The Position
The City of Riverside seeks an experienced Chief Innovation Security Officer (CISO), Non-classified* to direct and oversee Innovation and Technology (IT) Security programs and operations Citywide. The CISO will set the City's cyber security vision, develop policy, mitigate risk, train others on security policies and practices, ensure systems and data are working and be an IT security business partner for our 17 departments, Chief Innovation Officer, and executive leaders. The ideal candidate will be a hands-on participative leader with extensive experience writing and optimizing IT security policy and procedures, mitigating risk, and serving as a subject matter expert and business partner to the organization. Our CISO should be creative, agile, flexible, and forward thinking to stay on the forefront of IT security. The City of Riverside is nationally recognized for the innovative technology services provided to its constituents, if you are looking to join a forward-thinking organization in a unique and expanding urban center, this is the job for you!
- This position is designated as Non-Classified and is exempt from the classified service. The Incumbent shall be appointed "at-will" and serve at the pleasure of the City Manager. Positions in this classification may be eligible to have salary increased to a maximum of fifteen percent beyond the regularly assigned top step of the salary range for “outstanding performance”, subject to City Manager approval.
IDEAL CANDIDATE
We seek a proactive, hands-on leader with proven experience in developing and enhancing IT security policies, mitigating risks, and serving as a trusted advisor to the organization. Our ideal CISO is innovative, an excellent communicator, action-oriented, adaptable, and forward-thinking, consistently staying ahead of emerging IT security trends. We need a solution-driven partner who can unify the department and City under a cohesive security strategy, finding creative ways to enable business objectives while maintaining robust protection.
Our ideal CISO will also be able to:
- Evaluate diverse data types and IT infrastructures, understanding system interconnections to implement comprehensive security measures.
- Analyze system dependencies, confidentiality, integrity, and availability to identify critical assets and implement appropriate controls.
- Develop tailored cybersecurity policies that balance operational needs, unique system requirements, regulatory compliance, and risk tolerance.
- Communicate IT risk findings and mitigation strategies effectively to stakeholders, ensuring timely remediation.
- Apply industry best practices to craft and update cybersecurity policies aligned with organizational goals.
- Ensure compliance with local, state, and federal regulations (e.g., HIPAA, CJIS) when developing policies, RFPs, and technology architectures.
- Create and implement a comprehensive, organization-wide IT security strategic plan.
- Design and deliver regular training sessions to educate staff and stakeholders on cybersecurity practices, policies, and risk management.
- Provide expert guidance and support to technical and business users to enhance security, address threats, and safeguard the City's digital assets.
Leadership/Interpersonal
Partner with department heads and City leaders on all information security initiatives and decisions. Champion cybersecurity awareness and education throughout the organization. Drive projects forward by overcoming technical and business obstacles with influential leadership. Demonstrate innovative thinking to achieve client goals while maintaining a strong customer service focus. Introduce fresh perspectives, drive change, and exemplify transformational leadership. Blend technical expertise with strong interpersonal skills to build trust and positive relationships across the organization.
- Exhibit self-motivation, attention to detail, and adaptability in a dynamic environment.
Work Performed
Some of the City's innovative programs include:
- Access our virtual, 24/7 City Hall at https://riversideca.gov/ where almost all citywide services are available and offered online.
- An advanced real-time crime center to improve community safety and wellbeing.
- Smart Cities initiatives such as park your way, utility modernization, infrastructure modernization, Enterprise applications upgrades, AI data analytics, and Hybrid Cloud.
- Digital equity and broadband accessibility.
THE JOB
The CISO will articulate security risks, form and direct policy, lead short- and long-term security strategies, direct disaster recovery and business continuity plans, and create a culture of awareness and appreciation for cyber security/cyber hygiene by developing and implementing curriculum and training organization-wide. This position also develops and directs information security (cyber security) programs, architecture, vendors, and policies that protect the City's information, digital and physical assets. The CISO is an at-will position that reports to the Chief Innovation Officer (CIO) and oversees an approximate budget of $750K and a security analyst, with dotted-line security oversight of all information technology staff and Citywide technology. We are looking for a highly experienced technical and strategic leader with exposure to more than one of the following regulations:
- Payment Card Industry (PCI)
- Critical Infrastructure Protection (CIP)
- Health Information Privacy and Portability Act (HIPAA)
- Criminal Justice Information systems (CJIS)
Riverside IT's Upcoming Challenges/Opportunities:
- ERP, Asset Management and 311 system replacement
- Design and implement IT security including implementing device posture assessment, micro-segmentation, and security zones.
- Redesign the City's internet perimeter.
- Lead replication, redundancy, and disaster recovery systems for an active/active data center that is currently being built using software-defined firewalls, networking, and data center.
- Implement unsupervised machine learning that recognizes threats.
- Continue expanding least privileged and defense in depth strategy across the City.
- Security and operational controls monitoring, validation, and optimization.
Under general direction of the Chief Innovation Officer, direct citywide information security and cyber security programs that are designed to provide the protection and confidentiality of data, along with other information assets of the City of Riverside; and perform other related duties as required.
When assigned to the Innovation and Technology Department, typical duties may include, but are not limited to, the following:
- Oversee the development and implementation of Citywide information security policies and procedures to protect the City from internal and external information technology threats and vulnerabilities.
- Direct the preparation of short and long-term strategies for optimizing the City's Information Security Plan, and formulate and recommend citywide policies for detecting, deterring, and mitigating information security threats.
- Direct and participate in the identification of security risks, development, and implementation of security management practices, and the measurement and monitoring of security protection measures.
- Review and recommend the professional development curriculum for City's Innovation and Technology, security, and privacy staff to ensure adequate and appropriate training standards in information security and protection measures and coordinate related training and awareness programs.
- Direct the development and promotion of security and privacy awareness training and education for all levels of the City's organization structure on an ongoing basis.
- Participate in the development and implementation of disaster recovery and business continuity plans, to ensure that appropriate information technology security measures are addressed.
- Participate in the development, implementation, and compliance monitoring of IT security agreements, business associate agreements, chain-of-trust agreements, Memoranda of Understanding (MOUs), and similar documents that involve access to or exchange of City information to ensure all security concerns are addressed.
- Lead vendor activities, write and evaluate proposals, and negotiate contracts for citywide information security related software, equipment, and services, and present recommendations for funding and approvals to the Chief Innovation Officer.
- Respond to and assist in due diligence and audit requests.
- Conduct periodic departmental cyber security audits.
- Ensure that technology decisions made are compliant with enterprise security architecture.
- Collaborate with City Departments on security solutions.
- Participate in systems design to ensure implementation of appropriate cyber security policies.
- Respond to network and system intrusive activity and analyze network traffic and system logs to determine corrective action and implement countermeasures.
- Manage a computer crime or incident scene, including recognition of the proper investigative approach, conducting a field of search to establish probable cause for seizure, proper collection methods, evidence preservation, transportation, analysis, and case management.
Qualifications
Option I:
Education: Equivalent to a Bachelor's degree from an accredited college or university with major study in cyber security administration, information technology, computer science, or a related field. A Master's degree may substitute for one year of the required experience.
Experience: Eight years of progressively responsible information security, server and network security, and information technology experience, including intrusion detection and prevention systems, and preferably involving regulated industries and/or public organizations, and supervisory accountability.
Option II:
Education: Associate's Degree from an accredited college or university with major study in cyber security administration, information technology, computer science, or a related field.
Experience: Ten years of progressively responsible information security, server and network security, and information technology experience, including intrusion detection and prevention systems, and preferably involving regulated industries and/or public organizations, and supervisory accountability.
Highly Desired Qualifications:
- Experience in regulated industries and/or public agency.
- Supervisory accountability.
- Master's degree in information security, or a related field.
Any equivalent combination of experience and training which provides the knowledge and abilities necessary to perform the work may be considered.
Certifications:
- Chief Information Security Officer (CISO)
- Information Systems Security Professional (CISSP)
- Information Infrastructure Library (ITIL)
- GIAC Information Security
- Computer Security Incident Response (CSIRT)
Necessary Special Requirement:
- Possession of an appropriate, valid class "C" California Motor Vehicle Operator's License.
**When assigned to the Police Department, must be able to successfully pass an extensive police background.**
Selection Process
DOCUMENTS REQUIRED AT THE TIME OF APPLICATION:
- Completed Employment Application
- Completed Supplemental Questionnaire
- Resume and Letter of Interest
The selection process will begin with an employment application package screening, with the best qualified candidates being invited to participate further in the assessment process. This process may include any combination of written, performance, and oral assessments to evaluate job-related education, experience, knowledge, skills, and abilities. Those who successfully complete the selection process will be placed on the eligibility list for this classification.
IMPORTANT INFORMATION ON SCHEDULING ASSESSMENTS:
If you are selected to move forward in the assessment process, you may be required to self-schedule your appointment. You will be notified via email of your status and provided with self-scheduling instructions. Please check your email regularly following the closing date of this recruitment.
Positions that require, or may require, a California Commercial Driver’s License are considered Safety Sensitive and are monitored by the U.S. Department of Transportation. Any candidate being considered for a Safety Sensitive position must submit authorization forms to the City immediately upon request to begin the pre-employment process.
It is the responsibility of candidates with a disability requiring accommodation in the assessment process to contact the Human Resources Department in writing to request such accommodation prior to the closing date of this recruitment.
Appointment may be subject to the successful completion of a pre-employment background investigation, drug screen, and/or medical/physical examination.
NOTE: The City reserves the right to modify selection devices and test instruments in accordance with accepted legal, ethical, and professional standards. Candidates may reapply when there is a posting to establish an eligibility list.
EDUCATIONAL REQUIREMENTS:
Proof of education listed in your application will be requested at the time of conditional offer. Acceptable documentation consists of transcripts or degree, if applicable, by the accredited U.S. college or university.
Education obtained outside the United States (US) require one of the following options:
- An equivalency statement from an evaluation company certified by the National Association of Credential Evaluation Services (NACES) at http://www.naces.org/members.html or the Association of International Credential Evaluators Inc. (AICE) at http://aice-eval.org/members/.
- An advanced-level degree from an accredited US college or university.
All applicants will be notified via e-mail or telephone of their application status and the assessment dates/times/locations after the closing date of this announcement.
THE PROVISIONS OF THIS JOB ANNOUNCEMENT DO NOT CONSTITUTE AN EXPRESSED OR IMPLIED CONTRACT.