Lake County is seeking an Information Security Officer (ISO) with a track record of implementing security best practices at the enterprise level. This position will report directly to the CIO and is responsible for developing, implementing and directing a comprehensive information technology security and privacy program. The ISO is responsible for developing and monitoring practices to ensure that Lake County’s information systems are physically secure and available to authorized users and is responsible for executive guidance within IT, governance, risk management, and the overall security posture of the organization. This position will continually prevent, identify, and mitigate security threats and vulnerabilities in Lake County's systems, while assessing the amount of risk present and the cost and value of implementing controls and preventative measures. The ISO is responsible for promoting security awareness in the organization and ensuring compliance with statutory and regulatory requirements regarding information access, security, and privacy.
- Develop, implement, and maintain procedures and practices to ensure a high level of security for Lake County’s information systems and assets (for example, system protection, identity and access management, intrusion detection and prevention, advanced threat detection, vulnerability scanning, threat mitigation and incident response, security analysis and reporting, etc.), and help oversee IT change control program.
- Develop, maintain, and enhance Incident and Response procedures to address security incidences (breaches); respond to alleged violations and/or complaints.
- Participate in Disaster/Recovery planning and testing.
- Implement internal controls and conduct and coordinate security audits.
- Help establish strong IT governance, implementing sound IT policies mapped to business and compliance/regulatory requirements.
- Develop and implement an ongoing risk assessment program targeting information security; recommend methods for vulnerability detection and remediation, and oversee vulnerability and penetration testing to ensure the integrity, confidentiality, and availability of information.
- Provide and present the latest legislation, regulation, advisories, alerts, and vulnerabilities pertaining to Lake County’s security and privacy.
- Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
- Manage regulatory and FOIA requests.
- Lead IT strategy planning activities, bringing a current knowledge and future vision of security best practices.
- Create, communicate, and implement a process for vendor risk management.
- Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.
- Work cross-departmentally to facilitate IT risk assessment and risk management processes.
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Liaise with the enterprise application, data, and infrastructure teams to ensure alignment between security and enterprise architectures.
- Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to prioritize and address findings.
- Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
- Develop and oversee effective security disaster recovery policies and standards to align with enterprise business continuity goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the security program.
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group of executives, managers, and subject matter experts.
- 8+ years in a technology leadership position with at least 5 years in information security.
- 5+ years of experience leading complex, enterprise-wide security projects.
- 5+ years of experience implementing or administering common information security management frameworks such as ITIL, COBIT or NIST and leading organizations through SOX, HIPAA, PCI or CJIS compliance efforts.
- Bachelor’s degree in technology or closely related discipline desired
- One or more of the following certifications preferred: CISSP, CISM, CISA or similar
Lake County offers a competitive salary and benefit package with performance-based incentive plans. We also offer flexible working hours, and a comprehensive wellness and training program. Visit our Prospective Employee page to get additional information on why you should work for Lake County!
To learn more about the department you will be working for, visit Information Technology. To learn more about other services Lake County provides and to see some of our employees in action visit our website to view videos.
If you need assistance writing your resume we have some tools to help you at our Human Resources website.
Any offer of employment is conditioned on the successful completion of a background screening, drug and alcohol testing and may include a pre-employment medical exam.
Lake County is an Equal Opportunity Employer
Please mention you found this employment opportunity on the CareersInGovernment.com job board.