The Department of Public Health describes the role as “executive managerial” in the job posting, with duties including “setting, influencing and directing the security aspects of the initiation, design, development, testing, operation, and defense of information technology data and environments to address sources of disruption, ranging from natural disasters to malicious acts.” The posting elaborates on the job responsibilities: “Thru affiliated managers and supervisors, the CISO coordinates and directs information security protection and compliance activities with the Security Operations Center and multiple data center management units.”
The duty statement says the responsibilities break down this way:
- 35% — Development and executive oversight of the CDPH cybersecurity framework with activities that cross agency, departmental, office, functional, and project boundaries.
- 25% — Develop, establish and administer the enterprise information security risk management policy and strategic direction implementation.
- 20 — Full responsibility for the development and implementation of appropriate policies and strategies to manage security incidents and coordinate investigative activities.
- 20% — Manage the technical and administrative operations of the Information Security Office including but not limited to personnel administration; contracts and purchasing; budgeting; training plans; Budget Change Proposals; and consultant engagement and management.
