Arlington, Virginia
Apr 06, 2018
Jun 01, 2018
Full Time
Job Title: CHIEF INFORMATION SECURITY OFFICER Closing Date/Time: Continuous Salary: $88,316.80 - $149,676.80 Annually
Job Type: Full-Time Location: 2100 Clarendon Blvd., Arlington *METRO-accessible*, Virginia       NOTE:  This is a re-opening to expand the pool of qualified candidates. If you have already applied for this position, there is no need to re-apply unless you wish to update your application.

Arlington County's Department of Technology Services (DTS) is searching for an experienced Chief Information Security Officer (CISO) to ensure adequate security protection and to oversee the confidentiality, integrity, planning and analysis of the County's information assets and technology systems. Working under the direction of the Chief Information Officer (CIO), this senior leader is responsible for providing technical leadership, directing the development of the County's enterprise security strategy, fostering a security-awareness culture, ensuring availability of the County's technology systems, and the enforcement of County-wide information security policies, standards, procedures and guidelines, and aligning security initiatives with enterprise programs and business objectives.
An essential role of the CISO is to provide professional advice, subject matter expertise, and problem solving services to leadership in County Departments including Public Safety, Human Resources, and the County Attorney's office on issues related to information security tools, programs and practices, enforcement of security violations, and to develop secure and confidential technical solutions for business applications. The CISO ensures that the County's information technology (IT) systems comply with federal, state, and County privacy and security regulations and requirements (e.g. HIPAA, homeland defense initiatives) and serves as the County's liaison to other external resources that support the County's cyber threat prevention, protection, response, and recovery plans and programs. (e.g. Department of Homeland Security's Critical Infrastructure Protection Program, the Multi-State Information Sharing and Analysis Centers (MS-ISAC)).
Specific responsibilities include:
  • Directing the design, development, and implementation of a strategic, long-term information security strategy and multi-year roadmap for the County's information assets to mitigate cyber threats and security risks;
  • Initiating and managing third party risk assessments to include internal and external audits of the County's information security programs and practices to identify current and future vulnerabilities;
  • Conducting post mortem analysis and developing metrics related to information security breaches, violations, malicious activity and incidents to all levels of management; and recommending corrective technical options and/or updates to IT security initiatives and policies to prevent future occurrences;
  • Developing and administering County-wide information security awareness and education programs;
  • Overseeing and directing proper evaluations and selection criteria of all innovative, cost-effective vendor products, tools, and services related to the County's secure technology infrastructure;
  • Participating in the development, implementation, and maintenance of effective disaster recovery plans, processes and procedures necessary to recover services in the event of a declared disaster; and
  • Representing the County's information security related interests at industry standards committee meetings and technical conferences.

The ideal candidate has significant information technology and leadership experience with an extensive background in information systems/cybersecurity to include an understanding of cloud, SaaS, and IoT architectures, with knowledge of security, risk and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO, SCADA Systems and ITIL. A proactive approach to risk-based decision making, and excellent written and verbal communication, interpersonal and collaborative skills are essential to this position.  This individual must have demonstrated experience leading the design and implementation of information system security and risk-related concepts and communicating this information to both technical and non-technical audiences at all levels.  
 Selection Criteria: MINIMUM:  A combination of education and experience that demonstrates the knowledge and ability to manage technology programs and information systems at a senior level and to research, analyze, and develop solutions for complex operational problems. Experience should also demonstrate leadership abilities to manage cyber security challenges and to assess emerging technologies.
Typically, this type of knowledge and experience is obtained through graduation from college with a Bachelor's degree in computer science or related field as well as substantial leadership experience managing an organization's information security programs and technology.
SUBSTITUTION: Additional qualifying experience may substitute for the education requirement on a year for year basis. 
 Special Requirements: Please provide a cover letter addressing how your education, experience and training meets the qualification requirements under selection criteria, and highlight your accomplishments in these areas. Be sure to describe your specific information technology and leadership experience related to managing information systems/cybersecurity efforts. Please also include any knowledge and experience you have with security, risk and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO, SCADA Systems and ITIL, and in communicating security and risk-related concepts to both technical and non-technical audiences.
Please use the space provided in the Supplemental Questions section of the online application for your cover letter or attach the cover letter to your online application.
 Additional Information: This recruitment is open until the position is filled with a preferred filing date of April 19, 2018.  Applications submitted by this date will receive first consideration.  Interested applicants are encouraged to submit their applications as soon as possible. Qualified applicants in this first group will be referred to the hiring manager and interviews will be conducted on a regular basis throughout the recruitment with candidates whose qualifications best fit our needs.  Applications received after April 19, 2018 may be considered if a hire is not made from applicants received by the preferred filing date.  The application process will close when the position has been filled or when a sufficient number of qualified applications have been received.
This position is part of a broadband, competency based pay pilot for which the overall salary range is $87,422.40 - $148,179.20 Annually. Individuals hired to positions in this pay pilot will be appointed at a salary based on their experience and training and the nature of the work assigned. Within pay guidelines, pay pilot participants are eligible for variable salary increases based on performance growth in responsibilities and employee development on a yearly basis.

For more information on Arlington's family friendly benefits, click here.

Similar jobs