IT Deputy Director - Information Security

About the position

The IT Deputy Director - Information Security for Tulare County is responsible for overseeing the design, development, implementation, operation, and maintenance of the County's enterprise information security program. This role involves managing cybersecurity risks, ensuring compliance with legal and regulatory requirements, and aligning security strategies with business objectives. The incumbent will lead a team, manage budgets, and report on the status of the information security program to various stakeholders.

Responsibilities

• Facilitate an information security governance structure and create necessary internal networks among various teams.
• Develop and enhance an up-to-date information security management framework based on established standards.
• Lead the information security function across the County to ensure consistent management in support of business objectives.
• Supervise assigned personnel, including hiring, training, and performance evaluation.
• Develop an information security vision and strategy aligned with organizational priorities.
• Manage the budget for the information security function and seek relevant cybersecurity grants.
• Ensure completion of the National Cybersecurity Review (NCSR).
• Liaise with the enterprise architecture team to align security and enterprise architectures.
• Provide regular reporting on the information security program status to stakeholders.
• Develop, implement, and monitor a comprehensive information security program.
• Collaborate with departments to ensure compliance with eDiscovery activities and systems.
• Develop and implement security policies and coordinate their approval.
• Facilitate information security risk assessment and management processes.
• Create metrics and reporting frameworks to measure the effectiveness of the security program.
• Work with compliance staff to ensure adherence to applicable laws and regulations.
• Manage and contain information security incidents to protect county assets.
• Develop disaster recovery policies and standards in alignment with business continuity goals.
• Create and direct an information security awareness training program for all employees.
• Coordinate the development of incident response plans and procedures.

Requirements

• Bachelor's degree in Public Administration, Business Administration, Computer Science, or a closely related field.
• Four years of experience in a senior leadership role involving administrative management of technology, risk management, and/or information security.
• Knowledge of relevant legal and regulatory requirements such as HIPAA, PCI, CJIS, and SOX.
• Familiarity with information security management frameworks like ISO/IEC 27001, ITIL, COBIT, and NIST.
• Strong understanding of system security design, development, analysis, and testing principles.
• Excellent written and verbal communication skills.

Nice-to-haves

• Master's degree in Public Administration, Business Administration, Computer Science, or a closely related field.
• Certifications such as CISSP, CISM, CISA, CRISC, or GIAC.

Benefits

• AD&D insurance
• Paid holidays
• Disability insurance
• Health insurance
• Dental insurance
• Dependent health insurance coverage
• Vision insurance
• Loan forgiveness
• Life insurance
• Retirement plan