Vitaliy Panych, California’s chief information security officer, posted on LinkedIn: “Looking for any risk and privacy minded individuals to join our Labor Workforce and Development Agency reporting directly up to members of the Governor’s Office Cabinet. LWDA impacts nearly every Californian and oversees cybersecurity and privacy matters for seven of our most critical departments responsible for workforce,” writes Vitaliy Panych, the state's chief information security officer.. LWDA impacts nearly every Californian and oversees cybersecurity and privacy matters for seven of our most critical departments responsible for workforce.”
LWDA is seeking a risk officer to “develop risk management programs designed to ensure risk assessments are completed continuously, findings have risk mitigation plans developed, and the LWDA entities prioritize resources and obtain appropriate funding to mitigate information security gaps,” the job posting says.
“This position will also ensure business resumption and technology recovery plans are exercised, systems are built with resiliency and have the availability required to serve constituents in times of emergency,” according to the post and the duty statement. “The incumbent will have strong information security program and risk management program development experience and strong communication and leadership skills.”
Desirable qualifications include:
- SABSA Chartered Security Architect Foundation Certificate (SCF)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- CompTIA Advanced Security Practitioner (CASP+)
- ISEB Practitioner Certificate in Information Risk Management
The position has a monthly salary range of $8,700 to $11,659.
The other position is for LWDA’s privacy officer, whose responsibilities include developing privacy programs and data-sharing agreements and ensuring that “privacy threshold and privacy impact assessments” are completed, according to the job posting.
“This position will also reinforce cybersecurity culture and continuously improve the information security and privacy awareness programs across the agency,” the posting says. “The incumbent will have privacy program and data-sharing agreement experience and strong communication and leadership skills. The incumbent will work with legal counsel and their manager to ensure agency entities maintain appropriate privacy and confidentiality consent and authorization forms, notices reflecting the legal practices and requirements.”
According to the posting and the duty statement, desired certifications for candidates include:
- Certified Information Privacy Professional (CIPP)
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Technologist (CIPT)
- Certified Data Privacy Solutions Engineer (CDPSE)
Duties of the position include:
- Lead IT strategic planning sessions and workshops as a member of LWDA’s senior management IT security team in policy development. Develop, implement and maintain privacy policies, procedures and plans designed across LWDA entities. Work with control agencies and the LWDA departments, boards and panel to implement privacy policies and procedures that comply with the California Information Practices Act (IPA) and other state administrative requirements.
- Direct privacy impact assessments and privacy threshold assessments with LWDA departments, boards and panel and their business program areas in conjunction with information technology staff and counsel. Develop and maintain a privacy control portfolio containing all assets and privacy controls throughout the life cycle for all information assets across the agency including notice on collection and privacy policies.
- Lead privacy audit planning sessions and workshops to prepare the LWDA departments, boards and panel for privacy audits and privacy compliance assessments. Audit existing privacy programs across the LWDA’s departments, boards and panel, isolate potential privacy risks or liabilities and develop mitigation plans.
- Direct and manage data classification programs and its application to all LWDA entity department, boards and panels. Develop and maintain asset management privacy controls throughout the life cycle for all LWDA information assets to ensure privacy by design strategy in relation to information system’s data classification.
- Facilitate privacy planning sessions and workshops to ensure the privacy awareness training is conducted agencywide in conjunction with the information security awareness training. Direct and manage privacy training records maintenance that indicate the privacy awareness training is complete as mandated by state law.
The position has a monthly salary range of $8,700 to $11,659.