The Riverside County's Information Technology department has an opening for a Deputy Chief Information Security Officer (Deputy CISO) that will be assigned to the Information Security Office located in Riverside.The Deputy CISO will assist in directing the enterprise information security and risk management programs and cyber security operations.

The Deputy Chief Information Security Officer (Deputy CISO) is an assistant director level classification and reports to the Chief Information Security Officer (CISO). The Deputy CISO is characterized by sharing Countywide responsibility for formulating and promulgating policy for, and developing, managing and integrating Countywide information security and privacy related programs designed to protect all County information systems and data. The Deputy CISO assists in directing Countywide information security and related privacy efforts through subordinate staff, and through department designated Information Security Officers. The incumbent must exercise strong organizational and team leadership skills to facilitate interdepartmental compliance and to ensure that departmental IT security staffs fully integrate appropriate security and privacy practices. In the CISO’s absence, Deputy CISO may be called to act as the official HIPAA Security Officer of the County and shall assist in coordinating and overseeing generally all HIPAA security requirements for the County.

This class has been designated At-Will by the Board of Supervisors, in accordance with the provisions provided under Article 6, Section 601E (8) of the County Management Resolution and serves at the pleasure of the Chief Information Security Officer.

This class has been deemed eligible for the Performance Recognition Plan as set forth under Article 3, Section 311 of the County Management Resolution. Program eligibility requires employees to be in a leadership position, manage other employees or programs, and have significant influence on the achievement of organizational objectives.

MINIMUM QUALIFICATIONS:

Education : Graduation from an accredited college or university with a bachelor's degree, preferably with major course work in computer science, information systems, electronics engineering, voice/data communications, public/business administration, or a closely related field to the assignment. (Additional qualifying experience may substitute for the required education on the basis of one year of full-time experience equaling 60 semester or 90 quarter units of education.)

Experience : Ten years of management experience in the information technology profession with five years concentrated in information security. Five years of experience as a County Information Security Analyst III, with management experience, may substitute for this experience requirement. Must have experience with firewalls, anti-virus, Intrusion Detection/Intrusion Prevention Systems (IDA/IPS), virtual private networks (VPN), remote access systems (RAS), public key infrastructure (PKI), encryption, digital certificates, routers, sniffers, distributed denial of service attacks (DDOS), biometrics, DMZ/Transaction Zones, business continuity planning, auditing, HIPAA and related regulatory compliance requirements, risk management, contract and vendor negotiation, and physical security.

Other Requirements: Must possess and maintain current certification within guidelines established by the International Information Systems Security Certification Consortium, Inc. (ISC)² as a Certified Information Systems Security Professional (CISSP).

A successful Security Clearance conducted by the Sheriffs' Department is required.