Chief Information Security Officer (UC), Chief Executive Office - California State Association of Counties : Job Details

Date Posted: March 7, 2025

Salary: $163,996.80 to $255,048.36

Description:

The CEO of Los Angeles County is seeking a well-qualified candidate with a successful track record of leading security strategies for large complex organizations to serve as the new Chief Information Security Officer (CISO). This unclassified position reports to the County's Chief Information Officer and is responsible for coordinating information and providing executive leadership to integrate Countywide security-related programs designed to protect all County IT systems and data, through subordinate CIO staff and department designated Information Security Officers.

The CISO should have extensive, up-to-date technical knowledge in information systems, detailed knowledge of security technologies and best practices, and enterprise-level experience with the use of appropriate security controls and methods. They must also have extensive knowledge of IT security and related policy issues, as well as the ability to develop and maintain effective interpersonal relationships with internal and external managers, IT technical staff, legal and privacy staff, and related industry experts. The CISO represents the County's interests before State and federal agencies and regulatory bodies and serves as the official Health Insurance Portability and Accountability (HIPAA) Information Security Officer for the County.

It is critical for the CISO to have very strong collaboration and interpersonal skills. Although most of the County's 38 departments' administrative units manage and operate independently within their internal IT environments, the CISO is responsible for working collaboratively with those departments to laterally strategize and ensure security governance and regulatory compliance, policy development and management, and security training and awareness development.

Under the authority of the CIO, the CISO directs countywide security initiatives and team to manage and mitigate information security threats. Additionally, the CISO is expected to work alongside the new Cyber Governance and Operations Branch (CGO), which operates under the authority of one of the County's departments, the Internal Services Department (ISD). As the CGO operates independently from the CISO, it is critical for the CISO to be able to work effectively with the CGO, which has five areas of operational focus: endpoints, secure access, data center, security analytics, and governance. The ISD's CGO provides centralized cybersecurity operations to all County departments in these areas. As such, it is critical for the CISO to be able to partner with the CGO to further align, strategize, and strengthen the security direction of the County.

Minimum Qualifications:

A Bachelor's Degree from an accredited college or university in Computer Science, Information Systems, Public or Business Administration, or a related field AND:

REQUIRED LICENSE: A valid California Class “C” Driver's License or the ability to utilize an alternative method of transportation when needed to carry out job-related essential functions.

DESIRABLE QUALIFICATIONS:

• A current Certified Information Systems Security Professional (CISSP) certification issued by the International Information Systems Security Consortium, Certified Information Security Manager (CISM) issued by the Information Systems Audit and Control Association, Certified in Risk and Information Systems Control (CRISC) issued by the Information Systems Audit and Control Association or other comparable security accreditation/certification.
• Demonstrated knowledge and experience in IT planning and governance, and risk management.
• Demonstrated working knowledge of government regulations and laws related to information security.
• Excellent oral and written communication skills with an ability to adapt approach, language, and style to different audiences.
• Demonstrated ability to serve as an effective member of a leadership team and direct information security and cyber risk initiatives across a federated organization.
• Demonstrated collaboration and team-building skills and the ability to build consensus around challenging topics.
• Demonstrated ability to lead and mature an enterprise-level security program that addresses changes to the threat landscape.