Chief Information Security Officer

The Department of Information Technology (IT) plays a key role in driving customer-focused innovation initiatives. It’s composed of three technical bureaus : Application Services, Customer Success and Productivity, and Technology Infrastructure and Security.

Collectively, the 95 staff members work together to provide essential services and technical support to all City staff and business functions.

Most processes in the organization are dependent on technology to function; there is a continual need for technology solutions that meet business function and organizational needs, while balancing security and support requirements.

The Chief Information Officer and the Assistant Director work together to set technology policy direction for the enterprise and establish a supportive, respectful, and inclusive culture in the department.

They, together with the three Technology Managers, lead departmental staff in identifying, recommending, implementing, and maintaining technology and solutions to support the City’s business needs, while setting and enforcing organizational standards and policies.

The experience expected from applicants, as well as additional skills and qualifications needed for this job are listed below.

The Chief Information Security Officer plays a critical role in ensuring the confidentiality, integrity, and availability of the organization's information assets and in managing and mitigating potential security risks.

This position’s primary responsibility will be to protect the city's sensitive information assets, including customer data, intellectual property, and other confidential information.

This position is on the City of Norfolk’s IT Leadership team, reporting to the Chief Information Officer.

Department Hiring Salary Range : $88,508 - $101,784

This position demands strong analytical, technical, relationship, and communication skills. The role of the CISO in local government includes the governance, risk, and compliance (GRC) function.

The CISO is responsible for developing and implementing policies and procedures to protect the organization's information assets, as well as ensuring that the organization remains in compliance with relevant laws and regulations.

The CISO also plays a critical role in managing the organization's cybersecurity budget.

Key Responsibilities :

Information Security Strategy : Developing and implementing a comprehensive information security strategy aligned with the city's goals and objectives.

This involves assessing risks, defining security policies, and establishing security standards and guidelines.

Risk Management : Identifying, evaluating, and prioritizing potential information security risks to the City of Norfolk.

Conducting risk assessments and developing risk mitigation strategies, including the selection and implementation of appropriate security controls.

Incident Response : Developing and implementing an incident response plan to effectively respond to and manage security incidents.

Establishing protocols for incident reporting, investigation, containment, eradication, and recovery. Coordinating with relevant stakeholders, such as legal, human resources, and communications, to ensure an appropriate and timely response.

Security Awareness and Training : Promoting a culture of security awareness within the city through training and education programs to include KnowBe4.

Ensuring that employees understand their roles and responsibilities in safeguarding information assets and adhering to security policies and procedures.

Compliance and Regulations : Ensuring compliance with relevant laws, regulations, and industry standards pertaining to information security.

This includes keeping up to date with changing regulatory requirements and implementing necessary controls and procedures to meet compliance obligations.

Security Governance : Establishing and maintaining a governance framework for information security, including the development of security policies, standards, and procedures.

Providing guidance and support to other business units and departments to ensure security considerations are integrated into their processes and systems, understanding that cybersecurity is a business issue, not an IT issue.

Security Architecture : Collaborating with IT and other relevant stakeholders to design and implement a secure technology infrastructure.

This involves evaluating and selecting appropriate security technologies, conducting security reviews of system designs, and ensuring that security controls are integrated throughout the technology stack.

Vendor and Third-Party Risk Management : Assessing the security posture of vendors and third-party partners that have access to the organization's systems or data.

Establishing and implementing processes to evaluate, monitor, and manage third-party risks effectively.

Security Incident Reporting and Metrics : Developing and maintaining security metrics and reporting mechanisms to provide regular updates to executive management and other stakeholders.

Tracking key security indicators, such as incident trends, threat landscape, and security program effectiveness, to facilitate decision-making and continuous improvement.

Work requires specialized knowledge in a professional or technical field. Work requires a professional level of knowledge of a discipline which is typically acquired at a Bachelor’s degree-level of study in Information Security, Computer Science, Information Technology, or related field.

Master’s degree preferred (bonus for a Master’s with a Cybersecurity focus).

A minimum of 7 years’ experience in cyber / information security, risk management, and information technology or operational technology security, preferably with 5 years in a leadership role.

Preferred Certifications :

• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)

Additional Requirements :

• Valid Driver's License required
• Must be able to work regular on-call rotation shifts
• This is an essential position and must be able to report to work as directed in the event of an emergency or natural disaster, and be expected to work unusual shifts and hours

Work Location : 800 E. City Hall Ave., Norfolk, VA 23510

Work Hours : This position works forty-hours per week Monday Friday 8am to 5pm to accommodate operating hours. On-call weekend and after-hours support is required on a rotating basis.

This position is an Essential position, which requires attendance during emergencies, delayed city openings, and special weather events.

Signing Bonus : This position is eligible for a one-time $5,000 signing bonus for applications received on or after February 22, 2022.

The signing bonus will be paid in two (2) increments : $2,500 upon completion of 60 days of employment, and $2,500 upon completion of your probationary period.

To receive the signing bonus, you must be an active employee in good standing.

J-18808-Ljbffr