Responsibilities:
- Provide security expertise in NIST 800-53 and ISO 270001/2 controls, PCI, HIPAA and CJIS compliance and helps CSB to create best practice frameworks, policy creation and business impact analysis
- Design and implement a program which includes development and implementation of efficient IT policies and procedures.
- Collaborates and effectively engages with ITS teams, departments’ stakeholders and leadership across the County to develop, define and build risk assessment methodology with identified business priorities
- Responsible for managing the program to achieve full compliance with the County defined IT Controls, and Security programs, and implementation of IT procedures focused on efficiency, effectiveness and risk avoidance.
- Collaborate with the ITS team, internal audit and the corporate security team to assess, remediate and prevent information technology risks.
- Management and reporting of risk and security metrics.
- Perform ongoing education and training in Information Security related areas
- Development of IT Strategies and roadmap.
- Provides oversight and project management of various internal and external audits, PCI, HIPAA and CJIS compliance and risk/ control assessment engagements, and regular penetration testing
Required Skills:
- One or more of the following professional certifications requited: Qualified Security Assessor (QSA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professionals (CISSP), Certified Information Security Manager (CISM) or Certified Information Privacy Professional (CIPP)
- Bachelor’s degree from an accredited college in Technology related discipline (e.g. Computer Science, Engineering, Information Systems, etc.) or equivalent experience/combined education.
- Minimum of three (3) years’ experience in the last five (5) years as an IT Security Compliance Manager, supporting a complex enterprise security environment for a large public or private organization.
- Minimum of three (3) years of experience in the past five (5) years as an IT Security Compliance Manager, supporting Enterprise Multi-Tenant environment, include responding, containing, remediating, and reporting on the infrastructure connecting to County Departments and Public Cloud Providers, such as AWS, Azure and/or GCP.
- Minimum of two (2) years’ experience in the last three (3) years analyzing, responding, and remediating enterprise network & security architectures.
- Minimum of two (2) years’ experience in the last three (3) years leading IT Security/Information Security teams.
- Demonstrated ability to create clear, concise technical documentations such as procedures, Visio diagrams, and system support documents, and strong presentation skills with experience using Microsoft PowerPoint.