What We Offer
The County of Ventura offers an attractive compensation and benefits package. Aside from our salary of approximately $104,085 to $145,734an employee within this position will also be eligible for the following:
- Educational Incentive- An educational incentive of 2.5% for completion of an associate's degree, 3.5% for completion of a bachelor's degree, OR 5% for completion of a graduate's degree.
- Annual Leave Accrual -208 hours earned per year, increasing to 288 hours after 5 years of service.
- Annual Leave Redemption-The ability to "cash in" or redeem up to 100 hours of Annual Leave per year after using 80 hours.
- Deferred Compensation- Eligible to participate in the County's 401(k) Shared Savings Plan and/or the Section 457 Plan. This position is eligible for up to a 3% match on your 401(k) contributions.
- Health Plans? You are afforded a flexible credit allowance of up to $11,622 annually for purchasing medical, dental, and/or vision insurance from a group of authorized plans.
- Flexible Spending Accounts-Employees may also participate in the Flexible Spending Accounts which increase their spending power by reimbursing them with pre-tax dollars for IRS approved dependent care and health care expenses.
- Pension Plan- Both the County and you contribute to the County's Retirement Plan and to Social Security. If you are eligible, you may establish reciprocity with other public retirement systems such as PERS.
- Holidays- 10 paid days per year which includes a scheduled floating holiday.
More benefit information may be found in the Benefits tab.
Our County and Community
Ventura County is located on California's "Gold Coast," approximately 35 miles northwest of Los Angeles and 20 miles southeast of Santa Barbara. Residents enjoy rolling hills and sweeping ocean views in a nearly perfect Mediterranean climate with an average annual temperature of 74.2 degrees. The beauty and weather combined with a wonderful quality of life are among the many reasons our residents choose to call Ventura County "home."
Ventura County is a "general law" county, governed by a five-member, elected?by-district Board of Supervisors. The Supervisors appoint a County Executive Officer (CEO) to oversee the County budget, day-to-day operations, as well as to advise, assist and act as an agent for the Board of Supervisors in all matters under the Board's jurisdiction.
County operations have an operating budget of approximately $2.3 billion with a staffing allocation of 8,900. The County has excellent financial standing with its AAA rating, the highest possible long-term bond rating, from Moody's and Standard & Poor's. The County excels in its financial and business operations which are based in continuous process improvement and was just ranked as the third best large County in the United States for its use of technology to improve services and boost efficiencies for the public.
Under general direction of the County Chief Information Officer, the Chief Information Security Officer directs countywide information security programs that are designed to provide the protection and confidentiality of data and systems, along with other information assets of Ventura County while supervising a team of 4, with 3 direct reports.
This single position class has Countywide responsibility for formulating and promulgating policy and developing, managing and integrating Countywide information security and privacy related programs.
The ideal candidate willhave five (5) or more years of managing information technology security programs encompassing enterprise technology in an environment of diverse stakeholders. Responsibility will include security policy development, risk assessment, education and awareness, incident response, data classification, standards definition, compliance monitoring and sourcing solutions for enterprise wide technology security functions as well as negotiating, documenting and managing required service levels from outside providers.
The Chief Information Security Officer is an at-will classification which is exempt from the provisions of the Civil Service Ordinance.
View a testimonial of what it's like to work for theInformation Technology Services Department Examples Of Duties
Duties may include, but are not limited to the following:
- Develops, implements and manages a strategic, comprehensive enterprise-wide information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled and processed by the organization.
- Manages the enterprise's information security organization, consisting of direct reports and indirect reports.
- Directs and participates in the identification of security risks, development and implementation of security management practices and policies, the measurement and monitoring of security protection measures, and compliance monitoring.
- Creates, communicates and implements a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
- Creates and manages information security and risk management awareness training programs for all employees, contractors and approved system users.
- Works directly with business units to facilitate IT risk assessment and risk management processes, and works with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
- Reports on the current status of the information security program to senior business leaders and executives.
- Creates a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
- Provides strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Liaisonwith the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
- Ensures that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
- Defines and facilitates the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
- Manages security incidents and events to protect County IT assets, including intellectual property and regulated data.
- Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action.
- Liaisonwith external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
- Coordinates the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
- Makes recommendations to the governance committee(s) and affected departments as a subject matter expert and internal consultant on the data security implications of proposed new major information technology projects and programs.
- Supervises the selection, implementation and maintenance of all centralized network security infrastructure components, including all network perimeter security, virus protection, remote access, and authentication systems.
- Proposes the best sourcing solutions for Countywide technology security functions, negotiating, documenting and managing required service levels from outside providers, and serving as a communication channel between such outside providers, County of Ventura Information Technology Services Department, and agency and departmental IT staff.
- Continuously monitors the operational costs of the assigned functional area to assure compliance to budgetary requirements and provides cost and revenue projections, provides rationale for revision of rates for billable services and equipment.
- Collaborates with other divisions/teams to provide timely and effective delivery of services.
- Conducts regular audits and assessments of department/agency information security practices as a means of validating and ensuring applied information security best practices.
These are entrance requirements to the examination process and assure neither continuance in the process nor placement on an eligible list.
EDUCATION, TRAINING and EXPERIENCE:
Extensive recent experience formulating, socializing, implementing and managing enterprise-wide technology security programs within a large diverse environment of business stakeholders including management of the related technology security team, negotiating and coordination of third party security service providers/vendors and progressive technical administration of current security infrastructure systems and relevant applications.
The required knowledge, skills and abilities may also be obtained by a minimum of five (5) years of security project management experience including the supervision of security technical staff.Some experience with negotiating contracts and working with 3rd party security service providers is required.
NECESSARY SPECIAL REQUIREMENTS:
Possession of, or ability to obtain, a valid California driver license.
Possession of, or have the means and ability to obtain, a Certified Information Systems Security Professional (CISSP)ORCertified Information Security Manager (CISM) accredited by Information Systems Audit and Control Organization within a year of employment.
Certified Information Systems Auditor (CISA)
Knowledge, Skills, and Abilities
- Extensive knowledge and understanding of relevant legal and regulatory requirements, such as Criminal Justice Information Systems (CJIS) Security, Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
- Extensive knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.
- Extensive knowledge of information security controls and methods, including a mix of the following:
- Intrusion Detection/intrusion Prevention Systems (IDA/IPS)
- Virtual Private Networks (VPN)
- Remote Access Systems (RAS)
- Public Key Infrastructure (PKI)
- Digital Certificates
- Distributed Denial of Service Attacks (DDOS)
- DMA/Transaction Zones
To APPLY for this exceptional career opportunity, please send aresume and a cover letter which illustratesallof the following:
- Your experience managing information technology security programs encompassing enterprise technology in a large, diverse environment.
- Your experience managing security technology teams.
- Your experience negotiating contracts and working with third-party security service providers.
- Your experience with administration of current security infrastructure systems and relevant applications.
If interested you may do one of the following:
Submit an online application atwww.ventura.org/jobsand attach your current resume and cover letter.
First review of resumes isanticipated to be the week of March 26, 2019, to determine if the stated requirements are met. All relevant work experience, training and education need to be included to determine eligibility. Review will be on a weekly basis thereafter.
Following an evaluation of the resumes, the most qualified candidates will be invited to a panel interview.The top candidates, as determined by the panel, will then be invited to a second/final interview. The interviews may be consolidated into one process or expanded into multiple interviews contingent upon the size and quality of the candidate pool.
BACKGROUND INVESTIGATION:The selected candidate may be subjected to a thorough background investigation which may include inquiry into past employment, education, criminal background information, and driving record. In addition, the successful candidate may be subjected to Live Scan fingerprinting.
For further information regarding this recruitment, please, contactMonika Maineby email [email protected]orbytelephone at (805) 654-2629.