Whatsapp
Posted : Sunday, July 07, 2024 07:05 AM
Description
About the Position: Snohomish County is seeking an experienced and outcome-driven County Information Security Officer (CISO) to provide both strategic and tactical leadership for its information security efforts.
The CISO will maintain and mature the county-wide information security management program to ensure that information assets are adequately protected.
This position is critical to understanding and meeting the requirements of interested parties, preventing disruptions to business operations, and ensuring the confidentiality, integrity, and availability of information.
The County Information Security Officer role requires a proven leader that is highly ethical, pragmatic, and possesses strong analytical, technical, and business management skills.
Directly and through IT Security team members, the CISO will guide operational and technical direction for all facets of enterprise security and lead various programs including but not limited to vulnerability management, incident response, identity and access management, cybersecurity awareness, and business continuity.
As a member of the IT Leadership team, the CISO must communicate effectively with county leaders and staff, building trust and respect across the organization and region.
The CISO will also foster and strengthen relationships with local, state, and external security organizations through active engagement and collaboration.
To learn more about the Department of Information Technology check out our3-Year Strategic Plan and Snohomish County 2022 Annual Information Technology Report (arcgis.
com).
Why Join Our Team? Snohomish County’s commitment to life-work balance and an inclusive culture is key to our national NACo award-winning success, Information Technology | Snohomish County, WA - Official Website (snohomishcountywa.
gov).
The County offers outstanding benefits and professional growth opportunities to our employees, and we also enjoy flexible work schedules, telework options and a beautiful building in downtown Everett, WA that offers employee locker rooms, bicycle lockers for bike commuters and is within walking distance of a major transit hub.
Snohomish County believes in diversity, equity, and inclusion (DEI) and is committed to embedding these values into our workplace culture.
Snohomish County is located on the Puget Sound.
We are situated near some of the country’s most scenic national parks and is consistently ranked as one of the best places to live in the U.
S.
Teleworking Options: Snohomish County has a telework policy for many positions.
For employees who prefer to work in the office full time, that option is also available.
Employees must reside in Washington state and within a reasonable distance to their Snohomish County worksite to respond to workplace reporting requirements.
Snohomish County has a robust collection of tools and resources to support working remotely.
Remote/hybrid employees will be issued a county laptop and must maintain a suitable home workspace with an Internet connection where they can reliably perform work and remain available and responsive during scheduled work hours.
To be considered, a complete application package must include: A completed Snohomish County employment application Responses to all supplemental questions A current resume detailing your experience A cover letter describing your specific qualifications for the position NOTE: All application materials must be received by priority screening date, November 27, 2023 for a guaranteed review.
Applications received after this date will be considered on an as-needed basis until the position is filled.
BASIC FUNCTION The County Information Security Officer (CISO) is responsible for designing, engineering, and enforcing security of all information technology systems delivering client business applications, databases, computer hardware/software products, network/telecommunications and audio/visual system infrastructures as well as the associated infrastructure management systems.
Working at the enterprise level, a person in this position acts as a technical expert with advanced knowledge and skills covering all IS functions and multiple integrated specialties.
The position works to solve highly complex threats and risks in a way that is comprehensively effective, wide-reaching, and applicable to all parts of the county.
This position leads others, representing the county for enterprise decisions and emergencies, effectively sharing in-depth knowledge of applications, infrastructure, end user tools, and networking.
This person acts with a high level of independent decision-making authority.
In the course of the responsibilities of the position, this person must address conflicting demands with exceptional strategic critical thinking and communicates as a departmental spokesperson on enterprise projects and processes.
BASIC FUNCTION The County Information Security Officer (CISO) is responsible for designing, engineering, and enforcing security of all information technology systems delivering client business applications, databases, computer hardware/software products, network/telecommunications and audio/visual system infrastructures as well as the associated infrastructure management systems.
Working at the enterprise level, a person in this position acts as a technical expert with advanced knowledge and skills covering all IS functions and multiple integrated specialties.
The position works to solve highly complex threats and risks in a way that is comprehensively effective, wide-reaching, and applicable to all parts of the county.
This position leads others, representing the county for enterprise decisions and emergencies, effectively sharing in-depth knowledge of applications, infrastructure, end user tools, and networking.
This person acts with a high level of independent decision making authority.
In the course of the responsibilities of the position, this person must address conflicting demands with exceptional strategic critical thinking, and communicates as a departmental spokesperson on enterprise projects and processes.
Job Duties STATEMENT OF ESSENTIAL JOB DUTIES Acts as technical expert, with advanced knowledge and skills in multiple integrated technical areas.
All new purchases must be approved by the CISO, who must determine the impact of new technology and cyber threats on the development of new knowledge related to system and server, telephone and audio/visual system hardware, software and databases and components.
Solves extremely complex issues that have enterprise-wide/countywide impact, demand an exceptional amount of resources, and are of exceptionally long duration and/or exceptionally high risk.
Interprets how federal, state, military, and financial security laws and regulations apply to the county's work and businesses.
Plans, designs and architect county programs, data structures, and communications in multiple business specialties to comply with legal and financial mandates.
Leads and mentors teams and individuals, directs or supervises staff at lower technical levels, leads groups, is the principal advocate within the county for data control and risk management functions, represents county for enterprise decisions and in emergencies on technical matters in local and regional groups, and initiates significant security improvements and validations in work covering with system and servers, telephone and audio/visual system hardware, software and databases and components.
Effectively leads others by applying in-depth knowledge of security threat development, proactive planning, the management and methodologies of security systems and controls.
Provides a service level management strategy, does department wide resource and workload planning, and performs detailed cost/benefit analysis techniques for the impact of security requirements on projects that incorporate system and server, telephone and audio/visual system hardware, software and databases and components.
Acts with a high level of independent decision making authority, handling complex issues/projects/tasks that have inherently conflicting demands, enterprise-wide and/or countywide impact, or are highly visible.
Considers wide-reaching, complicated factors including finances, time constraints, practicality, staffing resources, effects on mission, risk.
Operates with self-discipline, explores new ideas, makes difficult decisions, and initiates actions.
Demonstrates expert, rigorous thinking skills on exceptionally complex issues that have enterprise-wide/countywide impact or are highly visible, and/or demand heavy use of county resources.
Understands and conveys to others risks and potential long-term impacts.
Navigates and helps others navigate high risk situations.
Uses and promotes thinking skills that involve analyzing, prioritizing, abandoning prejudices and previous ideas, and applying practical considerations.
Delivers an expert level of competency in multiple specialties, disciplines and roles related to the area of securing technology systems and essential data.
Serves as the departmental security spokesperson on enterprise projects and processes, acts as a consultant on the feasibility and implementation of existing and new technologies, and interprets for others complex information, mandatory technology controls and tasks about the integration of security processes and tools in technology systems.
STATEMENT OF OTHER JOB DUTIES May perform any of the duties and responsibilities of all lower level positions.
May perform duties at the same level from other specialty areas.
Performs other duties as assigned.
Minimum Qualifications MINIMUM QUALIFICATIONS A Bachelor's degree is required and IT certification in multiple directly related specialties is preferred; AND seven (7) years of directly relevant IT security experience, OR any equivalent combination of training and/or experience that provides the required knowledge and abilities.
Must possess a CISSP certification or two other similar security certifications.
Must pass criminal background check.
Must pass job related tests.
SPECIAL REQUIREMENTS A valid Washington State Driver's License is required.
Additional Information KNOWLEDGE AND ABILITIES Knowledge of: the tools, standards, methods, best practices and industry trends applicable to this specialty (expert knowledge); project life cycles, service level management strategies, resource and workload planning, and detailed cost/benefit analysis techniques (in-depth knowledge); detailed understanding of mandatory security compliance laws including, but not limited to (in-depth knowledge)): HIPAA and HITECH health privacy laws Red Flag laws covering release of personal financial information CJIS requirement covering criminal justice information systems for public safety, the prosecuting attorney and the courts PII laws from the FTC protecting individuals' financial identities.
State laws also apply under many circumstances PCI requirements governing the ability to process credit transactions The State Public Records Act and compliance with record retention and preservation.
State laws may also apply.
Court requirement for evidence preservation, including chain of custody and documentation requirements The federal Cyber Crimes Act of 2008 Federal Information Processing Standards (FIPS) National Institute of Standards and Technology (NIST) related to security Ability to: understand and follow county, state and federal regulations, policies, etc.
; facilitate and lead many team-based cross-functional work efforts that affect multiple projects, policies and enterprise standards; create and maintain a multi-level architecture for security, covering internal and external threats.
Devise, create and direct implementation of enterprise solutions.
Integrate security architecture with existing information architecture and database architecture standards establish and maintain close working relationships with department, associate, superiors, peers and vendors; solve highly complex issues that have enterprise wide impact, potentially demanding an exceptional amount of resources in mitigating extremely high risks; maintain current awareness of new technical and cyber threats, and of available methods to manage the risk; demonstrate strong written and verbal communication skills; create effective documentation; able to recognize and resolve conflicts; motivate others to perform; participate interactively in all manager level meetings; interpret client's security needs, including terms of legal compliance.
SUPERVISION The employee works autonomously, in a self-directed fashion, independently determining assignments, with supervision comprised of occasional reviews and management meetings.
WORKING CONDITIONS The work is generally performed in typical office conditions.
Customers are predominantly internal at the County, with the exception of online service providers.
Job requires frequent contact outside the department of Information Services.
Will perform some field work in certain specialty areas.
Some repetitive movements at a computer or business machine.
May require occasional lifting and moving of up to 50 pounds.
On-call during off duty hours and required to work evenings, weekends and holidays as necessary.
May be assigned work shifts consistent with 24 hours/day, 7 days/week coverage.
Service oriented environment with frequent interruptions.
Operates motor vehicle.
Snohomish County is an Equal Employment Opportunity (EEO) employer.
Accommodations for individuals with disabilities are provided upon request.
EEO policy and ADA notice
The CISO will maintain and mature the county-wide information security management program to ensure that information assets are adequately protected.
This position is critical to understanding and meeting the requirements of interested parties, preventing disruptions to business operations, and ensuring the confidentiality, integrity, and availability of information.
The County Information Security Officer role requires a proven leader that is highly ethical, pragmatic, and possesses strong analytical, technical, and business management skills.
Directly and through IT Security team members, the CISO will guide operational and technical direction for all facets of enterprise security and lead various programs including but not limited to vulnerability management, incident response, identity and access management, cybersecurity awareness, and business continuity.
As a member of the IT Leadership team, the CISO must communicate effectively with county leaders and staff, building trust and respect across the organization and region.
The CISO will also foster and strengthen relationships with local, state, and external security organizations through active engagement and collaboration.
To learn more about the Department of Information Technology check out our3-Year Strategic Plan and Snohomish County 2022 Annual Information Technology Report (arcgis.
com).
Why Join Our Team? Snohomish County’s commitment to life-work balance and an inclusive culture is key to our national NACo award-winning success, Information Technology | Snohomish County, WA - Official Website (snohomishcountywa.
gov).
The County offers outstanding benefits and professional growth opportunities to our employees, and we also enjoy flexible work schedules, telework options and a beautiful building in downtown Everett, WA that offers employee locker rooms, bicycle lockers for bike commuters and is within walking distance of a major transit hub.
Snohomish County believes in diversity, equity, and inclusion (DEI) and is committed to embedding these values into our workplace culture.
Snohomish County is located on the Puget Sound.
We are situated near some of the country’s most scenic national parks and is consistently ranked as one of the best places to live in the U.
S.
Teleworking Options: Snohomish County has a telework policy for many positions.
For employees who prefer to work in the office full time, that option is also available.
Employees must reside in Washington state and within a reasonable distance to their Snohomish County worksite to respond to workplace reporting requirements.
Snohomish County has a robust collection of tools and resources to support working remotely.
Remote/hybrid employees will be issued a county laptop and must maintain a suitable home workspace with an Internet connection where they can reliably perform work and remain available and responsive during scheduled work hours.
To be considered, a complete application package must include: A completed Snohomish County employment application Responses to all supplemental questions A current resume detailing your experience A cover letter describing your specific qualifications for the position NOTE: All application materials must be received by priority screening date, November 27, 2023 for a guaranteed review.
Applications received after this date will be considered on an as-needed basis until the position is filled.
BASIC FUNCTION The County Information Security Officer (CISO) is responsible for designing, engineering, and enforcing security of all information technology systems delivering client business applications, databases, computer hardware/software products, network/telecommunications and audio/visual system infrastructures as well as the associated infrastructure management systems.
Working at the enterprise level, a person in this position acts as a technical expert with advanced knowledge and skills covering all IS functions and multiple integrated specialties.
The position works to solve highly complex threats and risks in a way that is comprehensively effective, wide-reaching, and applicable to all parts of the county.
This position leads others, representing the county for enterprise decisions and emergencies, effectively sharing in-depth knowledge of applications, infrastructure, end user tools, and networking.
This person acts with a high level of independent decision-making authority.
In the course of the responsibilities of the position, this person must address conflicting demands with exceptional strategic critical thinking and communicates as a departmental spokesperson on enterprise projects and processes.
BASIC FUNCTION The County Information Security Officer (CISO) is responsible for designing, engineering, and enforcing security of all information technology systems delivering client business applications, databases, computer hardware/software products, network/telecommunications and audio/visual system infrastructures as well as the associated infrastructure management systems.
Working at the enterprise level, a person in this position acts as a technical expert with advanced knowledge and skills covering all IS functions and multiple integrated specialties.
The position works to solve highly complex threats and risks in a way that is comprehensively effective, wide-reaching, and applicable to all parts of the county.
This position leads others, representing the county for enterprise decisions and emergencies, effectively sharing in-depth knowledge of applications, infrastructure, end user tools, and networking.
This person acts with a high level of independent decision making authority.
In the course of the responsibilities of the position, this person must address conflicting demands with exceptional strategic critical thinking, and communicates as a departmental spokesperson on enterprise projects and processes.
Job Duties STATEMENT OF ESSENTIAL JOB DUTIES Acts as technical expert, with advanced knowledge and skills in multiple integrated technical areas.
All new purchases must be approved by the CISO, who must determine the impact of new technology and cyber threats on the development of new knowledge related to system and server, telephone and audio/visual system hardware, software and databases and components.
Solves extremely complex issues that have enterprise-wide/countywide impact, demand an exceptional amount of resources, and are of exceptionally long duration and/or exceptionally high risk.
Interprets how federal, state, military, and financial security laws and regulations apply to the county's work and businesses.
Plans, designs and architect county programs, data structures, and communications in multiple business specialties to comply with legal and financial mandates.
Leads and mentors teams and individuals, directs or supervises staff at lower technical levels, leads groups, is the principal advocate within the county for data control and risk management functions, represents county for enterprise decisions and in emergencies on technical matters in local and regional groups, and initiates significant security improvements and validations in work covering with system and servers, telephone and audio/visual system hardware, software and databases and components.
Effectively leads others by applying in-depth knowledge of security threat development, proactive planning, the management and methodologies of security systems and controls.
Provides a service level management strategy, does department wide resource and workload planning, and performs detailed cost/benefit analysis techniques for the impact of security requirements on projects that incorporate system and server, telephone and audio/visual system hardware, software and databases and components.
Acts with a high level of independent decision making authority, handling complex issues/projects/tasks that have inherently conflicting demands, enterprise-wide and/or countywide impact, or are highly visible.
Considers wide-reaching, complicated factors including finances, time constraints, practicality, staffing resources, effects on mission, risk.
Operates with self-discipline, explores new ideas, makes difficult decisions, and initiates actions.
Demonstrates expert, rigorous thinking skills on exceptionally complex issues that have enterprise-wide/countywide impact or are highly visible, and/or demand heavy use of county resources.
Understands and conveys to others risks and potential long-term impacts.
Navigates and helps others navigate high risk situations.
Uses and promotes thinking skills that involve analyzing, prioritizing, abandoning prejudices and previous ideas, and applying practical considerations.
Delivers an expert level of competency in multiple specialties, disciplines and roles related to the area of securing technology systems and essential data.
Serves as the departmental security spokesperson on enterprise projects and processes, acts as a consultant on the feasibility and implementation of existing and new technologies, and interprets for others complex information, mandatory technology controls and tasks about the integration of security processes and tools in technology systems.
STATEMENT OF OTHER JOB DUTIES May perform any of the duties and responsibilities of all lower level positions.
May perform duties at the same level from other specialty areas.
Performs other duties as assigned.
Minimum Qualifications MINIMUM QUALIFICATIONS A Bachelor's degree is required and IT certification in multiple directly related specialties is preferred; AND seven (7) years of directly relevant IT security experience, OR any equivalent combination of training and/or experience that provides the required knowledge and abilities.
Must possess a CISSP certification or two other similar security certifications.
Must pass criminal background check.
Must pass job related tests.
SPECIAL REQUIREMENTS A valid Washington State Driver's License is required.
Additional Information KNOWLEDGE AND ABILITIES Knowledge of: the tools, standards, methods, best practices and industry trends applicable to this specialty (expert knowledge); project life cycles, service level management strategies, resource and workload planning, and detailed cost/benefit analysis techniques (in-depth knowledge); detailed understanding of mandatory security compliance laws including, but not limited to (in-depth knowledge)): HIPAA and HITECH health privacy laws Red Flag laws covering release of personal financial information CJIS requirement covering criminal justice information systems for public safety, the prosecuting attorney and the courts PII laws from the FTC protecting individuals' financial identities.
State laws also apply under many circumstances PCI requirements governing the ability to process credit transactions The State Public Records Act and compliance with record retention and preservation.
State laws may also apply.
Court requirement for evidence preservation, including chain of custody and documentation requirements The federal Cyber Crimes Act of 2008 Federal Information Processing Standards (FIPS) National Institute of Standards and Technology (NIST) related to security Ability to: understand and follow county, state and federal regulations, policies, etc.
; facilitate and lead many team-based cross-functional work efforts that affect multiple projects, policies and enterprise standards; create and maintain a multi-level architecture for security, covering internal and external threats.
Devise, create and direct implementation of enterprise solutions.
Integrate security architecture with existing information architecture and database architecture standards establish and maintain close working relationships with department, associate, superiors, peers and vendors; solve highly complex issues that have enterprise wide impact, potentially demanding an exceptional amount of resources in mitigating extremely high risks; maintain current awareness of new technical and cyber threats, and of available methods to manage the risk; demonstrate strong written and verbal communication skills; create effective documentation; able to recognize and resolve conflicts; motivate others to perform; participate interactively in all manager level meetings; interpret client's security needs, including terms of legal compliance.
SUPERVISION The employee works autonomously, in a self-directed fashion, independently determining assignments, with supervision comprised of occasional reviews and management meetings.
WORKING CONDITIONS The work is generally performed in typical office conditions.
Customers are predominantly internal at the County, with the exception of online service providers.
Job requires frequent contact outside the department of Information Services.
Will perform some field work in certain specialty areas.
Some repetitive movements at a computer or business machine.
May require occasional lifting and moving of up to 50 pounds.
On-call during off duty hours and required to work evenings, weekends and holidays as necessary.
May be assigned work shifts consistent with 24 hours/day, 7 days/week coverage.
Service oriented environment with frequent interruptions.
Operates motor vehicle.
Snohomish County is an Equal Employment Opportunity (EEO) employer.
Accommodations for individuals with disabilities are provided upon request.
EEO policy and ADA notice
• Phone : NA
• Location : 3000 Rockefeller Ave, Everett, WA
• Post ID: 9001318896
