POSITION DUTIES AND QUALIFICATIONS
SUMMARY OF DUTIES:
Designs and directs a citywide information security program and partners with city leadership on risk management to provide the protection and confidentiality of data and other information assets of the city.
This job reports to: Chief Information Officer
DUTIES AND RESPONSIBILITIES:*
Position Specific Summary
The Chief Information Security Officer position at the City of Tucson’s Information Technology (IT) Department leads the development and implementation of a comprehensive citywide information and technology security program. This position collaborates with city leadership on risk management to ensure data protection and confidentiality, adhering to the City’s risk tolerance, legal requirements, external obligations, and public good interests.
Work is performed under the supervision of the Director of Information Technology/Chief Information Officer (CIO). This position exercises supervision over the Security division and Governance, Risk and Compliance division personnel.
Duties and Responsibilities
Leadership & Strategic Planning (30%) - Essential
Prepares short and long-term strategies for optimizing the City's Information Security Plan, and formulates policies for detecting, deterring, and mitigating security threats. Participates in the development and implementation of disaster recovery and business continuity plans, with a focus on holistic operational effectiveness and comprehensive IT engagement. Serves as a subject matter expert and internal consultant, advising the City Manager’s Office on data security implications of major IT projects and programs, and making recommendations to affected departments. Develops, implements and performs to budget and operating plan for Cybersecurity team.
Cybersecurity & Risk Management (25%) - Essential
Establishes and maintains the City operations’ risk register in partnership with Risk Management, executive leadership, and designated staff with special accountability tracking to ensure cybersecurity risks are effectively managed. Develops and promotes security and privacy awareness training for all levels of the City organization structure on an ongoing basis. Oversees the development and implementation of a citywide Written Information Security Program (WISP) and related security policies, guidelines and governance models to protect the City from internal and external threats and vulnerabilities. Sets city-wide roles and processes for electronic and physical environment protection and data governance. Establishes a data community and detailed cross-departmental processes for responding to process violations and compromised data.
Cyber Infrastructure & Design Control (20%) - Essential
Leads and participates in the development and implementation of security management practices, and the monitoring of security protection measures. Designs & authorizes architecture and governance for secured, limited access to information through technical infrastructure, including processes to monitor, manage, and evaluate ongoing performance of security. Ensures new solutions adhere to policy and standards, control and isolate risks to systems and networks and partners with leaders in peer IT divisions to monitor systems for availability, uptime, configuration, and performance. Tracks and monitors anomalies in performance, accesses behavior, ensuring timely discovery of investigation and remediation. Addresses vulnerabilities and new threats discovered per recommended prioritized response plan. Performs routine audits, evaluates gaps or exploits, ensures root causes are addressed, and maintains security through systemic roles and plans. Manages proposals and contracts for citywide information security related software, equipment and services, and presents recommendations for funding and approvals to the CIO.
Threat & Vulnerability Assessments (10%) - Essential
Stays aware of external cyberthreat actors and manages response plans per industry standards and frameworks including National Institute of Standards and Technology (NIST), MITRE’s Adversarial Tactics, Techniques and Common Knowledge (ATT&CK). Manages, assesses and maintains appropriate tools for ongoing threat and vulnerability assessments & response plans. Ensures routine assessments of network & systems to identify and investigate abnormal behavior. Oversees regular penetration testing as needed and prioritizes response plan resulting from discoveries. Investigates & pursues any unsecured data or systems not handled according to policy or governance through designated info owners and partner department information security officers, and restricts access as needed. Proactively blocks threat access in areas of extreme vulnerability or risk, working with impacted parties for immediate resolution.
Community Engagement (10%) - Essential
Facilitates City adaptation and ensures compliance to Federal and State information security laws, standards, and regulations. Reviews and recommends professional development curriculum for IT security and privacy staff as well as department data officers to ensure adequate training standards in information security, privacy, and protection measures, coordinating related training and awareness programs. Partners with City Public Information Office (PIO) to inform and guide the public on effective cyber hygiene & awareness campaigns to ensure effective and productive City operations. Proactively addresses threats involving bad actors misrepresenting valid City identities and operations with intent to compromise City systems, information or operations. Represents the CIO to County and State departments, information technology advisory bodies, and other committees or agencies involving City policies, plans, methodologies, and programs related to data security and confidentiality.
Other Duties (5%) - Non-Essential
Performs all other duties and tasks as assigned. Maintains knowledge of current developments and practices in information technology and participates in special projects as assigned.
Working Conditions: Mostly office environment.
* All duties, responsibilities, and percentage of time listed are subject to change.
MINIMUM REQUIRED QUALIFICATIONS:
Education:
Bachelor's degree
Work Experience:
Seven (7) years of directly related experience
Any combination of relevant education and experience may be substituted on a year-for-year basis.
ADDITIONAL MINIMUM REQUIRED QUALIFICATIONS:
Education:
Bachelor's degree
or a related field.
Work Experience:
Seven (7) years of directly related experience
Skills:
License/Certifications:
Certified Information Systems Security Professional - International Information Systems Security Certification Consortium, Inc.
Languages:
PREFERRED QUALIFICATIONS:
Seven (7) years in information technology or security management with five (5) years concentrated in information security. At least 4 of required 7 years in Lead or Supervisory capacity in a related functional area.
Experience in: information security principles and frameworks (NIST, ISO 27001/2), designing, implementing, and managing security programs, remote access systems (RAS), digital certificates, sniffers, Demilitarized Zones (DMZ)/Transaction Zones, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information & Event Management (SIEM), ICS/SCADA, Internet of Things(IOT), cloud security, business continuity planning, auditing, security automation and orchestration tools, Health Insurance Portability and Accountability Act(HIPAA), Criminal Justice Information Systems(CJIS), Payment Card Industry(PCI) and related regulatory compliance requirements, risk management, contract and vendor negotiation, and physical security.
Certification in: Certified Information Security Auditor (CISA), CompTIA+ Security
Active membership in professional information security organizations (ISSA, ISACA etc.). The Certified Information Systems Security Professional (CISSP) must be obtained within (6) six of hire and must be maintained throughout employment in this position.
ADDITIONAL POSITION INFORMATION:
Position Title:
Chief Information Security Officer
Department Name:
Information Technology
Department Link:
No Website
Recruiter Name:
Liliana Almeraz
FTE%:
100
FLSA:
Exempt
Position Type:
Regular
POSTING INFORMATION
Posting Close Date:
Applicants must submit their completed application by 08-05-2024 at 11:59 p.m. MST
APPLICATION INSTRUCTIONS
Please see the special application instructions below and follow the directions for applying to this position.
Special Instructions:
Background Check: This position has been designated to require a criminal background check.
CITY OF TUCSON IS AN EQUAL OPPORTUNITY/AFFIRMATIVE ACTION EMPLOYER and does not discriminate based on race, color, religion, sex (including sexual orientation, gender identity, and pregnancy), national origin, veteran status, age, disability, genetic testing, or any other protected status. If you believe you have been a victim of discrimination, you may file a complaint with the City of Tucson's Office of Equal Opportunity Programs, U.S. Equal Employment Opportunity Commission (EEOC) or Arizona Attorney General's Office of the Civil Rights Division (ACRD). Click for more information from ACRD about employment discrimination and how to file a complaint with ACRD
The City of Tucson employs only U.S. citizens and lawfully authorized non-U.S. citizens. All new employees must show employment eligibility verification as required by the U.S. Citizenship and Immigration Services.
The City of Tucson is committed to providing access and reasonable accommodation for individuals with disabilities or who require religious accommodation; please contact Human Resources at EmployeeLeaves@tucsonaz.gov or 520-791-2619.
City of Tucson is an Equal Opportunity/Affirmative Action/Veterans/Disability Employer.
Questions? If you need assistance applying for any position, please contact recruitment@tucsonaz.gov or 520-791-4241.
...Residential HVAC Installer Department: Field FLSA Status: Non-Exempt COMPANY OVERVIEW: An established HVAC company, made... ...manufacturer installation instructions Desire to move into commercial HVAC through on-the-job training and course work ADDITIONAL...
...Attention Atlanta, Georgia Truck Drivers! Regional CDL A Tank Truck Company Solo Drivers... ...: Single Hull Stainless Steel Tanker Trailer. Hazmat and Tanker Endorsement... ...preferred. 12 months minimum of recent driving experience. 12 months of tractor-trailer experience...
COMPENSATION AND BENEFITS ~$250k Base Salary + WRVU potential of $280k ~$50,000 Sign on Bonus ~$25,000 relocation assistance ~$25,000 Residency Stipend ~$300 Daily Call Rate ~6 Weeks Paid Time Off Plus 7 Paid Holidays ~ Generous benefits package (401...
...As a Remote Travel Consultant, you will play a crucial role in providing expert advice and solutions to our clients. This role allows you to combine your love for helping people with the freedom of working remotely. As a Remote Booking Consultant, you'll be part...
...that can work across multiple groups and technologies focusing on the design and delivery of key strategic engineering goals for the Apex Legends franchise at Respawn Entertainment. This talented individual will apply their years of engineering and live service...