“The CISO will set the city’s cyber security vision, develop policy, mitigate risk, train others on security policies and practices, ensure systems and data are working and be an IT security business partner for our 17 departments, chief innovation officer, and executive leaders,” the job posting says. The city’s chief innovation officer is George Khalil.
According to the posting, the candidate chosen for the role should ideally be able to:
- Evaluate diverse data types and IT infrastructures, understanding system interconnections to implement comprehensive security measures.
- Analyze system dependencies, confidentiality, integrity, and availability to identify critical assets and implement appropriate controls.
- Develop tailored cybersecurity policies that balance operational needs, unique system requirements, regulatory compliance, and risk tolerance.
- Communicate IT risk findings and mitigation strategies effectively to stakeholders, ensuring timely remediation.
- Ensure compliance with local, state, and federal regulations (e.g., HIPAA, CJIS) when developing policies, RFPs, and technology architectures.
“This position also develops and directs information security (cybersecurity) programs, architecture, vendors, and policies that protect the City’s information, digital and physical assets,” the posting says. The CISO oversees a security analyst and a budget of about $730,000. The city is seeking “a highly experienced technical and strategic leader” who’s familiar with regulations in the areas of the payment card industry (PCI), critical infrastructure protection (CIP), the Health Insurance Portability and Accountability Act (HIPAA), and/or Criminal Justice Information Systems (CJIS).
Essential duties of the role include:
- Oversee the development and implementation of citywide information security policies and procedures to protect the city from internal and external IT threats and vulnerabilities.
- Direct the preparation of short- and long-term strategies for optimizing the city’s Information Security Plan and formulate and recommend policies for detecting, deterring and mitigating information security threats.
- Direct and participate in the identification of security risks, development and implementation of security management practices, and the measurement and monitoring of security protection measures.
- Participate in the development and implementation of disaster recovery and business continuity plans and participate in the development, implementation and compliance monitoring of IT security agreements, business associate agreements, chain-of-trust agreements, Memoranda of Understanding (MOUs) and similar documents.
- Lead vendor activities, write and evaluate proposals, and negotiate contracts for citywide information security-related software, equipment and services, and present recommendations for funding and approvals to the chief innovation officer.
The ideal candidate has eight to 10 years of experience in progressively responsible information security, server and network security, and IT experience, including intrusion detection and prevention systems, preferably involving regulated industries and/or public organizations, and supervisory accountability. In addition, desirable credentials include Certified Information Systems Security Professional (CISSP), Information Technology Infrastructure Library (ITIL), GIAC Information Security, and Computer Security Incident Response Team (CSIRT).
The position has an annual salary range of $135,960 to $182,124, and the application deadline is Oct. 13.