City Information Security Officer (CISO) Job at City of San Jose, CA, San Jose, CA

azdac1JONU53d25EdFdrSGdNNlFJc2R5UUE9PQ==
  • City of San Jose, CA
  • San Jose, CA

Job Description

Salary : $176,943.78 - $275,812.42 Annually

Location : San Jose

Job Type: Full-Time

Remote Employment: Flexible/Hybrid

Job Number: 202300686

Department: Information Technology

Opening Date: 10/01/2024

Our diverse and inclusive workforce of more than 7,000 employees play a key role in the success of San Jos, the heart of the Silicon Valley. All City of San Jos employees work together as one team to make San Jos a vibrant, innovative, and desirable place to live and work. Visit to learn more about our One Team Leadership Values and Expectations, including quality and excellent customer service and here to learn more about San Jos.

About the Department


The City of San Jos innovates to provide exceptional civic services using advanced technologies to help our community thrive.


As one of the largest cities in the nation, the City manages a large set of services and assets. The City operates on a budget of $5 billion, with approximately 7,000 employees serving about 1 million residents and 80,000 businesses in the heart of Silicon Valley.


The Information Technology Department's (ITD) mission is to enrich the quality of life in San Jos through innovation, collaboration, and engagement. ITD enables that mission through business and infrastructure systems, cybersecurity, data management and analysis, responsible use of Artificial Intelligence (AI), productivity and collaboration tools, the San Jos 311 resident experience platform, data equity and privacy programs, and strategic planning. San Jos is powered by truly great people, a robust technology environment, and a strong sense of purpose.

The IT department is a leader in innovation, embracing cutting-edge technologies and pioneering solutions to enhance efficiency and quality of life in San Jos. As part of this effort, the City leads a national initiative for AI through the GovAI Coalition, which was established to give local governments a voice in shaping the future of AI, ensuring it is developed responsibly for the public good.


Promoting the City's commitment to equity and inclusion, we believe that all members of the community, regardless of background, have access to the tools and resources needed to thrive in the digital age. San Jos is located in the heart of Silicon Valley, which boasts a rich history in technology, education, and agriculture. Over half of San Jos residents speak a language other than English at home, highlighting the importance of language accessibility in all City services. By fostering inclusivity, promoting digital literacy, and building accessible platforms, we are advancing technology while creating a more equitable future for everyone.


At the City of San Jos, we promote work-life integration and a focus on growth to bring out the best in our people. Come join us in making San Jos the most vibrant, equitable, sustainable, and innovative city in the nation! Visit the to learn about our culture, vision, leadership, and innovative initiatives.

Position Duties


NOTE - The first application review will be on Monday, October 28, 2024. Please submit your application by Monday, October 28, 2024, at 12:00 p.m. (PST), if you would like your application to be included in the first review. Candidates who pass the first application review round will be invited to interviews on the week of November 18, 2024.
For more information about the position and duties, please visit the recruitment brochure at this link:


The City of San Jos Information Technology Department seeks an experienced City Information Security Officer (CISO) to lead cybersecurity Citywide initiatives.


The CISO will direct the Cybersecurity Office as the City's principal executive leader for information and systems security. In partnership with the Chief Information Officer (CIO), they will manage risk identification, protection and compliance, threat detection, incident response (IR), and recovery services for all City departments to ensure business resilience.


The City's CISO must be able to apply expertise in security strategy, cybersecurity frameworks, managing staff and vendor services, leading incident management, and optimizing resources to achieve desired security outcomes.


Key responsibilities include but not limited to:
  • Lead and mentor the Cybersecurity team, offering expertise and support to foster growth and a collaborative environment.
  • Collaborate with business units and solution providers to provide optimal security measures and achieve a balance between sustaining business operations and achieving security compliance.
  • Coordinate with stakeholders within the City and partners/vendors outside of the City to ensure information and systems meet the City's standards for threat identification, protection, and risk detection.
  • Develop, operationalize, and enhance the City's cybersecurity strategic plan, programs, policies, and architecture, including vulnerability, risk, and threat management programs through remediation.
  • Conduct training programs to educate City personnel on relevant security best practices, foster diligence, and ensure compliance.
  • Provide expert security guidance to City departments and officials in service planning, procurements, contract negotiations, vendor management, and project management.
  • Provide expert guidance on regulations and standards (FISMA, FedRAMP, CJIS, PCI-DSS, HIPAA, etc.) the City must meet in providing municipal services, as well as security frameworks (NIST, ISO, IEEE, etc.) to shape City operations.
  • Oversee and lead incident management/response processes in coordination with City departments to respond and recover from incidents.
  • Resolve security-related audits in partnership with City staff.
  • Ensure comprehensive security strategies align with resilience plans and emergency management exercises.
  • Oversee vendor relationships and manage the City's procurement and utilization of cybersecurity products and services across departments.
  • Lead the annual Cybersecurity Assessment of the City's technology infrastructure.
  • Provide strategic and operational leadership to address cybersecurity in the City's emerging Internet-of-Things, smart communities, privacy, and equity through data initiatives.
  • Collaborate with the Digital Privacy Officer to address privacy challenges emerging from new technologies, including AI.
  • Implement governance policies to ensure responsible AI usage across the organization, aligning with ethical standards and risk management protocols.
  • Support the GovAI Coalition's initiatives to promote responsible and safe use of AI in government.
Please note that the City Information Security Officer (CISO) position is currently eligible for a hybrid telework schedule. The schedule for working remotely and onsite is subject to change.

Minimum Qualifications


Education and Experience:
A Bachelor's degree from an accredited college or university in computer science, management information systems, business/public administration, or a closely related field AND seven (7) years of increasingly responsible experience in cybersecurity application and infrastructure, technology management, or telecommunications, including a combination of five (5) years of supervisory and project personnel management experience, with at least three (3) years of supervision experience in direct support of information security programs of significant scale and scope similar to a large government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams in delivering goals and measured service levels.

Acceptable Substitution:
A master's degree in a relevant field from an accredited college or university may be substituted for one (1) year of the required three (3) years of supervision experience in direct support of information security programs of significant scale and scope similar to a large municipal government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams.


Licenses or Certificates:
Possess and maintain a current, terminal-level cybersecurity credential such as:
  • Certified Information Systems Security Professional (CISSP);
  • Certified Information Systems Auditor (CISA);
  • Certified Information Security Manager (CISM);
  • Certified in the Governance of Enterprise IT (CGEIT);
  • Certified in Risk and Information Systems Control (CRISC); or
  • An equivalent professional, industry-recognized certification acceptable to the City.
  • Obtain and maintain SECRET Security Clearance within a reasonable period of time acceptable to the City.
Passing the San Jose Police Department (SJPD) background check is also a condition of employment.

Other Qualifications


Competencies


The ideal candidate will possess the following competencies, as demonstrated in past and current employment history. Desirable competencies for this position include:


1) Job Expertise - The ideal candidate should have the following qualifications and experience:
  • Manage major technology services, programs, and products across multiple departmental technology environments and ensure cross-coordination between departments, including adherence to Citywide procedures/policies and state and federal regulations.
  • Relevant regulations and standards (FISMA, FedRAMP, CJIS, PCI-DSS, HIPAA, etc.).
  • Knowledge of local, state, and federal cybersecurity regulations.
  • Cybersecurity frameworks and standards (NIST, ISO, IEEE, CIS controls and frameworks such as COBIT and ITIL, etc.).
  • Threat and vulnerability management, including understanding of common cyber threats, vulnerabilities, attack vectors, and the tools to defend against them (e.g., intrusion detection systems, SIEM, firewalls, etc.).
  • Encryption and cryptography, including proficiency in data protection techniques, encryption methods, and secure communication protocols.
  • Hands-on experience with crisis management and managing Incident Response to security breaches, including incident detection, containment, eradication, forensics, recovery, and post-incident analysis.
  • Identity and Access Management (IAM) and expertise in managing user privileges, multi-factor authentication (MFA), and other access controls.
  • Cloud security, including familiarity with security challenges and solutions in cloud environments (Azure, Hyperconverged Infrastructure, private cloud).
  • Network security, including a strong understanding of securing network architecture, VPNs, secure web gateways, firewalls, and network segmentation.
  • Business continuity and disaster recovery planning, including developing and overseeing business continuity plans and disaster recovery strategies.
2) Analytical Thinking - Approaching a problem or situation by using a logical, systematic, sequential approach.

3) Conflict Management - Identifies and understands issues, problems, and opportunities; uses effective approaches for choosing a course of action or developing appropriate solutions.

4) Leadership - Leads by example; demonstrates high ethical standards; remains visible and approachable and interacts with others on a regular basis; promotes a cooperative work environment, allowing others to learn from mistakes; provides motivational supports and
direction.

5) Political Acumen - Demonstrates an understanding and consideration of how it will impact stakeholders and affected areas in the organization.

6) Decision Making - Identifies and understands issues, problems, and opportunities; uses effective approaches for choosing a course of action or developing appropriate solutions.

7) Vision/Strategic Thinking - Support, promote, and ensure alignment with the organization's vision and values. Understand how an organization must change in light of internal and external trends and influences. Builds a shared vision with others and influences others to translate vision into action.

8) Project Management - Ensures support for projects and implements agency goals and strategic objectives.

9) Communication Skills - Effectively conveys information (e.g., complex security concepts) to non-technical executives, council/committee members, and other stakeholders, and expresses thoughts and facts clearly, orally and in writing; demonstrates effective use of listening skills and displays openness to other people's ideas and thoughts; public relations during a crisis.


Additional Information:

Employment Eligibility: Federal law requires all employees to provide verification of their eligibility to work in this country. Please be informed that the City of San Jose will NOT sponsor, represent or sign any documents related to visa applications/transfers for H1-B or any other type of visa which requires an employer application.

Please note that applications are currently not accepted through CalOpps or any other third party job board application system.

This recruitment may be used to fill multiple positions in this, or other divisions or departments. If you are interested in employment in this classification, you should apply to ensure you are considered for additional opportunities that may utilize the applicants from this recruitment.

Please allow adequate time to complete the application and submit before the deadline or the system may not save your application. If your online application was successfully submitted, you will receive an automatic confirmation email to the email address you provided. IF YOU DO NOT RECEIVE THE CONFIRMATION, please email and we will research the status of your application.

The City of San Jose offers a wide range of core health benefits including Medical, Dental, Vision, Employee Assistance Program, Life Insurance, Disability, and Savings Plans. Please visit the City's for detailed information on coverage, cost, and dependent coverage.

For information on the City's Retirement Plan(pension for full-time employees), please visit the Office of Retirement Services You will be able to view information based on different Sworn/Federated job classification.

In additional to the benefits above, there is an to explore further benefits of working for the City of San Jose like paid leave, educational reimbursements, and holiday pay are specific to the job classification and union membership.

01


Please select the option that best describes how you meet the minimum qualifications for this position:
  • Master's Degree; and at least 7 years of increasingly responsible experience in cybersecurity application and infrastructure, technology management, or telecommunications, of which 5 years include experience in supervisory and project personnel management and 2 years of supervision experience in direct support of information security programs of significant scale and scope similar to a large government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams in delivering goals and measured service levels.
  • A Bachelor's Degree; and at least 7 years of increasingly responsible experience in cybersecurity application and infrastructure, technology management, or telecommunications, of which 5 years include experience in supervisory and project personnel management and 3 years of supervision experience in direct support of information security programs of significant scale and scope similar to a large government, to include budgeting, contracting, procurement, and supervision of staff and technical project teams in delivering goals and measured service levels.
  • None of the above.

02


Do you possess any one of the current (non-expired) certifications listed below? Please attach a scanned copy of the certification(s) you possess in the "File Attachments" part of the application process.
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified in Risk and Information Systems Control (CRISC)
  • Other Certification
  • I do not have any of these certifications.

03


How did you implement and operationalize a proactive cybersecurity program? Include the following: 1) Describe the top two (2) cybersecurity initiatives that you have recently completed in support of the program. 2) Provide details including business objectives for each initiative, the scope, size of the project team, length of the project, complexity, and verifiable outcomes. 3) Include the roles of two (2) stakeholders who supported the initiatives or benefited from the delivered work.

04


Provide an overview of your experience assessing the cybersecurity posture of an enterprise and leading the development and enhancement of a cybersecurity strategic plan, including cybersecurity procedures. In addition, include a recent experience responding to major real-life incidents.

05


Please provide an example of a recent situation where you exercised your leadership and management skills to build consensus amongst your team and stakeholders. Include the outcome and how you addressed competing opinions or conflicting priorities.

Required Question City of San Jose, CA

Job Tags

Holiday work, Full time, Contract work, Local area, Remote job, Flexible hours,

Similar Jobs

Entegee

Scrum Master Job at Entegee

 ...Job Description Job Description Summary: Seeking a Scrum Master for Digital Risk & Compliance to support product delivery teams, define...  ...Assist in collecting customer feedback effectively Upskill junior Scrum Master through coaching Pay Details: $40.00 to $... 

DeLallo Foods

Warehouse Daylight - $18/hour Job at DeLallo Foods

 ...of time with or without accommodation. Work in cold environments (36 to 0 degrees). Wear company issued uniforms and steel toed or composite toed safety shoes. Minimum of High School education or equivalent. Satisfy drug screening and background check requirements.... 

Optum

Physician - Breast Surgeon- Optum Tri-State Job at Optum

 ...Optum NY, (formerly Optum Tri-State NY) is seeking a Physician to join our team in Poughkeepsie, NY. Optum is a clinician-led care organization that is changing the way clinicians work and live. As a member of the Optum Care Delivery team, youll be an integral part... 

Domino's Pizza, Inc.

Delivery Driver (Concord/ Penacook) LEAVE CASH IN HAND DAILY, FLEXIBLE SCHEDULE, FUN ENVIRONMENT Job at Domino's Pizza, Inc.

Do you know why Domino's Pizza hires so many drivers? Well, aside from the fact that our delicious pizza is the perfect solution for dinner for families all across the nation - we do it because we can. What do we mean by that, you ask? We mean that w Delivery Driver, Delivery...

State of Florida

COURT INTERPRETER - 22012002 Job at State of Florida

 ...Requisition No:837981 Agency: State Courts System Working Title: COURT INTERPRETER - 22012002Pay Plan: State Courts System Position Number:22012002 Salary: $71,637 Annually (or $64,473 Annually if not yet certified) Posting Closing Date: 12/31/2024...