Sonoma County, CA
Santa Rosa, California, United States
Position Information The County of Sonoma's Department of Health Services is hiring for an experienced Health Information Technology and Security Analyst! Starting salary up to $56.32/hour ($117,546/year) and a competitive total compensation package!* As a Health Information Technology and Security Analyst, you will perform security-related monitoring, auditing, reporting, response, mitigation, and prevention tasks on an ongoing basis to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other information privacy and security regulations. Additional responsibilities include: Implementing security-group management and role-based access including analysis, maintenance, and monitoring to ensure appropriate and controlled access to sensitive information and systems Monitoring daily activity on county networks, websites, shared drives, and servers and responding as appropriate Monitoring activity on Electronic Health Records (EHR) systems Reviewing vulnerability scan reports and working with internal and external stakeholders to address identified vulnerabilities Performing data classification management, including identifying where all protected data resides within the department and ensuring it is in appropriate locations Incident reporting and response in coordination with the Department of Health Services Privacy and Security Officer Hardware management for all hardware that can access or store personal identifiable information Serve as the system administrator and subject matter expert for the Governance/Risk/Compliance (GRC) Software System Provide staff training on known threats based on risk analysis Advise senior management on matters related to information/data security As an ideal candidate to join the team, you possess a strong analytical mindset, along with the ability to understand current technologies and issues related to systems and cyber security. In addition, you possess: Experience developing and maintaining information technology systems in a multi-platform information systems environment A deep understanding of cyber security concepts Experience with the Health Insurance Portability and Accountability Act (HIPAA) Attention to detail to ensure that all threat vectors are assessed Extensive communication skills to help communicate technical issues to non-technical staff Ability to problem solve by finding the root cause of issues that arise Understanding that data security has a customer focus Note: In addition to the above qualities, it is highly desirable that the ideal candidate possess an IT Security Certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), CompTIA Security+, or other recognized IT Security, Business Analysis, or Data Security certifications. What We Offer Working at the County of Sonoma offers expansive opportunities for growth and development, the ability to be a part of a challenging and rewarding work environment, and the satisfaction of knowing you're working to better our communities. You can also look forward to flexible work arrangements and excellent benefits* including: Hybrid Telework - A schedule that meets the needs of our staff, department operations, and the communities we serve may be available depending on the assignment Salary Advancement - A salary increase after 1,040 hours (6 months when working full-time) for good work performance; eligibility for a salary increase for good performance every year thereafter, until reaching the top of the salary range Paid Time Off - Competitive vacation and sick leave accruals, 12 paid holidays, and an additional 8 floating holiday hours per year County Paid Health Premium Contributions - 100% premium contribution for the majority of employee-only and employee + family health plan options Staff Development/Wellness Pay - Annual benefit allowances of up to $500 and ongoing education/training opportunities Post-Retirement Health Reimbursement Arrangement - County contributions to help fund post-retirement employee health insurance/benefits Retirement - A pension fully integrated with Social Security Paid Parental Leave - May be eligible for up to 8 weeks (320 hours) after 12 months of County employment Student Loan Debt Relief - County employees may be eligible for Public Service Loan Forgiveness through the U.S. Department of Education *Salary is negotiable within the established range. Benefits described herein do not represent a contract and may be changed without notice. Additional information can be found in the Service Employees International Union Local 1021 Memorandum Of Understanding (SEIU MOU) and our Employee Benefits Directory . This recruitment is being conducted to fill a Health Information Technology and Security Analyst position in the Department of Health Services. This employment list may also be used to fill future full-time, part-time, or extra-help (temporary) positions as they occur during the active status of the list. Qualified County employees who wish to be considered for future positions should consider applying to this recruitment. The Civil Service Title for this position is Department Information Systems Specialist II. APPLICATION SUBMISSIONS REQUIRE THE SUPPLEMENTAL QUESTIONNAIRE BE COMPLETED. Minimum Qualifications Any combination of training and experience which would provide the opportunity to acquire the knowledge and abilities listed. Normally this would include: Education: The equivalent to completion of twelve semester or eighteen quarter units in information systems, computer science or closely related field; AND Experience: Two years of experience in developing and maintaining information technology systems in a multi-platform information systems environment, including at least one year of experience developing and/or modifying applications. License: Possession of a valid driver's license at the appropriate level including special endorsements, as required by the State of California, may be required depending upon assignment to perform the essential job functions of the position. Knowledge, Skills, and Abilities Knowledge of: IT systems components and architecture; customer support techniques; basic network principles; commonly used software applications; system performance monitoring and troubleshooting; technical documentation methods and procedures; IT systems security methods and techniques; oral and written communication techniques; network equipment, tools and peripherals; operating systems installation and configuration procedures; installation, configuration, and maintenance of desktop components; operating environments; commonly used query languages; data management concepts and methods; server maintenance techniques; file formats used in the delivery of Web content; browser technical requirements. Ability to: efficiently troubleshoot system problems; provide training to other technical staff; communicate factual and procedural information clearly, orally and in writing; gather and analyze basic facts and draw conclusions; install, configure, and test software on customer workstations; prepare and update manuals, instructions, and operating procedures; provide information and assistance to customers; ensure the application of appropriate security measures in accord with established procedures; assist in implementing and maintaining network and systems services; monitor network and systems performance and troubleshoot minor problems; document and initiate response to security problems; provide guidance and training to customers in accessing network and systems services; assist customers in installing and using applications; maintain database operations; assist in returning disrupted database systems to normal operations; create reports and manipulate data in response to customer requirements; convert user-developed content into workable Web pages; carry out server maintenance functions; test new browser versions for compatibility with existing services. Selection Procedure & Some Helpful Tips When Applying Your application information and your responses to the supplemental questions are evaluated and taken into consideration throughout the entire selection process. You should list all employers and positions held within the last ten years in the work history section of your application. Be as thorough as possible when responding to the supplemental questions. You may include history beyond ten years if related to the position for which you are applying. If you held multiple positions with one employer, list out each position separately. Failure to follow these instructions may impact your competitiveness in this process or may result in disqualification. Please visit Getting a Job with the County of Sonoma to review more detailed information about the hiring process, including the application process, examination steps, and department selection process. APPLICATION SUBMISSIONS REQUIRE THE SUPPLEMENTAL QUESTIONNAIRE BE COMPLETED. Responses to supplemental questions will be scored using position-specific criteria. Please provide specific and detailed responses of a reasonable length to allow for a thorough assessment of your qualifications. Responses that state, "See Resume" or "See Application" may be considered insufficient and therefore may not be scored. The selection procedure will consist of the following examination: An Application & Supplemental Questionnaire Appraisal Examination (weight 100%) will be conducted to evaluate each applicant's application and supplemental questionnaire for satisfaction of minimum qualifications (pass/not pass); and for educational coursework, training, experience, knowledge, and abilities which relate to this position. Each applicant will be evaluated based on the following criteria: Relevance of work history, related experience, and achieved level of education and/or training as described in the application and responses to the supplemental questions. Candidates demonstrating possession of the minimum qualifications will be placed on an employment list in order of most qualified to least qualified based on the achieved score received in the Application & Supplemental Questionnaire Appraisal Examination which evaluates the education, training, experience, skills, knowledge, abilities, and other qualifications that you demonstrate in your application and/or response to the supplemental questionnaire. Please be aware that resumes and cover letters are not typically evaluated in the Application & Supplemental Questionnaire Appraisal Examination. Scores may be adjusted based on such factors as the number of candidates, anticipated vacancies, past practice, and natural breaks in the scores achieved by this group of candidates. ADDITIONAL INFORMATION A background investigation is required prior to employment. Candidates referred to departments for a selection interview are typically required to sign authorization and release forms enabling such an investigation. Failure to sign prescribed forms will result in the candidate not being considered further for that vacancy. Reference information will not be made available to applicants. Additional requirements, such as successful completion of a physical exam, drug screen, etc., may apply, depending on the duties and responsibilities of the position. If you receive a conditional job offer for the position, the requirements upon which the offer is contingent will be outlined in the conditional job letter. You may also review the Job Classification Screening Schedule to determine the requirements for this position. HOW TO APPLY Applications are accepted online at www.yourpath2sonomacounty.org . Paper applications may be submitted by person, fax (707-565-3770), email, or through the mail. All applications and appropriate supplemental information as outlined in the job bulletin must be RECEIVED by the time and date specified on the first page of this job announcement. Applications received after the recruitment closes will not be accepted. The County of Sonoma values diversity and is dedicated to creating a workplace environment that provides individuals with a sense of belonging. We are committed to having a diverse workforce that is representative of the communities we serve. The County is proud to be an Equal Opportunity Employer where all aspects of employment are based on merit, competence, performance, and business need. HR Analyst: SZ HR Technician: RR IMPORTANT NOTE: Benefits described herein do not apply to Extra Help positions. COUNTY OF SONOMA BENEFITS: GENERAL* These are some of the excellent benefits the County offers: Paid Time Off : Competitive vacation and sick leave accruals; 12 paid holidays, and an additional 8 floating holiday hours per year; and may be eligible for up to 8 weeks (320 hours) of Paid Parental Leave after 12 months of County employment. Health Plan : Choice of five health plans (a PPO, EPO, HMO, and two deductible HMOs) with a County contribution toward the premium (the contribution amount varies by bargaining unit. For specific details, please refer to the applicable MOU). A County contribution to a Health Reimbursement Arrangement is available for some bargaining units. Retirement : Fully integrated with Social Security.For more information regarding eligibility, retirement contributions, and reciprocity with prior public service, please visit https://scretire.org/active-/-deferred/when-you-are-hired . IRS 457 Plan : Pre-tax employee contribution up to the IRS annual maximum. Retiree Medical : County contribution to a Health Reimbursement Arrangement to help fund post-retirement employee health insurance/benefits. Student Loan Debt Relief : County employees may be eligible for Public Service Loan Forgiveness through the U.S. Department of Education. Plus excellent dental, vision, disability, life insurance, professional development, and more. For answers to specific questions regarding the employment process and more details about benefits or retirement, please contact Human Resources at (707) 565-2331.Additional details about benefit and compensation packages can be found in the MOUs located at https://sonomacounty.ca.gov/administrative-support-and-fiscal-services/human-resources/divisions-and-units/employee-relations/labor-agreements-and-salary-resolution . For specific information about health and welfare benefits including plan options, coverage, and premium amounts go to https://sonomacounty.ca.gov/administrative-support-and-fiscal-services/human-resources or, contact the Human Resources' Risk Management-Benefits Office at benefits@sonoma-county.org or (707) 565-2900. *IMPORTANT NOTES: Benefits described herein do not represent a contract and may be changed without notice. Closing Date/Time: 5/13/2024 11:59 PM Pacific
Apr 30, 2024
Full Time
Position Information The County of Sonoma's Department of Health Services is hiring for an experienced Health Information Technology and Security Analyst! Starting salary up to $56.32/hour ($117,546/year) and a competitive total compensation package!* As a Health Information Technology and Security Analyst, you will perform security-related monitoring, auditing, reporting, response, mitigation, and prevention tasks on an ongoing basis to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other information privacy and security regulations. Additional responsibilities include: Implementing security-group management and role-based access including analysis, maintenance, and monitoring to ensure appropriate and controlled access to sensitive information and systems Monitoring daily activity on county networks, websites, shared drives, and servers and responding as appropriate Monitoring activity on Electronic Health Records (EHR) systems Reviewing vulnerability scan reports and working with internal and external stakeholders to address identified vulnerabilities Performing data classification management, including identifying where all protected data resides within the department and ensuring it is in appropriate locations Incident reporting and response in coordination with the Department of Health Services Privacy and Security Officer Hardware management for all hardware that can access or store personal identifiable information Serve as the system administrator and subject matter expert for the Governance/Risk/Compliance (GRC) Software System Provide staff training on known threats based on risk analysis Advise senior management on matters related to information/data security As an ideal candidate to join the team, you possess a strong analytical mindset, along with the ability to understand current technologies and issues related to systems and cyber security. In addition, you possess: Experience developing and maintaining information technology systems in a multi-platform information systems environment A deep understanding of cyber security concepts Experience with the Health Insurance Portability and Accountability Act (HIPAA) Attention to detail to ensure that all threat vectors are assessed Extensive communication skills to help communicate technical issues to non-technical staff Ability to problem solve by finding the root cause of issues that arise Understanding that data security has a customer focus Note: In addition to the above qualities, it is highly desirable that the ideal candidate possess an IT Security Certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), CompTIA Security+, or other recognized IT Security, Business Analysis, or Data Security certifications. What We Offer Working at the County of Sonoma offers expansive opportunities for growth and development, the ability to be a part of a challenging and rewarding work environment, and the satisfaction of knowing you're working to better our communities. You can also look forward to flexible work arrangements and excellent benefits* including: Hybrid Telework - A schedule that meets the needs of our staff, department operations, and the communities we serve may be available depending on the assignment Salary Advancement - A salary increase after 1,040 hours (6 months when working full-time) for good work performance; eligibility for a salary increase for good performance every year thereafter, until reaching the top of the salary range Paid Time Off - Competitive vacation and sick leave accruals, 12 paid holidays, and an additional 8 floating holiday hours per year County Paid Health Premium Contributions - 100% premium contribution for the majority of employee-only and employee + family health plan options Staff Development/Wellness Pay - Annual benefit allowances of up to $500 and ongoing education/training opportunities Post-Retirement Health Reimbursement Arrangement - County contributions to help fund post-retirement employee health insurance/benefits Retirement - A pension fully integrated with Social Security Paid Parental Leave - May be eligible for up to 8 weeks (320 hours) after 12 months of County employment Student Loan Debt Relief - County employees may be eligible for Public Service Loan Forgiveness through the U.S. Department of Education *Salary is negotiable within the established range. Benefits described herein do not represent a contract and may be changed without notice. Additional information can be found in the Service Employees International Union Local 1021 Memorandum Of Understanding (SEIU MOU) and our Employee Benefits Directory . This recruitment is being conducted to fill a Health Information Technology and Security Analyst position in the Department of Health Services. This employment list may also be used to fill future full-time, part-time, or extra-help (temporary) positions as they occur during the active status of the list. Qualified County employees who wish to be considered for future positions should consider applying to this recruitment. The Civil Service Title for this position is Department Information Systems Specialist II. APPLICATION SUBMISSIONS REQUIRE THE SUPPLEMENTAL QUESTIONNAIRE BE COMPLETED. Minimum Qualifications Any combination of training and experience which would provide the opportunity to acquire the knowledge and abilities listed. Normally this would include: Education: The equivalent to completion of twelve semester or eighteen quarter units in information systems, computer science or closely related field; AND Experience: Two years of experience in developing and maintaining information technology systems in a multi-platform information systems environment, including at least one year of experience developing and/or modifying applications. License: Possession of a valid driver's license at the appropriate level including special endorsements, as required by the State of California, may be required depending upon assignment to perform the essential job functions of the position. Knowledge, Skills, and Abilities Knowledge of: IT systems components and architecture; customer support techniques; basic network principles; commonly used software applications; system performance monitoring and troubleshooting; technical documentation methods and procedures; IT systems security methods and techniques; oral and written communication techniques; network equipment, tools and peripherals; operating systems installation and configuration procedures; installation, configuration, and maintenance of desktop components; operating environments; commonly used query languages; data management concepts and methods; server maintenance techniques; file formats used in the delivery of Web content; browser technical requirements. Ability to: efficiently troubleshoot system problems; provide training to other technical staff; communicate factual and procedural information clearly, orally and in writing; gather and analyze basic facts and draw conclusions; install, configure, and test software on customer workstations; prepare and update manuals, instructions, and operating procedures; provide information and assistance to customers; ensure the application of appropriate security measures in accord with established procedures; assist in implementing and maintaining network and systems services; monitor network and systems performance and troubleshoot minor problems; document and initiate response to security problems; provide guidance and training to customers in accessing network and systems services; assist customers in installing and using applications; maintain database operations; assist in returning disrupted database systems to normal operations; create reports and manipulate data in response to customer requirements; convert user-developed content into workable Web pages; carry out server maintenance functions; test new browser versions for compatibility with existing services. Selection Procedure & Some Helpful Tips When Applying Your application information and your responses to the supplemental questions are evaluated and taken into consideration throughout the entire selection process. You should list all employers and positions held within the last ten years in the work history section of your application. Be as thorough as possible when responding to the supplemental questions. You may include history beyond ten years if related to the position for which you are applying. If you held multiple positions with one employer, list out each position separately. Failure to follow these instructions may impact your competitiveness in this process or may result in disqualification. Please visit Getting a Job with the County of Sonoma to review more detailed information about the hiring process, including the application process, examination steps, and department selection process. APPLICATION SUBMISSIONS REQUIRE THE SUPPLEMENTAL QUESTIONNAIRE BE COMPLETED. Responses to supplemental questions will be scored using position-specific criteria. Please provide specific and detailed responses of a reasonable length to allow for a thorough assessment of your qualifications. Responses that state, "See Resume" or "See Application" may be considered insufficient and therefore may not be scored. The selection procedure will consist of the following examination: An Application & Supplemental Questionnaire Appraisal Examination (weight 100%) will be conducted to evaluate each applicant's application and supplemental questionnaire for satisfaction of minimum qualifications (pass/not pass); and for educational coursework, training, experience, knowledge, and abilities which relate to this position. Each applicant will be evaluated based on the following criteria: Relevance of work history, related experience, and achieved level of education and/or training as described in the application and responses to the supplemental questions. Candidates demonstrating possession of the minimum qualifications will be placed on an employment list in order of most qualified to least qualified based on the achieved score received in the Application & Supplemental Questionnaire Appraisal Examination which evaluates the education, training, experience, skills, knowledge, abilities, and other qualifications that you demonstrate in your application and/or response to the supplemental questionnaire. Please be aware that resumes and cover letters are not typically evaluated in the Application & Supplemental Questionnaire Appraisal Examination. Scores may be adjusted based on such factors as the number of candidates, anticipated vacancies, past practice, and natural breaks in the scores achieved by this group of candidates. ADDITIONAL INFORMATION A background investigation is required prior to employment. Candidates referred to departments for a selection interview are typically required to sign authorization and release forms enabling such an investigation. Failure to sign prescribed forms will result in the candidate not being considered further for that vacancy. Reference information will not be made available to applicants. Additional requirements, such as successful completion of a physical exam, drug screen, etc., may apply, depending on the duties and responsibilities of the position. If you receive a conditional job offer for the position, the requirements upon which the offer is contingent will be outlined in the conditional job letter. You may also review the Job Classification Screening Schedule to determine the requirements for this position. HOW TO APPLY Applications are accepted online at www.yourpath2sonomacounty.org . Paper applications may be submitted by person, fax (707-565-3770), email, or through the mail. All applications and appropriate supplemental information as outlined in the job bulletin must be RECEIVED by the time and date specified on the first page of this job announcement. Applications received after the recruitment closes will not be accepted. The County of Sonoma values diversity and is dedicated to creating a workplace environment that provides individuals with a sense of belonging. We are committed to having a diverse workforce that is representative of the communities we serve. The County is proud to be an Equal Opportunity Employer where all aspects of employment are based on merit, competence, performance, and business need. HR Analyst: SZ HR Technician: RR IMPORTANT NOTE: Benefits described herein do not apply to Extra Help positions. COUNTY OF SONOMA BENEFITS: GENERAL* These are some of the excellent benefits the County offers: Paid Time Off : Competitive vacation and sick leave accruals; 12 paid holidays, and an additional 8 floating holiday hours per year; and may be eligible for up to 8 weeks (320 hours) of Paid Parental Leave after 12 months of County employment. Health Plan : Choice of five health plans (a PPO, EPO, HMO, and two deductible HMOs) with a County contribution toward the premium (the contribution amount varies by bargaining unit. For specific details, please refer to the applicable MOU). A County contribution to a Health Reimbursement Arrangement is available for some bargaining units. Retirement : Fully integrated with Social Security.For more information regarding eligibility, retirement contributions, and reciprocity with prior public service, please visit https://scretire.org/active-/-deferred/when-you-are-hired . IRS 457 Plan : Pre-tax employee contribution up to the IRS annual maximum. Retiree Medical : County contribution to a Health Reimbursement Arrangement to help fund post-retirement employee health insurance/benefits. Student Loan Debt Relief : County employees may be eligible for Public Service Loan Forgiveness through the U.S. Department of Education. Plus excellent dental, vision, disability, life insurance, professional development, and more. For answers to specific questions regarding the employment process and more details about benefits or retirement, please contact Human Resources at (707) 565-2331.Additional details about benefit and compensation packages can be found in the MOUs located at https://sonomacounty.ca.gov/administrative-support-and-fiscal-services/human-resources/divisions-and-units/employee-relations/labor-agreements-and-salary-resolution . For specific information about health and welfare benefits including plan options, coverage, and premium amounts go to https://sonomacounty.ca.gov/administrative-support-and-fiscal-services/human-resources or, contact the Human Resources' Risk Management-Benefits Office at benefits@sonoma-county.org or (707) 565-2900. *IMPORTANT NOTES: Benefits described herein do not represent a contract and may be changed without notice. Closing Date/Time: 5/13/2024 11:59 PM Pacific
Cal State University (CSU) San Francisco
1600 Holloway Avenue, San Francisco, CA 94132, USA
Working Title Information Security Officer Administrator Level (for MPP positions only) This position is an Administrator III in the California State University Management Personnel Plan (MPP), reporting to the AVP and Chief Information Officer of Information Technology Services SF State University San Francisco State is an Equal Opportunity Employer and does not discriminate against persons on the basis of race, religion, color, ancestry, age, disability, genetic information, gender, gender identity, gender expression, marital status, medical condition, National origin, sex, sexual orientation, covered veteran status, or any other protected status. Reasonable accommodations will be provided for qualified applicants with disabilities who self-disclose by contacting the Senior Human Resources Manager. Applicants may visit titleix.sfsu.edu for more information on SF State's policy prohibiting discrimination, and how to file an online report using the procedures under Executive Order 1096 Revised. Inquiries can be directed to the campus Title IX Coordinator and Discrimination, Harassment, and Retaliation Administrator by calling (415) 338-2032 or emailing vpsaem@sfsu.edu. San Francisco State is a 100% Smoke/Vapor-Free Campus. Smoking or Vaping of any tobacco/plant-based substance is not permitted on any University properties. The person holding this position may be considered a "mandated reporter" under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment. This position may be a "designated position" in the California State University's Conflict of Interest Code. The successful candidate accepting this position may be required to file Conflict of Interest forms subject to the regulations of the Fair Political Practices Commission. Department Information Technology Services Appointment Type At-Will Time Base Full-Time Work Schedule Monday through Friday; from 8:00 am to 5:00 pm Anticipated Hiring Range $12,915.00 - $13,500.00 Per Month ($154,980.00 - $162,000.00 Annually) Salary is commensurate with experience. Position Summary Under the general direction of the AVP and Chief Information Officer (CIO) and coordinating with the other Directors/Managers in Information Technology Services (ITS), the Director of Information Security and Information Security Officer (ISO) will coordinate and lead the Information Security Team at SF State. The incumbent will act as the SF State’s information security and privacy representative with respect to inquiries from customers, partners, and the public regarding SF State’s information security and privacy strategy; act as liaison to law enforcement agencies while pursuing the sources of network attacks and information thefts; balance security needs with the SF State’s strategic business plan, identify risk factors, and determine solutions to both; develop security and privacy policies and procedures that provide adequate business application protection without interfering with core business requirements; plan and test responses to security breaches, including the discussion of the event with customers, partners, or the public; oversee the selection, testing, configuration, deployment, and maintenance of security products; oversee a staff of employees responsible for security operations. Position Information Information Security Operation Manage an information security operational program that contains administrative, technical and physical safeguards designed to protect SF State information assets Document, and provide direction for mitigation of incidents involving SF State information assets Manage, develop and present security awareness training programs Manage incidents involving SF State information assets Facilitate and direct a campus vulnerability management program; manage and oversee the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing a realistic overview of risks and threats in the enterprise environment Provide regular executive level status reports on campus breaches, incidents, compliance, and other information security metrics Work with campus leadership, Enterprise Risk Management, and legal counsel to provide primary lead activities in supporting CO and campus litigation processes, forensic activities, eDiscovery and security audits Plan, manage, and coordinate information security and privacy risk assessments; identify, track, and report issues and concerns to management; develop guidelines to ensure SF State business processes address information security and privacy risks; develop, implement and enforce information security requirements and solutions in collaboration with ITS and Chancellor’s Office Information Security Advisory Council (ISAC); lead in the development/adoption and enforcement of information security policies, procedures and standards; conduct and complete a periodic review of required regulations and reports; manage 3 rd party information security risks Serve as primary liaison with various University departments, including but not limited to Department of Public Safety, Audit and Advisory Services, Enrollment Management, Human Resources, Enterprise Risk Management, University Counsel, Dean of Students, and Fiscal Affairs; advise and train on campus-wide security related issues/processes; serve as liaison with other campus ISOs, the Chancellor's Office and outside auditors and organizations related to information security and privacy issues; facilitate campus stakeholder meetings to ensure campus alignment on information security and privacy matters Oversee and/or assist in performing on-going security monitoring of organization information systems Manage and provide technical leadership of information security projects Manage day-to-day information security operations; assist with oversight of change requests and attend change management meetings Perform other duties or special projected as assigned Information Security Strategy Manage and provide leadership in the administration of the information security and privacy program strategy and governance Identify process improvement opportunities and develop subsequent plans of action to resolve gaps with minimal management intervention Develop and document procedures to comply with applicable laws, regulations, and CSU policies governing information security and privacy protection, as well as serve as the primary point of contact and liaison for the Governance, Risk, and Compliance system Suggest and lead in the development of risk management strategies to identify and mitigate threats and vulnerabilities to information assets Lead the development of, and management of the information security plan that contains safeguards designed to protect SF State information assets Refine and develop, as necessary, new campus policies, standards and procedures governing information security and privacy protection that align with and support the SF State plan and strategy Minimum Qualifications Bachelor's degree in Information Technology or similar degree (or equivalent combination of education and experience) required; Seven to ten years in progressively responsible IT roles, including enterprise-level support, information security or related field Project management experience with demonstrated success in leading complex IT projects in non-profit/higher education environment preferred Demonstrated excellent collaborative, management, leadership, communication and presentation skills Extensive knowledge related to experience with security incident response planning and resolution Demonstrated ability to develop and communicate effective recommendations for securing information assets to executives, management, and staff Demonstrated knowledge of underlying technologies (i.e. databases, operating systems, applications, networks, security and hardware) A working knowledge of information security practices and concepts including: access controls and identity management, risk management, ISO 27001/27002 standards, security information and event management (SIEM), and security operations Extensive experience with policy development, procurement contract negotiation and information security awareness and training Must be detailed and a logical thinker with Strong problem-solving, leadership, team building, and organizational skills Ability to motivate team members Must be self-motivated and maintain positive and effective working relationships Preferred Qualifications Advanced degree is highly desirable Certifications such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Technology Infrastructure Library (ITIL) Foundation are desirable Certifications such as Certified Privacy Program Manager (CIPM) or Project Management Professional (PMP) are beneficial Experience with cyber security frameworks such as ISO 27000, NIST 800 Experience with the following security or privacy compliance programs: PCI-DSS, HIPAA, GDPR, GLBA, and FERPA is desirable May need to work weekend and/or early morning / night hours for special projects or on-call Pre-Employment Requirements This position requires the successful completion of a background check. Eligibility to Work Applicants must be able to provide proof of US Citizenship or authorization to work in the United States, within three business days from their date of hire. Benefits Threaded through our Total Compensation package is a commitment to Bridging Life's Transitions. SF State is committed to providing our employees with a comprehensive program that rewards efforts that are appreciated by your colleagues, students and the customers we serve. We offer a competitive compensation package that includes Medical, Dental, Vision, Pension, 401k, Healthcare Savings Account, Life Insurance, Disability Insurance, Vacation and Sick Leave as well as State Holidays and a dynamic Fee Waiver program, all geared towards the University's commitment to attract, motivate and retain our employee. CSUEU Position (For CSUEU Positions Only) Eligible and qualified on-campus applicants, currently in bargaining units 2, 5, 7, and 9 are given hiring preference. Additional Information SF STATE IS NOT A SPONSORING AGENCY FOR STAFF OR MANAGEMENT POSITIONS. (i.e. H1-B VISAS). Thank you for your interest in employment with California State University (CSU). CSU is a state entity whose business operations reside within the State of California. Because of this, CSU prohibits hiring employees to perform CSU-related work outside of California with very limited exception. While this position may be eligible for occasional telework, all work is expected to be performed in the state of California, and this position is assigned to on-campus operations. CSU strongly encourages faculty, staff, and students who are accessing campus facilities to be immunized against COVID-19 or declare a medical or religious exemption from doing so. Any candidates advanced in a currently open search process are encouraged to comply with this requirement. The systemwide policy can be found at https://calstate.policystat.com/policy/9779821/latest/ and questions may be sent to hrwww@campus.edu. The Human Resources office is open Mondays through Fridays from 8 a.m. to 5 p.m., and can be reached at (415) 338-1872. Please note that this position, position requirements, application deadline and/or any other component of this position is subject to change or cancellation at any time. Advertised: Feb 20 2024 Pacific Standard Time Applications close: Closing Date/Time:
Mar 07, 2024
Working Title Information Security Officer Administrator Level (for MPP positions only) This position is an Administrator III in the California State University Management Personnel Plan (MPP), reporting to the AVP and Chief Information Officer of Information Technology Services SF State University San Francisco State is an Equal Opportunity Employer and does not discriminate against persons on the basis of race, religion, color, ancestry, age, disability, genetic information, gender, gender identity, gender expression, marital status, medical condition, National origin, sex, sexual orientation, covered veteran status, or any other protected status. Reasonable accommodations will be provided for qualified applicants with disabilities who self-disclose by contacting the Senior Human Resources Manager. Applicants may visit titleix.sfsu.edu for more information on SF State's policy prohibiting discrimination, and how to file an online report using the procedures under Executive Order 1096 Revised. Inquiries can be directed to the campus Title IX Coordinator and Discrimination, Harassment, and Retaliation Administrator by calling (415) 338-2032 or emailing vpsaem@sfsu.edu. San Francisco State is a 100% Smoke/Vapor-Free Campus. Smoking or Vaping of any tobacco/plant-based substance is not permitted on any University properties. The person holding this position may be considered a "mandated reporter" under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment. This position may be a "designated position" in the California State University's Conflict of Interest Code. The successful candidate accepting this position may be required to file Conflict of Interest forms subject to the regulations of the Fair Political Practices Commission. Department Information Technology Services Appointment Type At-Will Time Base Full-Time Work Schedule Monday through Friday; from 8:00 am to 5:00 pm Anticipated Hiring Range $12,915.00 - $13,500.00 Per Month ($154,980.00 - $162,000.00 Annually) Salary is commensurate with experience. Position Summary Under the general direction of the AVP and Chief Information Officer (CIO) and coordinating with the other Directors/Managers in Information Technology Services (ITS), the Director of Information Security and Information Security Officer (ISO) will coordinate and lead the Information Security Team at SF State. The incumbent will act as the SF State’s information security and privacy representative with respect to inquiries from customers, partners, and the public regarding SF State’s information security and privacy strategy; act as liaison to law enforcement agencies while pursuing the sources of network attacks and information thefts; balance security needs with the SF State’s strategic business plan, identify risk factors, and determine solutions to both; develop security and privacy policies and procedures that provide adequate business application protection without interfering with core business requirements; plan and test responses to security breaches, including the discussion of the event with customers, partners, or the public; oversee the selection, testing, configuration, deployment, and maintenance of security products; oversee a staff of employees responsible for security operations. Position Information Information Security Operation Manage an information security operational program that contains administrative, technical and physical safeguards designed to protect SF State information assets Document, and provide direction for mitigation of incidents involving SF State information assets Manage, develop and present security awareness training programs Manage incidents involving SF State information assets Facilitate and direct a campus vulnerability management program; manage and oversee the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing a realistic overview of risks and threats in the enterprise environment Provide regular executive level status reports on campus breaches, incidents, compliance, and other information security metrics Work with campus leadership, Enterprise Risk Management, and legal counsel to provide primary lead activities in supporting CO and campus litigation processes, forensic activities, eDiscovery and security audits Plan, manage, and coordinate information security and privacy risk assessments; identify, track, and report issues and concerns to management; develop guidelines to ensure SF State business processes address information security and privacy risks; develop, implement and enforce information security requirements and solutions in collaboration with ITS and Chancellor’s Office Information Security Advisory Council (ISAC); lead in the development/adoption and enforcement of information security policies, procedures and standards; conduct and complete a periodic review of required regulations and reports; manage 3 rd party information security risks Serve as primary liaison with various University departments, including but not limited to Department of Public Safety, Audit and Advisory Services, Enrollment Management, Human Resources, Enterprise Risk Management, University Counsel, Dean of Students, and Fiscal Affairs; advise and train on campus-wide security related issues/processes; serve as liaison with other campus ISOs, the Chancellor's Office and outside auditors and organizations related to information security and privacy issues; facilitate campus stakeholder meetings to ensure campus alignment on information security and privacy matters Oversee and/or assist in performing on-going security monitoring of organization information systems Manage and provide technical leadership of information security projects Manage day-to-day information security operations; assist with oversight of change requests and attend change management meetings Perform other duties or special projected as assigned Information Security Strategy Manage and provide leadership in the administration of the information security and privacy program strategy and governance Identify process improvement opportunities and develop subsequent plans of action to resolve gaps with minimal management intervention Develop and document procedures to comply with applicable laws, regulations, and CSU policies governing information security and privacy protection, as well as serve as the primary point of contact and liaison for the Governance, Risk, and Compliance system Suggest and lead in the development of risk management strategies to identify and mitigate threats and vulnerabilities to information assets Lead the development of, and management of the information security plan that contains safeguards designed to protect SF State information assets Refine and develop, as necessary, new campus policies, standards and procedures governing information security and privacy protection that align with and support the SF State plan and strategy Minimum Qualifications Bachelor's degree in Information Technology or similar degree (or equivalent combination of education and experience) required; Seven to ten years in progressively responsible IT roles, including enterprise-level support, information security or related field Project management experience with demonstrated success in leading complex IT projects in non-profit/higher education environment preferred Demonstrated excellent collaborative, management, leadership, communication and presentation skills Extensive knowledge related to experience with security incident response planning and resolution Demonstrated ability to develop and communicate effective recommendations for securing information assets to executives, management, and staff Demonstrated knowledge of underlying technologies (i.e. databases, operating systems, applications, networks, security and hardware) A working knowledge of information security practices and concepts including: access controls and identity management, risk management, ISO 27001/27002 standards, security information and event management (SIEM), and security operations Extensive experience with policy development, procurement contract negotiation and information security awareness and training Must be detailed and a logical thinker with Strong problem-solving, leadership, team building, and organizational skills Ability to motivate team members Must be self-motivated and maintain positive and effective working relationships Preferred Qualifications Advanced degree is highly desirable Certifications such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Technology Infrastructure Library (ITIL) Foundation are desirable Certifications such as Certified Privacy Program Manager (CIPM) or Project Management Professional (PMP) are beneficial Experience with cyber security frameworks such as ISO 27000, NIST 800 Experience with the following security or privacy compliance programs: PCI-DSS, HIPAA, GDPR, GLBA, and FERPA is desirable May need to work weekend and/or early morning / night hours for special projects or on-call Pre-Employment Requirements This position requires the successful completion of a background check. Eligibility to Work Applicants must be able to provide proof of US Citizenship or authorization to work in the United States, within three business days from their date of hire. Benefits Threaded through our Total Compensation package is a commitment to Bridging Life's Transitions. SF State is committed to providing our employees with a comprehensive program that rewards efforts that are appreciated by your colleagues, students and the customers we serve. We offer a competitive compensation package that includes Medical, Dental, Vision, Pension, 401k, Healthcare Savings Account, Life Insurance, Disability Insurance, Vacation and Sick Leave as well as State Holidays and a dynamic Fee Waiver program, all geared towards the University's commitment to attract, motivate and retain our employee. CSUEU Position (For CSUEU Positions Only) Eligible and qualified on-campus applicants, currently in bargaining units 2, 5, 7, and 9 are given hiring preference. Additional Information SF STATE IS NOT A SPONSORING AGENCY FOR STAFF OR MANAGEMENT POSITIONS. (i.e. H1-B VISAS). Thank you for your interest in employment with California State University (CSU). CSU is a state entity whose business operations reside within the State of California. Because of this, CSU prohibits hiring employees to perform CSU-related work outside of California with very limited exception. While this position may be eligible for occasional telework, all work is expected to be performed in the state of California, and this position is assigned to on-campus operations. CSU strongly encourages faculty, staff, and students who are accessing campus facilities to be immunized against COVID-19 or declare a medical or religious exemption from doing so. Any candidates advanced in a currently open search process are encouraged to comply with this requirement. The systemwide policy can be found at https://calstate.policystat.com/policy/9779821/latest/ and questions may be sent to hrwww@campus.edu. The Human Resources office is open Mondays through Fridays from 8 a.m. to 5 p.m., and can be reached at (415) 338-1872. Please note that this position, position requirements, application deadline and/or any other component of this position is subject to change or cancellation at any time. Advertised: Feb 20 2024 Pacific Standard Time Applications close: Closing Date/Time:
LOS ANGELES COUNTY
Los Angeles, California, United States
Position/Program Information EXAM NUMBER Q2611A-R APPLICATION FILING PERIOD We will begin receiving applications on Mon da y, April 22, 2024, at 8:00 a.m. (PT). This examination will remain open until the needs of the service are met and is subject to closure without prior notice. TYPE OF RECRUITMENT Open Competitive Job Opportunity SPECIAL SALARY INFORMATION Management Appraisal and Performance Plan (MAPP): This position is subject to the provisions of the County's Management Appraisal of Performance Plan (MAPP) and is compensated at MAPP range S10. Initial salary placement and subsequent salary adjustments will be made in accordance with MAPP guidelines and regulations. CHECK OUT OUR OUTSTANDING BENEFITS! Los Angeles County offers one of the strongest public-sector benefits packages in the nation. Click here to see a list of employee benefits. WHO WE ARE: LA County Library is one of the largest and most innovative public library systems in the United States. It offers free public resources, including books, music, multimedia materials, computers and internet access and educational and recreational services to 3.4 million residents through its 85 libraries and mobile fleet of vehicles. LA County library is dedicated to reducing barriers and increasing equity and access to public services for all. WHO WE ARE LOOKING FOR: LA County Library seeks to attract and retain a high performing and diverse workforce in which employees’ differences are respected and valued to better meet the varying needs of the diverse customers we serve. We are looking for multi-taskers who are able to work independently and as part of a team. Our ideal candidate is someone with an analytical mind and excellent communication skills, who will lead the information security function for LA County Library, as well as develop and deliver a comprehensive departmental information security strategy to optimize the department’s security posture. Essential Job Functions As a Departmental Information Security Officer I, your responsibilities will include, but are not limited to the following: Developing and maintaining the departmental Information Security Program including policies, standards, and procedures; cybersecurity control evaluation, selection, and implementation; and architectures, products and services, pursuant to County Chief Information Office architectures, standards and guidelines, and Board polices and applicable laws. Collaborating with departmental business units to conduct comprehensive information security risk assessments, and participating in regular reviews of security standards, governance, data compliance and privacy management, audit, risk assessments, physical and logical access reviews, risk assessments and data destruction solutions. Conducting vulnerability assessments to identify existing or potential weaknesses in systems and processes that could lead to compromises; facilitating remediation of identified vulnerabilities within processes, systems and applications and coordinating investigations with relevant authorities, including the Countywide Chief Privacy Officer (CPO), Countywide Cybersecurity Incident Response Committee (CCIRC) , Auditor-Controller, and law enforcement agencies as necessary. Leading and conducting routine assessments and periodic inspections of departmental information technology systems to ensure the effectiveness of security controls and recommending appropriate corrective measures to eliminate or mitigate system compromises. Actively participating in federal, State and local audits and reviews for the department. Coordinating the department's information technology-related aspects of annual or biennial Internal Control Certification Program (ICCP) audits. Providing guidance to department management and implementing necessary policies, standards, or controls to address department-specific regulatory and contractual factors. Collaborating with departmental stakeholders to align security posture with business objectives. Collaborating with application and software developers to ensure that production applications comply with established information security policies, standards and business requirements. Facilitating the development and distribution of information security and privacy awareness training and education for departmental employees in cooperation with the Chief Information Security Officer (CISO) and CPO. Promotes Countywide initiatives pertaining to information security and privacy education and awareness programs. Representing the department on County cybersecurity governance bodies, committees and workgroups. Participating in the development, review, and recommendation of Countywide information technology security policies, technical and operational standards, procedures and guidelines. Identifying and recommending industry best practices for cybersecurity, fostering communication and collaboration among County departments on countywide and departmental cybersecurity issues. Serving as a member of the CCIRC. Establishing and leading a Departmental Cybersecurity Emergency Response Team (DCERT). Developing appropriate security incident notification procedures for departmental management, CISO, CPO and CCIRC. Participating in Countywide activities and providing recommendations of software products and controls related to cybersecurity. Collaborating with responsible County entities in the development and implementation of Countywide business continuity and disaster recovery plans to ensure appropriate cybersecurity measures. Liaising between the department and the CPO regarding electronic data and physical records, privacy incident and breach response, privacy audits, and other initiatives pertaining to the County’s privacy program components and related policies. Ensuring proper departmental inventories of information technology assets and software licenses i n collaboration with information technology operations. Reviewing departmental information technology projects and information technology contrac t terms, in conjunction with County Counsel, to ensure information security sufficiency. Participating in the review of information technology facility acquisition, construction, and remodeling projects to ensure adherence to County information security policies, standards, guidelines and industry best practices as needed. Supervising and/or managing subordinate security officers, supervisors and technical staff as needed. Serving as a witness or subject-matter expert (SME) for the department in legal matters concerning cybersecurity as needed. Requirements SELECTION REQUIREMENTS: Graduation from an accredited college or university with a bachelor's* degree or higher in Computer Science, Information Security, Information Assurance, Business Administration, or a related discipline - AND - two (2) years of recent** progressively responsible*** experience in a combination of risk management, information security and cybersecurity roles - AND - two (2) years of recent** experience in Information Technology project management. LICENSE REQUIREMENTS: A valid California Class C Driver's License or the ability to utilize an alternative method of transportation when needed to carry out job-related essential functions. PHYSICAL EXPECTATIONS: 2 - Light: This class includes administrative and clerical positions requiring light physical effort that may include occasional light lifting to a 10-pound limit and some bending, stooping, or squatting. Considerable ambulation may be involved. SPECIAL REQUIREMENT INFORMATION: * In order to receive credit for your education, you must include a legible copy of the official diploma, official transcripts, or official letter from the accredited institution which shows the area of specialization with your application at the time of filing or within seven (7) calendar days from application submission. Note: Foreign studies must be evaluated by an academic credential evaluation agency and deemed to be equivalent to degrees from the United States. (See Accreditation Information under Employment Information). ** Recent experience is defined as experience within the last five (5) years. *** Progressively responsible experience is defined as a significant increase in the complexity and scope of responsibility in IT and systems functions over time. ENDORSEMENT OF COUNTY QUALIFICATIONS: County employees who wish to meet the requirements using out-of-class experience must provide official documentation such as additional responsibility bonus, out-of-class bonus, temporary assignment bonus, or reclassification study from CEO Classification with your application at the time of filing or within seven (7) calendar days from application submission. Employees do not need to submit such verification if they hold or have held a position at an appropriate level. Out-of-class duties should be accurately described in the application work history, and questionable experience will be verified through the departmental HR Manager when necessary. WITHHOLD INFORMATION: No withholds will be allowed for this examination. Required education and experience must be fully met and indicated on the application by the last day of filing. Additional Information OUR ASSESSMENT PROCESS: This examination will consist of TWO (2) parts: Part I: Multiple-choice and/or simulation assessment(s), weighted 45 % , assessing: Deductive Reasoning Professional Potential Achievement Working Relationships Analyzing Information Learning Quickly Generating New Ideas Using Time Efficiently Working to High Quality Standards Adapting to Change Coping with Uncertainty Willingness to Learn Responsibility Candidates must achieve a passing score of 70% or higher on Part I to proceed to Part II of this examination. Part II: Multiple-choice and/or simulation assessment(s), weighted 55 % , assessing: Cyber Risk covering knowledge of Cyber Risk Management, System and Application Security, Network Security, and Security Management; Cloud Computing covering knowledge of Cloud Computing Concepts, Cloud Service Models, Virtualization, and Private Clouds; Systems Analysis covering knowledge of Fundamental Systems Analysis Skills, Implementation and Support, Systems Analysis Tasks, Systems Design Tasks, and technical methods for specifying requirements. MULTIPLE-CHOICE AND/OR SIMULATION ASSESSMENT(S) ARE NOT REVIEWABLE BY CANDIDATES PER CIVIL SERVICE RULE 7.19. Candidates must meet the Selection Requirements and achieve a passing score of 70% or higher on each weighted part of the examination in order to be placed on the Eligible List. TRANSFER OF TEST COMPONENTS: Applicants who have taken identical components recently for other exams may have their scores automatically transferred to this examination. This examination contains test components that may be used in the future for new examinations and your test scores may be transferred. Please add the below email addresses to your email address book and list of approved senders to prevent email notifications from being filtered as spam/junk/clutter mail. JHines@hr.lacounty.gov info@governmentjobs.com talentcentral@shl.com donot-reply@amcatmail.com noreply@proctoru.com TEST PREPARATION: Study guides and other test preparation resources are available to help candidates prepare for employment tests. While the guides will help in preparing for the test, we advise you to review all related materials that you deem necessary. An interactive, Online Test Preparation System for taking practice tests may be accessed on the Department of Human Resources website at http://hr.lacounty.gov/ . Please click on "Find a Job" and then "Job Search Toolkit." Test preparation information is located under the "Employment Test Assistance" section. Additional online practice tests are available at https://www.shldirect.com/en-us/practice-tests / . Please note that these resources are intended to provide general information about the types of tests and assessments used by the County of Los Angeles. These resources do not contain details of the exam nor the specific questions you will be asked to answer during the test administration. The exam content section describes the areas assessed by the test and you are invited to study and review whatever material you believe will help you to prepare. Note: All notifications, including invitation notices, will be sent electronically to the email address provided on the application. Test scores cannot be given over the telephone. ELIGIBILITY INFORMATION: The names of candidates receiving a passing score in the examination will be placed on the eligible list for a period of twelve (12) months. VACANCY INFORMATION: The resulting eligible list will be used to fill a vacancy within the LA County Library. AVAILABLE SHIFT: Any HOW TO APPLY: Applications must be filed online only. We will begin receiving applications on Monday, April 22, 2024, at 8:00 a.m. (PT) . All application must be received BEFORE 5:00 p.m., (PT) on the last day of filing. Applications submitted by U.S. mail, fax, or in person will not be accepted. Apply online by clicking on the green " Apply " button at the top right of this posting. Plan to submit your online application well in advance of the 5:00 p.m. (PT) deadline as you may be required to verify your email address. This only needs to be done once per email address, and if you already have a job seeker account on governmentjobs.com/careers/lacounty , you can verify at any time by logging in and following the prompts. This is to enhance the security of your online application and to ensure you do not enter an incorrect email address. Fill out your application completely. The acceptance of your application depends on whether you have clearly shown that you meet th e Selection Requirements as listed on this job posting. Provide any relevant job experience in the spaces provided so we can evaluate your qualifications for the job. For each job held, give the name and address of your employer, your job title, beginning and ending dates, number of hours worked per week, and description of work performed. If your application is incomplete, it will be rejected. IMPORTANT: Please note that all information included in the application materials is subject to verification at any point during the examination and hiring process, including after an appointment has been made. Falsification of any information may result in disqualification or rescission of appointment . Utilizing verbiage from Class Specification and Selection Requirements serving as your description of duties will not be sufficient to demonstrate that you meet the requirements. Doing so may result in an incomplete application and you may be disqualified. ________________________________________________________________________ ANTI-RACISM, DIVERSITY, AND INCLUSION (ARDI): The County of Los Angeles recognizes and affirms that all people are created equal and are entitled to all rights afforded by the Constitution of the United States. The Department of Human Resources is committed to promoting Anti-racism, Diversity, and Inclusion efforts to address the inequalities and disparities amongst race. We support the ARDI Strategic Plan and its goals by improving equality, diversity, and inclusion in recruitment, selection, and employment practices. SOCIAL SECURITY NUMBER: Please include your Social Security Number for record control purposes. Federal law requires that all employed persons have a Social Security Number. NO SHARING OF USER ID AND PASSWORD: All applicants must file their application online using their own user ID and password. Using a family member's or friend's user ID and password may erase a candidate's original application record. COMPUTER AND INTERNET ACCESS AT PUBLIC LIBRARIES: For candidates who may not have regular access to a computer or the internet, applications can be completed on computers at public libraries throughout Los Angeles County. Refer to their website for updated information at Library Locator - LA County Library . TESTING ACCOMMODATION: If you require an accommodation to fairly compete in any part of the assessment process, you will be given the opportunity to make a request when completing your application. Please note, you may be required to submit documentation from a qualified medical provider or other qualified professional to support your request for a testing accommodation. Testing Accommodations Coordinator: TestingAccommodations@hr.lacounty.gov Teletype Phone: (800) 735-2929 California Relay Services Phone: (800) 735-2922 Have any questions about anything listed above? Contact us: Department Contact Name: Jasmine Hines Department Contact Phone: (213) 738-2008 Department Contact Email: jhines@hr.lacounty.gov Exam Number: Q2611A-R For detailed information, please click here
Apr 20, 2024
Full Time
Position/Program Information EXAM NUMBER Q2611A-R APPLICATION FILING PERIOD We will begin receiving applications on Mon da y, April 22, 2024, at 8:00 a.m. (PT). This examination will remain open until the needs of the service are met and is subject to closure without prior notice. TYPE OF RECRUITMENT Open Competitive Job Opportunity SPECIAL SALARY INFORMATION Management Appraisal and Performance Plan (MAPP): This position is subject to the provisions of the County's Management Appraisal of Performance Plan (MAPP) and is compensated at MAPP range S10. Initial salary placement and subsequent salary adjustments will be made in accordance with MAPP guidelines and regulations. CHECK OUT OUR OUTSTANDING BENEFITS! Los Angeles County offers one of the strongest public-sector benefits packages in the nation. Click here to see a list of employee benefits. WHO WE ARE: LA County Library is one of the largest and most innovative public library systems in the United States. It offers free public resources, including books, music, multimedia materials, computers and internet access and educational and recreational services to 3.4 million residents through its 85 libraries and mobile fleet of vehicles. LA County library is dedicated to reducing barriers and increasing equity and access to public services for all. WHO WE ARE LOOKING FOR: LA County Library seeks to attract and retain a high performing and diverse workforce in which employees’ differences are respected and valued to better meet the varying needs of the diverse customers we serve. We are looking for multi-taskers who are able to work independently and as part of a team. Our ideal candidate is someone with an analytical mind and excellent communication skills, who will lead the information security function for LA County Library, as well as develop and deliver a comprehensive departmental information security strategy to optimize the department’s security posture. Essential Job Functions As a Departmental Information Security Officer I, your responsibilities will include, but are not limited to the following: Developing and maintaining the departmental Information Security Program including policies, standards, and procedures; cybersecurity control evaluation, selection, and implementation; and architectures, products and services, pursuant to County Chief Information Office architectures, standards and guidelines, and Board polices and applicable laws. Collaborating with departmental business units to conduct comprehensive information security risk assessments, and participating in regular reviews of security standards, governance, data compliance and privacy management, audit, risk assessments, physical and logical access reviews, risk assessments and data destruction solutions. Conducting vulnerability assessments to identify existing or potential weaknesses in systems and processes that could lead to compromises; facilitating remediation of identified vulnerabilities within processes, systems and applications and coordinating investigations with relevant authorities, including the Countywide Chief Privacy Officer (CPO), Countywide Cybersecurity Incident Response Committee (CCIRC) , Auditor-Controller, and law enforcement agencies as necessary. Leading and conducting routine assessments and periodic inspections of departmental information technology systems to ensure the effectiveness of security controls and recommending appropriate corrective measures to eliminate or mitigate system compromises. Actively participating in federal, State and local audits and reviews for the department. Coordinating the department's information technology-related aspects of annual or biennial Internal Control Certification Program (ICCP) audits. Providing guidance to department management and implementing necessary policies, standards, or controls to address department-specific regulatory and contractual factors. Collaborating with departmental stakeholders to align security posture with business objectives. Collaborating with application and software developers to ensure that production applications comply with established information security policies, standards and business requirements. Facilitating the development and distribution of information security and privacy awareness training and education for departmental employees in cooperation with the Chief Information Security Officer (CISO) and CPO. Promotes Countywide initiatives pertaining to information security and privacy education and awareness programs. Representing the department on County cybersecurity governance bodies, committees and workgroups. Participating in the development, review, and recommendation of Countywide information technology security policies, technical and operational standards, procedures and guidelines. Identifying and recommending industry best practices for cybersecurity, fostering communication and collaboration among County departments on countywide and departmental cybersecurity issues. Serving as a member of the CCIRC. Establishing and leading a Departmental Cybersecurity Emergency Response Team (DCERT). Developing appropriate security incident notification procedures for departmental management, CISO, CPO and CCIRC. Participating in Countywide activities and providing recommendations of software products and controls related to cybersecurity. Collaborating with responsible County entities in the development and implementation of Countywide business continuity and disaster recovery plans to ensure appropriate cybersecurity measures. Liaising between the department and the CPO regarding electronic data and physical records, privacy incident and breach response, privacy audits, and other initiatives pertaining to the County’s privacy program components and related policies. Ensuring proper departmental inventories of information technology assets and software licenses i n collaboration with information technology operations. Reviewing departmental information technology projects and information technology contrac t terms, in conjunction with County Counsel, to ensure information security sufficiency. Participating in the review of information technology facility acquisition, construction, and remodeling projects to ensure adherence to County information security policies, standards, guidelines and industry best practices as needed. Supervising and/or managing subordinate security officers, supervisors and technical staff as needed. Serving as a witness or subject-matter expert (SME) for the department in legal matters concerning cybersecurity as needed. Requirements SELECTION REQUIREMENTS: Graduation from an accredited college or university with a bachelor's* degree or higher in Computer Science, Information Security, Information Assurance, Business Administration, or a related discipline - AND - two (2) years of recent** progressively responsible*** experience in a combination of risk management, information security and cybersecurity roles - AND - two (2) years of recent** experience in Information Technology project management. LICENSE REQUIREMENTS: A valid California Class C Driver's License or the ability to utilize an alternative method of transportation when needed to carry out job-related essential functions. PHYSICAL EXPECTATIONS: 2 - Light: This class includes administrative and clerical positions requiring light physical effort that may include occasional light lifting to a 10-pound limit and some bending, stooping, or squatting. Considerable ambulation may be involved. SPECIAL REQUIREMENT INFORMATION: * In order to receive credit for your education, you must include a legible copy of the official diploma, official transcripts, or official letter from the accredited institution which shows the area of specialization with your application at the time of filing or within seven (7) calendar days from application submission. Note: Foreign studies must be evaluated by an academic credential evaluation agency and deemed to be equivalent to degrees from the United States. (See Accreditation Information under Employment Information). ** Recent experience is defined as experience within the last five (5) years. *** Progressively responsible experience is defined as a significant increase in the complexity and scope of responsibility in IT and systems functions over time. ENDORSEMENT OF COUNTY QUALIFICATIONS: County employees who wish to meet the requirements using out-of-class experience must provide official documentation such as additional responsibility bonus, out-of-class bonus, temporary assignment bonus, or reclassification study from CEO Classification with your application at the time of filing or within seven (7) calendar days from application submission. Employees do not need to submit such verification if they hold or have held a position at an appropriate level. Out-of-class duties should be accurately described in the application work history, and questionable experience will be verified through the departmental HR Manager when necessary. WITHHOLD INFORMATION: No withholds will be allowed for this examination. Required education and experience must be fully met and indicated on the application by the last day of filing. Additional Information OUR ASSESSMENT PROCESS: This examination will consist of TWO (2) parts: Part I: Multiple-choice and/or simulation assessment(s), weighted 45 % , assessing: Deductive Reasoning Professional Potential Achievement Working Relationships Analyzing Information Learning Quickly Generating New Ideas Using Time Efficiently Working to High Quality Standards Adapting to Change Coping with Uncertainty Willingness to Learn Responsibility Candidates must achieve a passing score of 70% or higher on Part I to proceed to Part II of this examination. Part II: Multiple-choice and/or simulation assessment(s), weighted 55 % , assessing: Cyber Risk covering knowledge of Cyber Risk Management, System and Application Security, Network Security, and Security Management; Cloud Computing covering knowledge of Cloud Computing Concepts, Cloud Service Models, Virtualization, and Private Clouds; Systems Analysis covering knowledge of Fundamental Systems Analysis Skills, Implementation and Support, Systems Analysis Tasks, Systems Design Tasks, and technical methods for specifying requirements. MULTIPLE-CHOICE AND/OR SIMULATION ASSESSMENT(S) ARE NOT REVIEWABLE BY CANDIDATES PER CIVIL SERVICE RULE 7.19. Candidates must meet the Selection Requirements and achieve a passing score of 70% or higher on each weighted part of the examination in order to be placed on the Eligible List. TRANSFER OF TEST COMPONENTS: Applicants who have taken identical components recently for other exams may have their scores automatically transferred to this examination. This examination contains test components that may be used in the future for new examinations and your test scores may be transferred. Please add the below email addresses to your email address book and list of approved senders to prevent email notifications from being filtered as spam/junk/clutter mail. JHines@hr.lacounty.gov info@governmentjobs.com talentcentral@shl.com donot-reply@amcatmail.com noreply@proctoru.com TEST PREPARATION: Study guides and other test preparation resources are available to help candidates prepare for employment tests. While the guides will help in preparing for the test, we advise you to review all related materials that you deem necessary. An interactive, Online Test Preparation System for taking practice tests may be accessed on the Department of Human Resources website at http://hr.lacounty.gov/ . Please click on "Find a Job" and then "Job Search Toolkit." Test preparation information is located under the "Employment Test Assistance" section. Additional online practice tests are available at https://www.shldirect.com/en-us/practice-tests / . Please note that these resources are intended to provide general information about the types of tests and assessments used by the County of Los Angeles. These resources do not contain details of the exam nor the specific questions you will be asked to answer during the test administration. The exam content section describes the areas assessed by the test and you are invited to study and review whatever material you believe will help you to prepare. Note: All notifications, including invitation notices, will be sent electronically to the email address provided on the application. Test scores cannot be given over the telephone. ELIGIBILITY INFORMATION: The names of candidates receiving a passing score in the examination will be placed on the eligible list for a period of twelve (12) months. VACANCY INFORMATION: The resulting eligible list will be used to fill a vacancy within the LA County Library. AVAILABLE SHIFT: Any HOW TO APPLY: Applications must be filed online only. We will begin receiving applications on Monday, April 22, 2024, at 8:00 a.m. (PT) . All application must be received BEFORE 5:00 p.m., (PT) on the last day of filing. Applications submitted by U.S. mail, fax, or in person will not be accepted. Apply online by clicking on the green " Apply " button at the top right of this posting. Plan to submit your online application well in advance of the 5:00 p.m. (PT) deadline as you may be required to verify your email address. This only needs to be done once per email address, and if you already have a job seeker account on governmentjobs.com/careers/lacounty , you can verify at any time by logging in and following the prompts. This is to enhance the security of your online application and to ensure you do not enter an incorrect email address. Fill out your application completely. The acceptance of your application depends on whether you have clearly shown that you meet th e Selection Requirements as listed on this job posting. Provide any relevant job experience in the spaces provided so we can evaluate your qualifications for the job. For each job held, give the name and address of your employer, your job title, beginning and ending dates, number of hours worked per week, and description of work performed. If your application is incomplete, it will be rejected. IMPORTANT: Please note that all information included in the application materials is subject to verification at any point during the examination and hiring process, including after an appointment has been made. Falsification of any information may result in disqualification or rescission of appointment . Utilizing verbiage from Class Specification and Selection Requirements serving as your description of duties will not be sufficient to demonstrate that you meet the requirements. Doing so may result in an incomplete application and you may be disqualified. ________________________________________________________________________ ANTI-RACISM, DIVERSITY, AND INCLUSION (ARDI): The County of Los Angeles recognizes and affirms that all people are created equal and are entitled to all rights afforded by the Constitution of the United States. The Department of Human Resources is committed to promoting Anti-racism, Diversity, and Inclusion efforts to address the inequalities and disparities amongst race. We support the ARDI Strategic Plan and its goals by improving equality, diversity, and inclusion in recruitment, selection, and employment practices. SOCIAL SECURITY NUMBER: Please include your Social Security Number for record control purposes. Federal law requires that all employed persons have a Social Security Number. NO SHARING OF USER ID AND PASSWORD: All applicants must file their application online using their own user ID and password. Using a family member's or friend's user ID and password may erase a candidate's original application record. COMPUTER AND INTERNET ACCESS AT PUBLIC LIBRARIES: For candidates who may not have regular access to a computer or the internet, applications can be completed on computers at public libraries throughout Los Angeles County. Refer to their website for updated information at Library Locator - LA County Library . TESTING ACCOMMODATION: If you require an accommodation to fairly compete in any part of the assessment process, you will be given the opportunity to make a request when completing your application. Please note, you may be required to submit documentation from a qualified medical provider or other qualified professional to support your request for a testing accommodation. Testing Accommodations Coordinator: TestingAccommodations@hr.lacounty.gov Teletype Phone: (800) 735-2929 California Relay Services Phone: (800) 735-2922 Have any questions about anything listed above? Contact us: Department Contact Name: Jasmine Hines Department Contact Phone: (213) 738-2008 Department Contact Email: jhines@hr.lacounty.gov Exam Number: Q2611A-R For detailed information, please click here