The California State Treasurer’s Office (STO) is seeking a chief information security officer (IT Manager I) to oversee its cybersecurity strategy and ensure the protection of sensitive data and information systems. The role, according to the job posting, “includes managing security policies, implementing safeguards, conducting risk assessments, responding to security incidents, and staying updated on emerging threats and security technologies to maintain a robust cybersecurity posture.”
Desirable qualifications for the position include experience, technical expertise, security certifications, communication and leadership skills, strategic thinking and continuous learning.
The functions of the position include leadership and management (strategic planning, team management and mentoring, project planning and management); risk management and compliance; security operations; security architecture and technology; vendor and third-party risk management; incident response and recovery; security awareness and training; documentation and reporting; communication and stakeholder engagement; and research and innovation.
More details about the position can be found in the duty statement. The role has a monthly salary range of $8,591 to $11,512, and the recruitment will continue until the position is filled.
The Office of Legislative Counsel (OLC) is seeking a senior infrastructure security specialist (IT Specialist II) to serve as “subject matter expert and technical/project lead in the successful delivery of secure infrastructure solutions and services, both on-premises and in the cloud.”
The Office of Legislative Counsel describes itself as “a small civil service department whose mission is to provide responsive nonpartisan and confidential legal services and information technology support services to the California State Legislature and in support of the legislative process.”
“The incumbent communicates and collaborates directly with cross-divisional technical teams at the Legislative Data Center (LDC),” the job posting says, and is “responsible for the successful and secure delivery of critical technology services and programs in a matrix-managed environment.” In addition, the specialist is responsible for “developing, implementing, and maintaining robust security measures to protect data and ensure compliance with industry standards and regulations.”
Desirable qualifications for the position include:
- Ten or more years of experience in a lead capacity providing critical IT services and providing outstanding customer service.
- Knowledge of OWASP guidelines and experience with web application security, including code reviews and security assessments to identify critical vulnerabilities such as cross-site scripting, SQL injection, and session hijacking.
- Knowledge of system-hardening standards and best practices required to ensure the organization’s resources are protected, and experience with the tools, methods, and best practices used to reduce the attack surface in technology infrastructure.
- Experience with relational and NoSQL databases; knowledge of secure programming concepts and ability to read and understand multiple programming languages; and experience working with security teams to develop secure IT solutions/services.
- Experience with Linux and Windows operating systems; with system/server administration; and with security tools such as Qualys Web Application Scanning, Qualys File Integrity Monitoring, AppSpider, SonarQube, Veracode, Burp Suite and Splunk.
The job posting also includes details about the traits sought in candidates and the responsibilities of the role. Additional information can also be found in the duty statement. The position has a monthly salary range of $8,127 to $10,894, and the application deadline is Oct. 30.
