The City of Riverside seeks an experienced Chief Innovation Security Officer (CISO), Non-classified* to direct and oversee Innovation and Technology (IT) Security programs and operations Citywide. The CISO will set the City's cyber security vision, develop policy, mitigate risk, train others on security policies and practices, ensure systems and data are working and be an IT security business partner for our 17 departments, Chief Innovation Officer, and executive leaders. The ideal candidate will be a hands-on participative leader with extensive experience writing and optimizing IT security policy and procedures, mitigating risk, and serving as a subject matter expert and business partner to the organization. Our CISO should be creative, agile, flexible, and forward thinking to stay on the forefront of IT security. The City of Riverside is nationally recognized for the innovative technology services provided to its constituents, if you are looking to join a forward-thinking organization in a unique and expanding urban center, this is the job for you!
*This position is designated as Non-Classified and is exempt from the classified service. The Incumbent shall be appointed "at-will" and serve at the pleasure of the City Manager. Positions in this classification may be eligible to have salary increased to a maximum of fifteen percent beyond the regularly assigned top step of the salary range for “outstanding performance”, subject to City Manager approval.
IDEAL CANDIDATE
We seek a proactive, hands-on leader with proven experience in developing and enhancing IT security policies, mitigating risks, and serving as a trusted advisor to the organization. Our ideal CISO is innovative, an excellent communicator, action-oriented, adaptable, and forward-thinking, consistently staying ahead of emerging IT security trends. We need a solution-driven partner who can unify the department and City under a cohesive security strategy, finding creative ways to enable business objectives while maintaining robust protection.
Our ideal CISO will also be able to:
- Evaluate diverse data types and IT infrastructures, understanding system interconnections to implement comprehensive security measures.
- Analyze system dependencies, confidentiality, integrity, and availability to identify critical assets and implement appropriate controls.
- Develop tailored cybersecurity policies that balance operational needs, unique system requirements, regulatory compliance, and risk tolerance.
- Communicate IT risk findings and mitigation strategies effectively to stakeholders, ensuring timely remediation.
- Apply industry best practices to craft and update cybersecurity policies aligned with organizational goals.
- Ensure compliance with local, state, and federal regulations (e.g., HIPAA, CJIS) when developing policies, RFPs, and technology architectures.
- Create and implement a comprehensive, organization-wide IT security strategic plan.
- Design and deliver regular training sessions to educate staff and stakeholders on cybersecurity practices, policies, and risk management.
- Provide expert guidance and support to technical and business users to enhance security, address threats, and safeguard the City's digital assets.
Leadership/Interpersonal:
- Partner with department heads and City leaders on all information security initiatives and decisions.
- Champion cybersecurity awareness and education throughout the organization.
- Drive projects forward by overcoming technical and business obstacles with influential leadership.
- Demonstrate innovative thinking to achieve client goals while maintaining a strong customer service focus.
- Introduce fresh perspectives, drive change, and exemplify transformational leadership.
- Blend technical expertise with strong interpersonal skills to build trust and positive relationships across the organization.
- Exhibit self-motivation, attention to detail, and adaptability in a dynamic environment.
THE JOB
The CISO will articulate security risks, form and direct policy, lead short- and long-term security strategies, direct disaster recovery and business continuity plans, and create a culture of awareness and appreciation for cyber security/cyber hygiene by developing and implementing curriculum and training organization-wide. This position also develops and directs information security (cyber security) programs, architecture, vendors and policies that protect the City's information, digital and physical assets. The CISO is an at-will position that reports to the Chief Innovation Officer (CIO), and oversees an approximate budget of $750K and a security analyst, with dotted-line security oversight of all information technology staff and Citywide technology. We are looking for a highly experienced technical and strategic leader with exposure to more than one of the following regulations:
- Payment Card Industry (PCI)
- Critical Infrastructure Protection (CIP)
- Health Information Privacy and Portability Act (HIPAA)
- Criminal Justice Information systems (CJIS)
Riverside IT's Upcoming Challenges/Opportunities:
- ERP, Asset Management and 311 system replacement
- Design and implement IT security including implementing device posture assessment, micro-segmentation and security zones.
- Redesign the City's internet perimeter.
- Lead replication, redundancy and disaster recovery systems for an active/active data center that is currently being built using software defined firewalls, networking and data center.
- Implement unsupervised machine learning that recognizes threats.
- Continue expanding least privileged and defense in depth strategy across the City.
- Security and operational controls monitoring, validation and optimization.
Minimum Qualifications:
Option I:
Education: Equivalent to a Bachelor's degree from an accredited college or university with major study in cyber security administration, information technology, computer science, or a related field. A Master's degree may substitute for one year of the required experience.
Experience: Eight years of progressively responsible information security, server and network security, and information technology experience, including intrusion detection and prevention systems, and preferably involving regulated industries and/or public organizations, and supervisory accountability.
Option II:
Education: Associate's Degree from an accredited college or university with major study in cyber security administration, information technology, computer science, or a related field.
Experience: Ten years of progressively responsible information security, server and network security, and information technology experience, including intrusion detection and prevention systems, and preferably involving regulated industries and/or public organizations, and supervisory accountability.
Highly Desired Qualifications:
Experience and Education:
- Experience in regulated industries and/or public agency.
- Supervisory accountability.
- Master's degree in information security, or a related field.
Certifications:
- Chief Information Security Officer (CISO)
- Information Systems Security Professional (CISSP)
- Information Infrastructure Library (ITIL)
- GIAC Information Security
- Computer Security Incident Response (CSIRT)
Necessary Special Requirement:
- Possession of an appropriate, valid class "C" California Motor Vehicle Operator's License.
**When assigned to the Police Department, must be able to successfully pass an extensive police background.**
DOCUMENTS REQUIRED AT THE TIME OF APPLICATION:
1) Completed Employment Application
2) Completed Supplemental Questionnaire
3) Resume and Letter of Interest
FOR GENERAL INFORMATION ON COMPLETING YOUR ON-LINE APPLICATION, CLICK HERE: (Application Guide).
The selection process will begin with an employment application package screening, with the best qualified candidates being invited to participate further in the assessment process. This process may include any combination of written, performance, and oral assessments to evaluate job-related education, experience, knowledge, skills, and abilities. Those who successfully complete the selection process will be placed on the eligibility list for this classification.
IMPORTANT INFORMATION ON SCHEDULING ASSESSMENTS:
If you are selected to move forward in the assessment process, you may be required to self-schedule your appointment. You will be notified via email of your status and provided with self-scheduling instructions. Please check your email regularly following the closing date of this recruitment.
Positions that require, or may require, a California Commercial Driver’s License are considered Safety Sensitive and are monitored by the U.S. Department of Transportation. Any candidate being considered for a Safety Sensitive position must submit authorization forms to the City immediately upon request to begin the pre-employment process.
It is the responsibility of candidates with a disability requiring accommodation in the assessment process to contact the Human Resources Department in writing to request such accommodation prior to the closing date of this recruitment.
Appointment may be subject to the successful completion of a pre-employment background investigation, drug screen, and/or medical/physical examination.
NOTE: The City reserves the right to modify selection devices and test instruments in accordance with accepted legal, ethical, and professional standards. Candidates may reapply when there is a posting to establish an eligibility list.
EDUCATIONAL REQUIREMENTS:
Proof of education listed in your application will be requested at the time of conditional offer. Acceptable documentation consists of transcripts or degree, if applicable, by the accredited U.S. college or university.
Education obtained outside the United States (US) require one of the following options:
- An equivalency statement from an evaluation company certified by the National Association of Credential Evaluation Services (NACES) at http://www.naces.org/members.html or the Association of International Credential Evaluators Inc. (AICE) at http://aice-eval.org/members/.
- An advanced-level degree from an accredited US college or university.
All applicants will be notified via e-mail or telephone of their application status and the assessment dates/times/locations after the closing date of this announcement.
THE PROVISIONS OF THIS JOB ANNOUNCEMENT DO NOT CONSTITUTE AN EXPRESSED OR IMPLIED CONTRACT.
#J-18808-Ljbffr