Chief Information Security Officer

Location:

1 Hamilton County Square

• Noblesville, Indiana, 46060

Hamilton County is one of Indiana's fastest growing, highest educated and wealthiest counties in the state and the Midwest. Two-thirds of the workforce lives and works in the county -- a percent that has remained constant since 2010. Hamilton County is continually recognized in rankings ranging from "Best Cities to Relocate To" and "Best City to Raise a Family" to "Healthiest County in Indiana" and "Happiest Suburbs in the Nation". Come be a part of all Hamilton County has to offer as we work together to serve the citizens of Hamilton County.

Job Description:

POSITION: Chief Information Security Officer

DEPARTMENT: Information System Services

WORK SCHEDULE: 8:00 a.m.

• 4:30 p.m., M-F

STATUS: Full-time

FLSA STATUS: Exempt

Hourly Rate: $52.3544

DUTIES:

Oversees, establishes, and executes, security strategies, policies, architecture, standards, processes, and assessments ensuring information assets critical processes are protected.

Provides insight into risks associated with all manner of service delivery, including processing, data storage, network security, and associated technology.

Oversees safeguarding the computer networks and systems by identifying risks, planning, and implementing security measures, and monitoring security systems to protect sensitive data, systems from infiltration, and cyber-attacks.

Provides leadership, direction, and prioritization using risk-based approach, in assessing and evaluating information security risks with high levels of integrity and discretion, advising, and consulting with executives to identify risks and ensure execution of agreed upon mitigation and remediation steps.

Establishes and maintains policy, procedure, and compliance documentation, for proper operation and maintenance.

Identifies and conducts periodic assessments to mitigate risks.

Implements security measures and technologies to mitigate risks, support business, and technology solutions, including designing, developing, and introducing security enhancement projects.

Develops and coordinates plans for incident response to ensure that critical services are maintained.

Manages and promotes understanding of regulatory requirements to appropriate leaders to ensure execution of required testing and auditing activities through internal and external parties leading to successful certification and compliance.

Monitors emerging threats and recommends appropriate action to ISS Director.

Oversees business continuity and disaster recovery policy including training, testing, and coordination with departments and staff for disaster planning and preparation.

Coordinates with ISS security procurement agreements, contracts, statements of work, enforcement of security standards, and vendor relationships.

Serves as Security Advisor to ISS Director on all technology matters.

Serves as technology security expert for security tools, applications, and processes.

Interacts directly with infrastructure team to align and execute infrastructure changes to support security practices.

Attends conferences, meetings, and training to maintain knowledge on industry trends, security practices, standards, and technology updates.

Performs related duties as assigned.

I. JOB REQUIREMENTS:

Minimum job requirements include: (6) six years of relevant experience as senior security staff member, (5) five years of experience developing and implementing security plans, (3) three years of experience performing risk analysis and/or equivalent combination of education and experience.

Preferred job requirements include: Baccalaureate Degree in computer science, information technology, systems engineering, or related technical field of study, (10) ten years of experience with Microsoft Windows server, (8) eight years of experience in senior level information security role for a local government, (2) two years of experience with Microsoft SQL Server and Oracle database; and (2) two years of experience with multi-factor authentication.

Possession of and/or ability to obtain and maintain security management certification (CISM or CCISO) within one year of employment, and Certified Information Systems Security Professional certification and Certified Ethical Hacker or similar penetration testing certification preferred.

Practical knowledge of and ability to make practical application of standard principles of information security and disaster recovery, including policies, protocol, procedures, and resources necessary to make assessments and perform critical processes.

Practical knowledge of standard office policies and procedures with computer skills and security technology including word processing, presentations, spreadsheet, email, and Department-specific software applications with ability to apply such knowledge to a variety of interrelated processes, tasks, and operations.

Working knowledge of server, desktop, and laptop architecture and ability to read and interpret various technical manuals, cyber security frameworks and the latest security principles, techniques, and protocols.

Knowledge of and ability to properly operate MS Windows, Windows Server, Linux, VMWare data center virtualization, Active Directory, group policy, DNS, encryption, software lifecycle management, endpoint protection, system configuration management, remote access, technology, and multi-factor authentication.

Knowledge of and ability to properly operate LAN, WAN, VPN, routers and switches, firewall technology, IDS/IPS, SIEM and DLP.

Ability to properly operate various standard office equipment, including computer, printer, and telephone systems.

Ability to effectively communicate orally and in writing with co-workers both technical and non-technical staff, other County departments, vendors, the public, including being sensitive to professional ethics, gender, cultural diversities, and disabilities.

Ability to understand and follow written and oral instructions and directions, and appropriately respond to constructive criticism.

Shall comply with all employer and department personnel policies and work rules, including, but not limited to, attendance, safety, drug-free workplace, and personal conduct.

Ability to provide public access to or maintain the highest standards of confidentiality of department information and records according to state requirements.

Ability to work alone and with others in a team environment, often under time pressure, and maintain appropriate, respectful interrelationships with co-workers.

Ability to plan and lay out assigned work projects, work on several tasks at the same time, and complete assignments effectively amidst frequent distractions and interruptions.

Ability to perform attention to detail with analytical capabilities and problem-solving skills and organizational skills.

Ability to understand, memorize, retain, and carry out written and oral instructions, present findings in oral or written form, and appropriately respond to constructive criticism.

Ability to prepare and deliver presentations.

Ability to plan and layout work assignments and knowledge of people and locations.

Ability to occasionally work extended, evening and/or weekend hours, and occasionally travel out of town for training and seminars, sometimes overnight.

Possession of a valid driver's license and demonstrated safe driving record.

II. DIFFICULTY OF WORK:

Incumbent performs a broad array of duties which are of substantial intricacy with interrelationships among them not always self-evident. Incumbent performs according to technical manuals and department policies and procedures and uses analysis and independent judgment in identifying and solving security, risks, threats, and other information security issues.

III. RESPONSIBILITY:

Incumbent contributes to overall departmental operations by exercising independent judgment in applying departmental objectives to specific cases and circumstances. Incumbent discusses with supervisor any interpretations of departmental objectives and work is periodically reviewed for soundness of judgment and overall conformity with departmental standards.

IV. PERSONAL WORK RELATIONSHIPS:

Incumbent maintains frequent contact with co-workers, other County departments, vendors, and the public for purposes of exchanging information, rendering service and providing security for data and technology compliance.

Incumbent reports directly to ISS Director.

V. PHYSICAL EFFORT AND WORK ENVIRONMENT:

Incumbent performs duties in a standard office environment involving sitting and walking at will, sitting for long periods, keyboarding, driving, close vision, color perception, hearing sounds/communication, handling/grasping/fingering objects, lifting/carrying objects weighing under 50 pounds, crouching/kneeling, bending, reaching, and speaking clearly.

Incumbent is occasionally required to work extended, evening and/or weekend hours, and occasionally travels out of town for training and seminars, sometimes overnight.

Proposed Hourly Rate:

$0

Hamilton County is an Equal Opportunity Employer. We participate in E-Verify.