Chief Information Security Officer(Ciso) Grade K13

Minimum Qualifications:
Bachelor's Degree in Business, Information Technology, Information Systems or a related field required; supplemented by five years of management experience; and five years of IT Security experience. Strong presentation, communication and collaboration skills. Experience in coaching and mentoring team members. Strong strategic planning capabilities. Experience with one or more industry standard regulations and methodologies for IT Security and Risk (i.e. ISO 2700x, Incident Response, ITIL, NIST). Experience with one or more security management/monitoring technologies (e.g. Remote Access, encryption, two-factor authentication, physical/logical security technologies).
Specific License or Certification (Preferred) or Required within the first year of employment: CISSP, CISM, CISA, CompTIA Security +
Specific Knowledge, Skills, or Abilities: Must be able to demonstrate proficiency in performance of the essential functions and learn, comprehend, and apply all county or departmental policies, practices, and procedures necessary to function effectively in the position.
ALL APPLICATIONS MUST BE COMPLETED IN FULL BEFORE THEY ARE SUBMITTED. PLEASE REVIEW ALL APPLICATIONS FOR ACCURACY AND MAKE ALL CORRECTIONS BEFORE SUBMITTAL BECAUSE ERRORS CAN RESULT IN NOT MEETING THE MINIMUM QUALIFICATIONS. ADDITIONAL INFORMATION WILL NOT BE ACCEPTED AFTER APPLICATIONS ARE RECEIVED BY THE PERSONNEL DEPARTMENT

Purpose of Classification:
The Chief Information Security Officer is responsible for the development and delivery of a comprehensive information security and privacy program for Fulton County Government. The scope of this program is countywide and includes information in electronic, print and other formats. The purpose of the program is to ensure confidentiality, integrity, and availability of County information resources by: assuring that information is created, acquired or maintained by the County, and its authorized users is used in accordance with its intended purpose; protecting the County information and its infrastructure from external and internal threats, and assuring that the County complies with statutory and regulatory requirements regarding information access, security and privacy.
Essential Functions:
The following duties are normal for this position. The omission of specific statements of the duties does not exclude them from the classification if the work is similar, related, or a logical assignment for this classification. Other duties may be required and assigned.
Initiate and/or manage department and County initiatives to make operational and strategic decisions that have an impact on quality or effectiveness of service delivery; develops organizational objectives, and partners with reporting managers to develop plans and/or policies to fulfill these objectives; collaborate with IT Financial Analyst to monitor budget, expenses related to capabilities by the team.
Coordinate the development of the County information security policies, standards and procedures. Work with key IT offices, data custodians and governance groups in the development of such policies. Ensure that policies are in alignment with the latest regulatory guidelines respective to the purpose of the policy, standards or guidelines; ensure that county policies support compliance with internal and external requirements; collaborate with Human Resources, departments and agencies to ensure technical policies are disseminated to the county's authorized users; recommend, manage tools sets and practices to uphold and enforce IT security policies.
Assists in the management of the department as an active member of the management team governance and other technical committees. Manages assigned staff, including establishing workloads; prioritizing work assignments; evaluating employee performance; developing, interpreting, and enforcing policies and procedures; resolving staff issues; making hiring and or termination decisions/recommendations; and administering disciplinary action as required.
Coordinate the development and manage an entity-wide security program based on selected industry standard and frameworks. Continue to adhere to changes and updates in industry standards and frameworks. Establish a security management structure and clearly assign security responsibilities. Monitor the security program's effectiveness and make changes as necessary. Coordinate the development and delivery of an education and training program surrounding information security, risk and privacy matters for employees and other authorized users.
Ensures the adherence of Payment Card Industry Data Security Standard (PCI DSS) policy for the County; Ensures the adherence of Health Insurance Portability and Accountability Act of 1996 (HIPAA) policy for the County by ensuring all individually identifiable health information held or transmitted by the County (and associated vendors), in any form or media, whether electronic, paper, or oral abide by the Privacy Rule;
Ensures the acknowledgement and adherence of the Georgia Crime Information Center Awareness Statement (GCIC), which states that access to Criminal Justice Information, as defined in GCIC Council Rule 140-1-02 (amended), and dissemination of such information are governed by state and federal laws and GCIC Council Rules.
Ensures the utilization of securing communications between networks through gateways, firewalls, application firewalls, intrusion protection systems etc. in accordance with a policy; Ensures the utilization of the right type of architecture for a security gateway that best meets the security requirements of the organization; Ensures compliance to the IT security management guidelines of the specific operations and mechanisms needed to implement network security safeguards and controls in a wider range of network environments, providing a bridge between general IT security management issues and network security technical implementations; Ensures the utilization of technical controls necessary to provide network security using Virtual Private Network (VPN) connections to interconnect networks and connect remote users to networks; Ensures the application of technical controls for securing wireless and radio networks.
Assist with investigations of misuse of computing resources by employees and other authorized or non-authorized users. Serve as the county's compliance officer with respect to the County, state and federal information security policies and regulations. Work with the designated PCI DSS, Judicial, Data, GCIC and HIPAA-privacy stewards on adherence compliance issues as necessary. Prepare and submit required reports to internal and external departments and agencies.
Develop and implement an Incident Reporting and Response System to address the County's security incidents (breaches), respond to alleged policy violations, or complaints from external parties. Serve as the official county point of contact for information security, privacy and regulatory incidents, including relationships with law enforcement entities. Establish and manage a Critical Incident Response Team (CIRT) team and other response teams as required to support the security program. Participate in table top exercises to enhance the effectiveness of the incident reporting and response system.
Develop and implement an ongoing risk assessment and risk management program targeting information security and privacy matters; explore and implement methods for vulnerability detection and remediation, and oversee vulnerability testing; ensure alignment and integration with the county's overall risk management program; keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities pertaining to the County and its mission.
Defines and maintains a security framework for the County, including a formal set of processes that are used to manage the security of the County's technical infrastructure and ensure that the continuity of business operations is maintained. Collaborate with technical and support teams to conduct security assessments of the County infrastructure. Collaborate with external resources to conduct security audits, penetration test and other security assessments. Develop, manage and oversee disaster recovery program.
Responsible for vendor relationship management; Maintains contact with key department and vendor leadership to help build effective long-term relationships and resolve concerns/issues; collaborate with the IT Vendor Relations Manager to develop a risk management strategy for interacting with vendors, ensuring that all County vendors align and adhere to Fulton County security standards and policies; works with organizational technical and strategy teams to ensure that the enterprise architecture and applications aligns with security architectures.
Effectively communicate with a high degree of interpersonal and negotiation skills related to but not limited to career guidance, decision making, training, policy enforcement and skill development; communicate orally and in written form with agencies and department such as Internal/External Audit Teams, IT Risk Manager, IT Communication Manager, County officials, supervisor and other individuals as needed; produce, present, disseminate various memorandums, security reports, policy documents, and or charts as required.
Provides oversight of project teams and service changes to ensure that solutions adhere to defined County technology security policies and procedures; train individuals, executives managers and groups on items under the security program including but not limited to security policies and procedures and regulatory guidelines.
Assists in day-to-day leadership and operational management for the assigned IT capability under his/her direction. Provides regular feedback and daily supervision to employees within the managed team. Provides input to a Manager on employee performance and on specific unit operations. Implements policies and processes for the team or sub-area/group managed and ensures that that all policies and processes are adhered to. Assists in the employee management process for the managed team (e.g. staffing decisions, coaching, skills development, performance evaluation).
Additional Functions:
Performs other related duties as assigned and required.

Performance Aptitudes:
Data Utilization: Prepare, review, present analysis, protect systems data, adhere to guidelines of security, Federal, State and local guidelines and standards; and International standards that benefit the County.
Human Interaction: Requires the ability to function in a managerial capacity for a division or organizational unit; includes the ability to make decisions on procedural and technical levels.
Equipment, Machinery, Tools, and Materials Utilization: Requires the ability to operate, maneuver, and/or control the actions of equipment, machinery, tools and/or materials requiring complex and/or rapid adjustments.
Verbal Aptitude: Requires the ability to utilize a wide variety of reference, descriptive, advisory and/or design data and information.
Mathematical Aptitude: Requires the ability to perform addition, subtraction, multiplication and division; ability to calculate decimals and percentages; may include ability to perform mathematical operations with fractions; may include ability to compute discount, interest, and ratios; may include ability to calculate surface areas, volumes, weights, and measures.
Functional Reasoning: Maintains procedures, standards and policies to protect the privacy and integrity of data and ensure compliance with regulations and security policies. This related to Federal, State and Local Government Guidelines.
Situational Reasoning: Requires the ability to exercise judgment, decisiveness and creativity in situations involving broader aspects of organizational programs and operations, moderately unstable situations, or the direction, control and planning of an entire program or set of programs.
.

It is the policy of Fulton County that there will be equal opportunity for every citizen, employee and applicant, based upon merit without regard to race, color, religion, national origin, gender, age, genetics, disability or sexual orientation.