Under general direction, develops and administers the Countywide Information Security
Programs; coordinates with County Department Information Security Officers (DISO) to uphold
security awareness, security policies and procedures, security risk assessments, disaster
recovery and business continuity planning, incident response, security operations, IT audit, and
compliance; and does other or related work as required.
CLASS CHARACTERISTICS
The Chief Information Security Officer is an at-will single-incumbent class that is exempt
from the San Joaquin County Civil Service system. The incumbent is responsible for administering
all the functions and activities of the County’s Information Security Program and directs the
activities in support of those objectives.
TYPICAL DUTIES
This specification is a general guideline for the class. The statements below are not
restrictive, and the responsibilities and duties assigned to a position in this class may expand
beyond those identified in this specification.
Assists the Chief Information Officer (CIO) in planning, organizing, and coordinating the
Countywide Information Security Programs; administers, manages, and develops
procedures, and performance standards; consults with and advises County leadership
and department managers in the development of short/long term strategies for optimizing
the County’s information security plan; recommends countywide policies and standards
for detecting, deterring, and mitigating information security threats.
Coordinates with county DISOs in the Countywide Information Security Steering
Committee to coordinate and collaborate on the county’s cybersecurity program; provides
strategic and operational information security and technology leadership Countywide
establishing support, and continuously improve enterprise Information Security
technology; coordinates standards for implementation of and ongoing compliance with
mandated federal and state legislative policies across divisions; ensures compliance with
county-wide standards, establishes and maintains written departmental information
security technology standards for hardware, software, operating systems, connectivity and
telecommunications.
Provides oversight for countywide DISOs for discussion and dissemination of information
security and related programs; establishes and ensures departmental participation in
security awareness training and creating department specific security awareness training;
acts as the central point of contact for the County Information Technology related incidents
or violations, assists DISOs with establishing protocols/best practices for maintaining
security violation investigations , vulnerability management, patch management, data
classification, and confidential data flow documentation.
Develops and implements disaster recovery and business continuity plans; coordinates
the development of implementation plans and procedures to ensure that business-critical
services are recovered in the event of a declared disaster, security incidents, and/or breaches, provides reporting data loss to appropriate government agencies and third parties.
Represents the County in business dealing with vendors on development, acquisition, or
rehabilitation of information security technology hardware or software; works with vendors
to ensure proper levels of support and resource utilization; prepares presentations on
information systems security matters to the Board of Supervisors, departments, and public
agencies when necessary; Attends and participates in professional group meetings and
stays current on new trends and innovations in the field of information technology.
Conducts audits at the departments to assess the County’s information security program;
ensures departments apply a risk-based approach to measuring and mitigating security
risk in the context of the respective business/clinical mission and strategy in accordance
with applicable federal, state, and county statutes.
Interviews and selects applicants for employment; ensures appropriate orientation,
training, supervision, and evaluation of personnel; initiates and processes appropriate
employee recognition; prepares and implements corrective and disciplinary measures
where warranted.
MINIMUM QUALIFICATIONS
DESIRABLE QUALIFICATIONS
Education: Graduation from an accredited four-year college or university with a major in
Computer Science, Information Technology, Public/Business Administration, or a related field.
Experience: Five years of progressively responsible experience in information security
computer and/or systems analysis and design, including at least three years of management or
supervisory experience managing information security technology of multiple platforms, operating
systems, software, and network protocols within a large, information technology organization or
public agency.
Certificates: Professional security management certification, such as Certified Information
Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified
Information Systems Auditor (CISA), or other similar credentials may be substituted for the
required education.
KNOWLEDGE
Principles and practices of public administration, management, and
supervision, systems and procedures analysis, system and maintenance, principles and function
of management systems including data entry, computer operation, software, programming, and
electronic systems development; cloud-based solutions; cybersecurity principles and methods;
telecommunication technology; networking applications; client server technology; budget
development and preparation; methods of assessing and predicting work flow, equipment,
personnel, and space requirements; principles and techniques of oral and written communication.
ABILITY
Plan, organize, and direct the activities of others; develop and implement
complex electronic systems and computer processing systems; develop, implement and maintain
systems analysis, programming, software, hardware, and other systems support; plan, schedule,
coordinate, and direct the daily and long range programs and work of the information security
team within the Information Systems Division; communicate effectively, both orally and in writing;
establish and maintain effective working relationships with others.
PHYSICAL/MENTAL REQUIREMENTS
Mobility—sitting for long periods, walking; occasional
standing, pushing, pulling, bending, squatting, climbing; Lifting—frequently 5 pounds or less;
occasionally 5 to 30 pounds; Visual—constant good overall vision and reading/close-up work;
frequent color perception and use of eye/hand coordination; occasional use of depth perception
and peripheral vision; Hearing/Talking—frequent hearing of normal speech, hearing/talking on the
telephone, talking in person individually and in group settings; Emotional/Psychological—frequent
decision making, concentration, and public contact; Special Requirements—may require working
nights and weekends; Environmental—work is performed in an office environment.
San Joaquin County complies with the Americans with Disabilities Act (ADA) and, upon request,
will consider reasonable accommodations to enable individuals with disabilities to perform
essential job functions.
Notify Me when a Job Opens for the above position(s)