Deputy Chief Information Security Officer

About The Position

Requirements

• PROMOTIONAL STATUS IS REQUIRED. You must be a current or retired employee of LAUSD with 130 paid days in regular status in the Classified Service or permanent status in the Certificated Service or have been laid-off within the past 39 months from a regular, permanent LAUSD position in which you passed probation.
• Graduation from a recognized college or university, preferably with a major in computer science, telecommunications management, electrical engineering, business management or related field. An advanced degree in the aforementioned areas is highly preferable.
• Four years of executive or management level experience in systems security, preferably with two years of experience in systems security management in a K-12 and/or university setting. The experience must have included telecommunications and networking security, application and systems security, application development security, user authentication and authorization management, information systems vulnerability assessment and physical data security. Experience with training in systems analysis and information/telecommunications security is highly preferable.
• Possession of the Certified Information Systems Security Professional (CISSP) or equivalent is required.
• A valid driver’s license to legally operate a motor vehicle in the State of California and the use of a motor vehicle.

Nice To Haves

• Security architecture, cloud security, and governance
• Broad range of IT security and risk management frameworks
• Common information security management frameworks, such as ISO/IEC 27001 and NIST
• Networking, application systems, Internet, Intranet, and client server operation
• IT security principles, access controls, and confidential information protection principles
• Firewall technology, remote access security, voice, data, and advanced local-area and wide-area networking technologies
• Agile (scaled) software development or other best in class development practices
• Cloud computing/Elastic computing across virtualized environments
• Information system auditing
• Encryption technologies, software, and applications
• Access control systems and methodology
• Security management practices
• Security architecture and models Law, investigation, and ethics surrounding IT security
• District business disciplines, such as finance, HR, contracts, compliance and District operations Methods of project and process control, budgeting, and cost analysis and prediction
• Principles of organization, personnel management, and progressive disciplinary procedures
• Pertinent employee and student confidentiality, safety laws, regulations, and District policies and procedures
• Develop long and short-range plans
• Think innovatively, lead and motivate cross functional interdisciplinary teams
• Work with vendors, negotiate and manage vendor services
• Recognize, analyze, and deal effectively with problems and issues
• Communicate clearly and effectively both orally and in writing
• Work effectively with District personnel, the public, and representatives of manufacturers and other organizations
• Reviews contracts, service level agreements and other documents to verify they meet information security needs and requirements
• Work well under pressure of multiple priorities and short deadlines Manage through direct reporting personnel
• Supervise, train, and evaluate the work of direct and non-direct reporting personnel
• Effective vision to review and resolve network security issues via computers promptly.

Responsibilities

• Directs the day-to-day administration and operations of the information technology departments responsible for District security and device, identity and information management.
• Builds, develops and directs the implementation and monitoring of a comprehensive information security program and framework based on industry standards which includes policies, compliance, risk management, and training to mitigate cybersecurity hacks, breaches, attacks, and threats.
• Collaborates with security, network, and software application architecture teams to ensure compliance to changing regulations and technical standards.
• Manages the availability, confidentiality, integrity and authenticity of the District during project development of information systems.
• Collaborates with the Chief Information Security Officer and executive staff to develop the District’s information security program strategy while prioritizing and ensuring alignment with the District’s goals and initiatives such as the protection of District information assets.
• Oversees and directs security architecture, cloud security, governance, risk and compliance, training and education and other security programs.
• Defines the blueprint and multi- agency/multi-disciplinary operational plan for defense and response, including vulnerability/risk assessment and penetration tests for applications, networks, cloud and other security risk areas
• Oversees the documentation and design of the District’s cybersecurity architecture, systems, services and alignment to industry best practices and standards.
• Works with architecture teams to build synergy between security architecture, network architecture and software application architecture to ensure technology builds and designs comply with technical standards.
• Develops security standards and baselines to define required security controls and settings on all firewalls, servers, commercial applications, and networks.
• Assists the Chief Information Security Officer in ensuring appropriate processes to monitor and audit ongoing operations to detect, analyze, and correct security infractions/violations
• Oversees the monitoring of the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action.
• Establishes and administers a data and systems security awareness program for all District customers to ensure they are aware of security threats, policies, and procedures necessary for the efficient and effective use of District information systems
• Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept abreast of relevant/potential threats.
• May represent the District on data and system security matters and serves as the Information Technology Services liaison with regulators, auditors, suppliers, and other outside entities.

Benefits

• We offer a choice of several medical, dental, vision, and life insurance plans for you and your family.
• Employees are members of the California Public Employee Retirement System (CalPERS).
• Executive employees enjoy 24 days of paid vacation each year.
• Full-time employees receive 13 paid days off each year.