City of San Jose, CA - San Jose, CA
posted 4 days ago
About the position
The City of San José Information Technology Department seeks an experienced City Information Security Officer (CISO) to lead cybersecurity Citywide initiatives. The CISO will direct the Cybersecurity Office as the City's principal executive leader for information and systems security. In partnership with the Chief Information Officer (CIO), they will manage risk identification, protection and compliance, threat detection, incident response (IR), and recovery services for all City departments to ensure business resilience. The City's CISO must be able to apply expertise in security strategy, cybersecurity frameworks, managing staff and vendor services, leading incident management, and optimizing resources to achieve desired security outcomes. The position is currently eligible for a hybrid telework schedule, with the schedule for working remotely and onsite subject to change.
Responsibilities
- Lead and mentor the Cybersecurity team, offering expertise and support to foster growth and a collaborative environment.
- Collaborate with business units and solution providers to provide optimal security measures and achieve a balance between sustaining business operations and achieving security compliance.
- Coordinate with stakeholders within the City and partners/vendors outside of the City to ensure information and systems meet the City's standards for threat identification, protection, and risk detection.
- Develop, operationalize, and enhance the City's cybersecurity strategic plan, programs, policies, and architecture, including vulnerability, risk, and threat management programs through remediation.
- Conduct training programs to educate City personnel on relevant security best practices, foster diligence, and ensure compliance.
- Provide expert security guidance to City departments and officials in service planning, procurements, contract negotiations, vendor management, and project management.
- Provide expert guidance on regulations and standards (FISMA, FedRAMP, CJIS, PCI-DSS, HIPAA, etc.) the City must meet in providing municipal services, as well as security frameworks (NIST, ISO, IEEE, etc.) to shape City operations.
- Oversee and lead incident management/response processes in coordination with City departments to respond and recover from incidents.
- Resolve security-related audits in partnership with City staff.
- Ensure comprehensive security strategies align with resilience plans and emergency management exercises.
- Oversee vendor relationships and manage the City's procurement and utilization of cybersecurity products and services across departments.
- Lead the annual Cybersecurity Assessment of the City's technology infrastructure.
- Provide strategic and operational leadership to address cybersecurity in the City's emerging Internet-of-Things, smart communities, privacy, and equity through data initiatives.
- Collaborate with the Digital Privacy Officer to address privacy challenges emerging from new technologies, including AI.
- Implement governance policies to ensure responsible AI usage across the organization, aligning with ethical standards and risk management protocols.
- Support the GovAI Coalition's initiatives to promote responsible and safe use of AI in government.
Requirements
- A Bachelor's degree from an accredited college or university in computer science, management information systems, business/public administration, or a closely related field.
- Seven (7) years of increasingly responsible experience in cybersecurity application and infrastructure, technology management, or telecommunications.
- Five (5) years of supervisory and project personnel management experience.
- At least three (3) years of supervision experience in direct support of information security programs of significant scale and scope similar to a large government.
- Possess and maintain a current, terminal-level cybersecurity credential such as CISSP, CISA, CISM, CGEIT, CRISC, or an equivalent professional certification.
- Obtain and maintain SECRET Security Clearance within a reasonable period of time acceptable to the City.
Nice-to-haves
- A master's degree in a relevant field from an accredited college or university may be substituted for one (1) year of the required three (3) years of supervision experience.
- Knowledge of local, state, and federal cybersecurity regulations.
- Hands-on experience with crisis management and managing Incident Response to security breaches.
Benefits
- Work-life integration and a focus on growth.
- Hybrid telework schedule eligibility.
