Chief Information Security Officer

An OverviewThe Department of Information Technology Services (ITS) is seeking an Chief Information Security Officer who will have responsibility for overseeing the City of Alexandria government’s Cybersecurity Program. This supervisory position reports directly to the Deputy Chief Information Officer (CIO) and uses industry best practices to oversee the implementation of all security policies as directed by the CIO, and enforces the City’s enterprise cybersecurity through policy, architecture, technical and functional administration, and training. The Chief Information Security Officer will also lead in selecting, configuring, communicating, and implementing cybersecurity solutions and security controls to identify and reduce IT risk.

What You Should Bring
You should have a demonstrated ability of being able to work independently, as well as a history of establishing and maintaining effective working relationships with coworkers, representatives of other departments and agencies, and the public. You must be able to communicate clearly and effectively, both verbally and in writing, as well as being able to mentor junior staff. You should be able to show proactivity in continuously improving your job knowledge and technical and functional skills through training opportunities and self-study. Our ideal candidate will have considerable hands-on experience in all aspects of cybersecurity, and an ability to lead, manage, and communicate.

The Opportunity
As the Chief Information Security Officer, your effort will be focused on all aspects of City-wide IT cybersecurity, from developing cybersecurity plans and strategies to preventing and mitigating cyber-attacks. Examples of duties include:

• Working with and fostering collaboration among key stakeholders, developing, communicating, and managing all information security policies, standards, procedures, and internal controls to ensure compliance with local, state, and federal laws and information security best practices
• Providing technical and functional demonstrations and information to recommend and approve baseline security configurations for operating systems, applications, networking, and telecommunications equipment
• Developing, implementing, communicating, and managing best practice strategies, policies and plans to apply technical and functional security controls to detect, prevent, and mitigate risk
• Briefing CIO and other executive team members on risk management, including risk mitigation strategies and necessary budgets and organization impacts
• Reviewing recommending and approving identity and access management (IAM) policies
• Reviewing, recommending, and approving business continuity and disaster recovery plans
• Developing, communicating, managing, and leading a computer security incident response team (CSIRT) and procedures and from the discovery phase through to conclusion including delivery of 'after-action' reports to executives, and recommending corrective actions to prevent future occurrences
• Representing the City to local, regional, state and federal agencies on issues related to cybersecurity and protection of local government's critical IT infrastructure assets, and working with counterparts in other jurisdictions and external agencies to continuously evaluate and address emerging security threats.
• Investigating and recommending innovative technologies that reduce IT risk and provide potential cost savings for the City
• Deploying the IT Security awareness program through structured training and staff communication
• Providing written or verbal communications to all levels of staff, leadership and elected officials on security issues and recommendations
• Assisting in the development of secure systems architecture standards and review and approval of architectural changes
• Evaluating security and risk of all third-party systems that directly or indirectly access the City's network and reviewing terms and conditions for vendor solutions and/or new technology acquisitions.
• Developing and implementing strategies to manage data classification and the appropriate lifecycle management of data in on-premise and hosted systems.
• Performing other duties as assigned.

About the Department
The Information Technology Services Department is responsible for enterprise technology operations for the City of Alexandria. ITS provides technology services and solutions to City departments to enhance service delivery. ITS aligns its work with City needs by providing leadership, resources, expertise, and products that enable departments to better serve the City’s residents, businesses, and visitors. ITS resources support initiatives funded through the multi-year Information Technology Capital Improvement Plan (IT/CIP) to improve the overall technology landscape. The City of Alexandria’s ITS Department has been a Top Ten National Finalist in the Digital Cities Award program for over the past 10 years.

Minimum & Additional Requirements

Bachelor's degree and seven (7) years of experience in risk management, information security and IT of which three years are in a leadership role; or any equivalent combination of experience and training which provides the required knowledge, skills and abilities.

Preferred Qualifications

• Recent technical experience within the past five years demonstrating a comprehensive knowledge of information security and risk management and technology (audit compliance, regulatory compliance, business continuity and disaster recovery, vulnerability management, configuration management, web application security, intrusion detection and prevention systems, firewalls, and endpoint security).
• Recent technical experience within the past five years demonstrating a comprehensive knowledge of security administration in a Windows-based network environment.
• Recent experience within the past five years demonstrating a comprehensive knowledge of information protection standards, guidelines, and applied procedures (i.e., industry "best practices").
• Technical experience within the past 10 years demonstrating a comprehensive knowledge of server administration as applied to network and internet security.
• Functional experience within the past 10 years demonstrating a comprehensive knowledge of common information security management frameworks, such as SANS CIS 20 Critical Controls, ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Experience within the past 10 years demonstrating a comprehensive knowledge of business needs coupled with the ability to establish and maintain a high level of customer trust and confidence in the security team's concern for customers.

Notes

This position requires the successful completion of pre-employment checks including but not limited to a criminal background and drug screening. This position may be occasionally required to be available after normal working hours to support applications and to respond to the City’s Emergency Operations Center (EOC) when it is activated.

This position will be posted until filled.