs. Directs the development and promotion of security and privacy awareness training and education for all levels of the county organization structure on an ongoing basis. Participates in the development and implementation of disaster recovery and business continuity plans, to ensure that appropriate IT security measures are addressed. Participates in the development, implementation and compliance monitoring of IT security agreements, business associate agreements, chain-of-trust agreements, and Memoranda of Understanding (MOUs) that involve access to or exchange of County information to ensure all security concerns are addressed. Leads vendor activities, writes and evaluates proposals, and negotiates contracts for Countywide information security related software, equipment and services, and presents recommendations for funding and approvals to the Chief Information Officer. Maintains current knowledge of applicable federal and state information security laws and standards to facilitate County adaptation and compliance. Graduation from a recognized college with a Bachelor's degree, preferably with major course work in computer science, information systems, electronics engineering, voice/data communications, public/business administration, or a related field. Additional qualifying experience may be substituted for the required education on the basis of one year of experience for 60 semester or 90 quarter units of education. Experience: Ten years of management experience in the information technology profession with five years concentrated in information security. Five years experience as a County Information Security Analyst III, with management experience, may substitute for this experience requirement. Must have experience with firewalls, anti-virus, Intrusion Detection/Intrusion Prevention Systems (IDA/IPS), virtual private networks (VPN), remote access systems (RAS), public key infrastructure (PKI), encryption, digital certificates, routers, sniffers, distributed denial of service attacks (DDOS), biometrics, DMZ/ Transaction Zones, business continuity planning, auditing, HIPAA and related regulatory compliance requirements, risk management, contract and vendor negotiation, and physical security. Knowledge of: Standard security practices, network architecture, routing and TCP/IP protocols, general business processes and standards associated with areas of assignment, Risk/Threat assessment processes and practices, project planning and management, business continuity planning, documentation and evaluation, managing the evidentiary process, the use of Third Party Applications and native scripts and languages, maintaining the chain-of-custody process and procedures; strong working knowledge of pertinent law and the law enforcement community, and knowledge of the principals and methods used in the analysis and development of information security, systems and procedures; currently accepted information security standards, guidelines and theories; advanced computer technology, equipment operation, capacity and capability. Skill in: Superior interpersonal and communication skills (oral and written), strong customer service skills, mediation process presentation and public speaking, extensive skill in investigation/coordination of security anomalies and events, extensive skill in performing a security incident investigation or forensic analysis of a security incident or event. Ability to: Analyze and interpret complex data, effectively supervise personnel and motivate and direct the work of others, prepare and present effective, clear and concise reports and correspondence, identify and recommend information security needs for the County, analyze problems and identify alternative solutions, deal effectively and harmoniously with County executives, department and assigned staff, customers and the general public. License/Certificate: Must possess and maintain current certification within guidelines established by the International Information Systems Security Certification Consortium, Inc. (ISC) as a Certified Information Systems Security Professional (CISSP). Possession of a valid California Driver License may be required.
| Nurse job
