INFORMATION SECURITY, PRIVACY AND REGULATORY AFFAIRS DIVISION CHIEF
Arlington County's Department of Technology Services (DTS) is hiring a Division Chief to lead the County's information security, privacy, and regulatory affairs efforts. This senior leader ensures the protection of the County's technology assets while providing subject matter expertise on issues related to security regulations and requirements (e.g. HIPAA and homeland defense initiatives). The Division Chief fosters a security-awareness culture, ensures availability of technology systems, and aligns security initiatives with enterprise programs and business objectives. In addition to directing the design, development, and enforcement of a strategic information security strategy to mitigate cyber threats and security risks, this individual oversees network security operations, privacy and enterprise records. These management functions include regulation and enforcement of the County's cable franchise agreements with various cable television franchisees.
Working under the direction of the Chief Information Officer, this senior leader manages a team of DTS staff and contractors to include security staff embedded in other County departments on threats of intrusion and extrusion to the County's networks, servers, and endpoints. This individual represents the County at industry standards committee meetings and technical conferences. The Division Chief also serves as the County's liaison to external resources supporting the County's cyber threat prevention, protection, response, and recovery plans and programs (e.g. Department of Homeland Security's Critical Infrastructure Protection Program, the Multi-State Information Sharing and Analysis Centers (MS-ISAC).
Specific responsibilities include:
- Initiating, conducting, and managing risk assessments to include internal and external audits of the County's information security programs and practices to identify current and future vulnerabilities;
- Participating in the development, implementation, and maintenance of effective disaster recovery plans and procedures to ensure recovered services in the event of a declared disaster;
- Conducting post mortem analysis and developing metrics related to information breaches, violations, malicious activity and incidents; and recommending corrective technical options and/or updates to IT security initiatives and policies to prevent future occurrences;
- Supporting matrix leadership related to the security and integrity of the Supervisory Control and Data Acquisition (SCADA) systems that manage the County's core utilities (e.g. traffic signals, pumping stations, water quality);
- Developing and administering County-wide information security awareness and education programs;
- Establishing selection criteria for innovative, cost-effective vendor products, tools, and services related to the County's secure technology infrastructure;
- Providing leadership to ensure processes for responding to Freedom of Information Act (FOIA) requests, litigation holds, and other electronic discovery (eDiscovery) requests comply with regulations and support operational requirements; and
- Overseeing enforcement of cable television franchise agreements.
The ideal candidate has significant information technology and leadership experience with an extensive background in information systems/cybersecurity to include an understanding of cloud, SaaS, and IoT architectures, with a familiarity of MS-ISAC and knowledge of security, risk and control frameworks and standards to include ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO, SCADA Systems and ITIL. A proactive approach to risk-based decision making, and excellent written and verbal communication, interpersonal and collaborative skills are essential to this position. This individual must have demonstrated experience leading the design and implementation of information system security and risk-related concepts and communicating this information to both technical and non-technical audiences at all levels.
MINIMUM: The successful candidate will have a combination of education and experience that demonstrates the knowledge and ability to manage technology programs and information systems at a senior level and to research, analyze, and develop solutions for complex operational problems. Experience should also demonstrate leadership abilities to manage cyber security challenges and to assess emerging technologies.
Typically, this type of knowledge and experience is obtained through a combination of an advanced degree in computer science or related field plus significant experience managing an organization's information security programs and technology.
SUBSTITUTION: Additional qualifying experience may substitute for the education requirement on a year for year basis.
Please provide a cover letter addressing how your education, experience and training meets the qualification requirements under selection criteria, and highlight your accomplishments in these areas. Be sure to describe your specific information technology and leadership experience related to managing information systems/cybersecurity efforts. Please also include any knowledge and experience you have working with MS-ISAC, security, risk and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO, SCADA Systems and ITIL, and in communicating security and risk-related concepts to both technical and non-technical audiences.
Please use the space provided in the Supplemental Questions section of the online application for your cover letter or attach the cover letter to your online application.
Work Hours: Monday â€“ Friday, 8am â€“ 5pm with some flexibility.
This recruitment is open until the position is filled with a preferred filing date of September 20, 2018. Applications submitted by this date will receive first consideration. Interested applicants are encouraged to submit their applications as soon as possible. Qualified applicants in this first group will be referred to the hiring manager and interviews will be conducted on a regular basis throughout the recruitment with candidates whose qualifications best fit our needs. Applications received after September 20, 2018 may be considered if a hire is not made from applicants received by the preferred filing date. The application process will close when the position has been filled or when a sufficient number of qualified applications have been received.
Starting salary will depend upon the qualifications and experience of the candidate selected and is negotiable. This position is in the Arlington County Government's Senior Management Accountability Program (SMAP), in which Senior Program Managers are evaluated and compensated based on a performance agreement linked to the County's Management plan, and results achieved, among other criteria. For more information on Arlington's family friendly benefits, click here.
Completion of the Commonwealth of Virginia Statement of Economic Interest form will be required of the successful candidate upon hire and annually thereafter.