Director of Information Security - Philadelphia, United States - City of Philadelphia

Description

Job Description

A best-in-class city that attracts best-in-class talent, Philadelphia is an incredible place to build a career. From our thriving arts scene and rich history to our culture of passion and grit, there are countless reasons to love living and working here. With a workforce of over 30,000 people, and more than 1,000 different job categories, the City of Philadelphia offers boundless opportunities to make an impact.
As an employer, the City of Philadelphia values inclusion, integrity, innovation, empowerment, and hard work above all else. We offer a vibrant work environment, comprehensive health care and benefits, and the experience you need to grow and excel. If you're interested in working with a passionate team of people who care about the future of Philadelphia, start here.
What We Offer:

• Impact - The work you do here matters to millions.

• Growth - Philadelphia is growing, why not grow with it?

• Diversity & Inclusion - Find a career in a place where everyone belongs.

• Benefits - We care about your well-being.

The Office of Innovation & Technology (OIT) is the central IT agency for the City of Philadelphia headed by the Chief Information Officer (CIO). OIT oversees all major information and communications technology initiatives for the City of Philadelphia - increasing the effectiveness of the information technology infrastructure, where the services provided are advanced, optimized, and responsive to the needs of the City of Philadelphia's businesses, residents, and visitors. OIT responsibilities include: identifying the most effective approach for implementing new information technology directions throughout city government; improving the value of the city's technology assets and the return on the city's technology investments; ensuring data security continuity; planning for continuing operations in the event of disruption of information technology or communications services; and supporting accountable, efficient and effective government across every city department, board, commission and agency.

The Philadelphia International Airport is managed by the Department of Aviation of the City of Philadelphia. The airport handles approximately 82,000 travelers per day. The airport Information Technology department is headed by the Chief Information Officer (CIO). As the Director of Information Security, you will play a pivotal role in safeguarding the confidentiality, integrity, and availability of Philadelphia International Airport's information assets. Reporting directly to the Chief Information Security Officer (CISO), you will be tasked with leading strategic initiatives to mitigate cyber threats, ensure compliance with industry regulations & standards. Must have a sound business acumen to help identify, evaluate and report information security risks in a manner that supports the risk posture of the organization.

Essential Functions and Responsibilities:

• Strategic Leadership – Collaborate with the CISO and senior leadership to develop and maintain the organization's information security strategy, policies, and procedures. Provide strategic direction and guidance to the information security team, aligning security initiatives with business objectives and risk tolerance.
• Risk Management – Lead the identification, assessment, and prioritization of information security risks, threats, and vulnerabilities across the organization's IT infrastructure and systems. Implement risk mitigation strategies and controls to address identified risks effectively. Develop capabilities to manage third party Cybersecurity risks.
• Security Governance & Compliance – Lead the identification, assessment, and prioritization of information security risks, threats, and vulnerabilities across the organization's IT infrastructure and systems. Develop risk mitigation strategies and controls to address identified risks effectively.
• Threat Management – Execute strategies for continuous monitoring of network traffic, system logs, and user activities to identify unauthorized or suspicious behavior. Review security monitoring tools, technologies to detect and alert potential security incidents and anomalies. Maintain incident response plans and procedures to effectively respond to and mitigate security incidents. Lead the investigation of security breaches and incidents, coordinating response efforts and implementing corrective actions as necessary.
• Third Party Risk Management –Assess and manage risks associated with third-party vendors and service providers, ensuring contractual obligations and security requirements are met. Develop processes for evaluating monitoring vendor security posture and performance.
• Security Operations & Technology –Oversee the implementation and maintenance of security technologies and tools, ensuring they effectively identify, protect, detect, respond, and recover to security threats & vulnerabilities.
• Change Management –Lead change management committee for reviewing, approving, and implementing changes and ensuring security controls, configurations are updated and maintained. Foster open communication and collaboration among stakeholders, creating forums for dialogue to facilitate decision-making and address concerns related to change initiatives.

Experience/Required skills:

• Strong leadership and management skills are essential for effectively leading a team of security professionals.
• Proficiency in risk management is necessary for identifying, assessing, and mitigating information security risks.
• In-depth knowledge of security architecture and design is necessary for developing and implementing robust security controls.
• Expertise in security operations is essential for monitoring, detecting, and responding to security threats and incidents.
• A comprehensive understanding of compliance and regulatory requirements is crucial for ensuring that the organization's security practices align with relevant standards and regulations.
• Excellent communication and presentation skills are needed for effectively conveying complex security concepts to non-technical stakeholders.
• Strategic planning and execution skills are essential for developing and implementing a comprehensive information security strategy aligned with business objectives.
• Proficiency in vendor management is necessary for evaluating and selecting security vendors and managing vendor relationships effectively.
• Strong team building, and development skills are crucial for fostering a collaborative and high-performing security team.

Desired Experience and Abilities:

• Proficiency in analyzing, evaluating security threats and vulnerabilities, as well as assessing the potential impact on the organization.
• Extensive experience in conducting thorough risk assessments, vulnerability assessments, and penetration testing to identify and prioritize security risks.
• Ability to architect and integrate security solutions into the organization's infrastructure, ensuring the confidentiality, integrity, and availability of information assets.
• Commitment to staying updated on emerging security threats, trends, and technologies.
• Ability to adapt to evolving security challenges and requirements, proactively adjusting security strategies and tactics to address new threats and vulnerabilities.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
• Familiarity with cybersecurity principles, tools, and best practices.

• Bachelor's degree in Computer Science, Information Technology, Information Systems or a related field; Master's degree preferred.
• Minimum of 10 years of progressive experience in information security, with 5 years of leadership or managerial experience.
• Proven track record of developing and implementing information security strategies and initiatives in alignment with NIST Cybersecurity Framework.
• Experience with conducting risk assessments, vulnerability assessments, and developing risk mitigation strategies.
• Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.
• Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
• In-depth knowledge of cybersecurity principles, technologies, and best practices.
• Strong understanding of regulatory requirements and compliance frameworks.
• Excellent leadership, communication, and stakeholder management skills.
• Relevant certifications such as CISSP, CISM, or CRISC are highly desirable.
• Experience with security compliance frameworks (e.g., CIS, NIS CSF, NIST RMF, ISO is a plus.

Salary Range: $120,000 - $130,000

Starting salary to be determined based on experience and qualifications.

Important: To apply, candidates must provide a cover letter and a resume.

SPECIAL REQUIREMENTS: Must be a Philadelphia resident. Successful candidate must be a city of Philadelphia resident within six months of hire. Candidate must pass a background check. . Currently, the position is hybrid with a combination of remote and on-site at Philadelphia International Airport (3-days on-site, 2 days remote). This is subject to change.

PHYSICAL AND MENTAL DEMANDS: Position requires a high level of mental concentration and commitment.

Discover the Perks of Being a City of Philadelphia Employee:

• We offer Comprehensive health coverage for employees and their eligible dependents

• Our wellness program offers eligibility into the discounted medical plan

• Employees receive paid vacation, sick leave, and holidays

• Generous retirement savings options are available

• Pay off your student loans faster - As a qualifying employer, City of Philadelphia employees are eligible to participate in the Public Service Loan Forgiveness program. Join the ranks of hundreds of employees who have already benefited from this program and achieved student loan forgiveness.

• Enjoy a Free Commute on SEPTA - Starting September 1, 2023, eligible City employees will no longer have to worry about paying for SEPTA public transportation. Whether you're a full-time, part-time, or provisional employee, you can seize the opportunity to sign up for the SEPTA Key Advantage Program and receive free Key cards for free rides on SEPTA buses, trains, trolleys, and regional rails.

• Unlock Tuition Discounts and Scholarships - The City of Philadelphia has forged partnerships with over a dozen esteemed colleges and universities in the area, ensuring that our employees have access to a wide range of tuition discounts and scholarships. Experience savings of 10% to 40% on your educational expenses, extending not only to City employees but in some cases, spouse and dependents too
Join the City of Philadelphia team today and seize these incredible benefits designed to enhance your financial well-being and personal growth

*The successful candidate must be a city of Philadelphia resident within six months of hire

Effective May 22, 2023, vaccinations are no longer required for new employees that work in non-medical, non-emergency or patient facing positions with the City of Philadelphia. As a result, only employees in positions providing services that are patient-facing medical care (ex: Nurses, doctors, emergency medical personnel), must be fully vaccinated.

The City of Philadelphia is an Equal Opportunity employer and does not permit discrimination based on race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, source of income, familial status, genetic information or domestic or sexual violence victim status. If you believe you were discriminated against, call the Philadelphia Commission on Human Relations at or send an email to