Chief Information Security Officer - Baltimore, United States - City of Baltimore
Description
THIS IS A NON-CIVIL SERVICE POSITION
POSTING DATE:
04/24/2024
CLOSING DATE:
06/24/2024 AT 12:00
MIDNIGHT
SALARY:
$116, $192, Annually
CLASS DESCRIPTION
The Baltimore City Office of Information and Technology (BCIT) is seeking a Chief Information Security Officer (CISO) who will be responsible for developing and aligning the City's cybersecurity strategy to support the City's mission and priorities.
The incumbent will evaluate and prioritize City-wide investments in cybersecurity tools and implements effective processes and metrics to improve the City's cyber security defense posture.
As the CISO, you will implement City-wide cybersecurity policies and controls, and ensures compliance with regulatory requirements.You will be responsible for securing IT resources in the cloud as well as protecting IT resources within the organization's perimeter.
A key element of the CISO's role will be working with the executive management team to determine acceptable levels of risk for the organization.
The CISO will report to the City's Chief Information Officer (CIO).
ESSENTIAL FUNCTIONSLeads the City's cybersecurity program across a broad range of disciplines including risk management, compliance audits, incident response, security tool implementation and monitoring/detection, metrics, analytics, threat hunting/emulation, security engineering, application security, governance, and training.
Updates and maintains the city's cybersecurity strategy and implementation roadmap, leveraging the latest industry research, threat analysis, and lessons learned and aligns with the city's IT strategy and objectives.
Oversees the City's security operations, identifies and addresses gaps and monitors and optimizes operational effectiveness using metrics.Designs, procures, integrates, configures, and manages a comprehensive suite of security tools and monitoring technologies based on a continuous review of threats, industry best practices, and gaps in the environment.
Leverages internal and external intelligence sources to provide continuous monitoring and detection of threats. Leads City-wide detection and response activities.Leads the City's cybersecurity governance including development and maintenance of security standards, assessment of security controls and compliance monitoring.
Maintains and improves the City's security engineering processes to ensure all IT resources are developed and implemented with effective security controls built in.
Leads the application security program to include penetration testing, static code analysis, dynamic code analysis and collaborates with the application development team to implement effective security training.
Provide regular reporting and updates on the current status of the City's information security program to senior City leaders.Ensure compliance with the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) and other applicable regulations and governing frameworks.
Maintain and update vendor security risk management process to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
Create and manage an information security awareness training program for all employees, contractors, and approved system users, and maintain metrics to measure the effectiveness.
Effectively works with City leadership to ensure the consistent application of security standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
Responsible for managing and meeting Infosec budget targets.Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
EDUCATION
ANDEXPERIENCE REQUIREMENTS
EDUCATION:
Have a Bachelor of Science degree in Information Technology, Computer Science, Computer Engineering or a related discipline from an accredited college or university.
AND
EXPERIENCE:
Have Twelve (12) years of experience with at least five to eight (5-8) years of supervisory responsibilities.
OR
NOTES(EQUIVALENCIES):
Have an equivalent combination of education and experience. Non-supervisory experience or education may not be substituted for the required supervisory experience.
DESIRED QUALIFICATIONS
Master's Degree Science in Information Technology, Computer Science, Computer Engineering or a related discipline from an accredited college or universityCertifications - CISSP, CISM, CCSP, GSLCKNOWLEDGE, SKILLS,
ANDABILITIES
Comprehensive knowledge of cybersecurity, operational, incident response and security tools best practices.
Ability to lead city-wide initiatives and collaborate across organizational boundaries.
Experience with business practices, budgeting, monitoring, and support service operations for large government or business organizations.
Understands how to build resilience in security operations leveraging the kill chain and intelligence driven defense.
Knowledge of project planning and scheduling; audit and compliance programs; and pertinent regulations.
Ability to analyze and resolve complex business problems.
Ability to collaborate with Subject Matter Experts (SME's) and resolve complex issues.
Knowledge technology advances and trendsStrong communications skills to effectively communicate IT-related information to agency leadership and stakeholders.
Strong interpersonal and communication skills and the ability to work effectively with a wide range of constituencies in a diverse community.
Skill in organizing resources and establishing priorities.NOTE:
Those eligible candidates who are under final consideration for appointment to positions in this class will be required to authorize the release of criminal conviction information.
Financial Disclosure:
This position is required to complete a Financial Disclosure pursuant to Sections 7-7, 7-8, and 7-9 of the City Ethics Law.
BALTIMORE CITY AN EQUAL OPPORTUNITY EMPLOYER
#J-18808-Ljbffr