IS Chief Information Security Officer (Unclassified)
Full-Time IS Chief Information Security Officer (Unclassified) at Ramsey County
Available Openings: 1
Posted Date: November 10, 2023
Industry: Government, Technology
Pay Type: Salary
Compensation: $111,604.79 - $165,979.80 Annually
Education Level: Bachelor's Degree
E-Verify: Yes
To Apply

Ramsey County is seeking a Chief Information Security Officer who will have responsibility for overseeing the county’s Cybersecurity Program. This position reports directly to the Chief Information Officer (CIO) and uses industry best practices to oversee the implementation of all security policies as directed by the CIO, and enforces the county’s enterprise cybersecurity through policy, architecture, technical and functional administration, and training. The Chief Information Security Officer will also lead in selecting, configuring, communicating, and implementing cybersecurity solutions and security controls to identify and reduce IT risk.  This is an excellent opportunity for a proactive security manager looking to expand their role to the executive leadership level.

To manage the development and implementation of a county-wide information security program to ensure that information assets are adequately protected; to identify, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements; to work with executive management to determine acceptable levels of risk for the county; to work proactively with departments to implement practices that meet defined policies and standards for information security; to work with leadership and teams to improve processes and technology to ensure foundational services are delivered; and to perform related duties as assigned. This role will also contribute to achieving the overall county information technology (IT) vision as a part of the IS Senior Leadership team. This position reports to the Chief Information Officer, and in their absence, the CISO may represent the county in all matters related to Information Services functions, including the day-to-day operations of the department.

Flexible Workplace
This position is identified under the designation of ‘flex work eligible’, meaning that the employee can formally opt to be in-office full-time or work a flex schedule in which at least two-days per week are performed in office and other days can be performed in a remote-first environment. Regardless of selection, the position carries expectations regarding on-site responsibilities and will require schedule flexibility beyond the minimum expectations set forth in the county’s flexible workplace policy. To view Ramsey County’s Flexible Workplace policy, go to: Flexible Workplace policy (Download PDF reader).

This position will remain open for application until filled.  Applicants should respond promptly as initial screening of resumes and letters of interest will occur tentatively during the week of Monday, November 27th, 2023.  

If an internal candidate is selected, salary will be set in accordance with the personnel rules (i.e., promotion, transfer, or voluntary reduction).

To view or print a copy of the complete Ramsey County job (class) description for this position, go to: Job Descriptions. Once at this page, you can browse the alphabetical list or search for a job description.

Responsibilities

Examples of Work Performed

  1. Promote a diverse, culturally competent and respectful workplace.
  2. Provide information security leadership and direction through the continued development, implementation, and maintenance of the enterprise information security program.
  3. As part of the IS management team, assist the Chief Information Officer in developing information technology strategic plans to support the vision, mission, goals and values of the county.
  4. Lead and engage in the planning, development and implementation of the strategy and vision for all technology services and functions.
  5. Advocate for and protect the enterprise information assets  by serving as the key information security advisor to the organization and act as the official information security representative to internal customers, external partners, audit and regulatory organizations.
  6. Build a comprehensive enterprise security strategy which includes implementing, directing, and overseeing the governance, assessment, consulting, monitoring and reporting functions.
  7. Partner with Office of Compliance to develop, implement, update and enforce county-wide information security policy, procedures, guidelines, and standards to ensure county-wide compliance with federal and Minnesota statutory and regulatory requirements for information security including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), Criminal Justice Information Services (CJIS) requirements and other applicable requirements.
  8. Consult with management on information security matters, such as the effect of state and federal laws, industry related regulations, and industry best practices on security related initiatives, projects, business operations, and department specific policy.
  9. Monitor information security trends internal and external to Ramsey County, understand potential threats, vulnerabilities and control techniques and provide consultation to executive management and departments about information security issues and risks affecting the organization and advise them on the appropriate actions to be taken.
  10. Maintain relationships with local, state and federal law enforcement and other related government agencies. 
  11. Establish and maintain effective relationships and work collaboratively across departments to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, initiate business practice changes and establish roles and responsibilities to ensure data is protected.
  12. Ensure the security of the remote and mobile computing environment.
  13. Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.
  14. Manage security incidents and events to protect IT assets and data. Act as a central point of contact for all data security compromising incidents, develop incident handling procedures, and report incidents as required by law.
  15. Manage the security team,  including hiring staff, mentoring, coaching, providing professional development opportunities, establishing performance standards, completing evaluations, recognizing and addressing performance problems. 
  16. Create and facilitate the information security risk assessment process, including reporting to executive management and oversight of remediation efforts to address findings.
  17. Create and manage a county-wide information security and risk management awareness training program.
  18. Develop and manage effective recovery plans that ensure data privacy and information integrity in response to business need and compliance requirements in the event of a disaster. Provide leadership with updates of the development, documentation and maintenance of the county-wide disaster recovery plans.
  19. Monitor and report on county information, security activities and compliance.
  20. In the absence of the Chief Information Officer, may assume the duties and responsibilities of the CIO, managing and providing general oversight of the IS organization.

(The work assigned to a position in this classification may not include all possible tasks in this description and does not limit the assignment of any additional tasks in this classification. Regular attendance according to the position’s management approved work schedule is required.)
 
ESSENTIAL FUNCTIONS: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20.

Qualifications

Minimum Qualifications

Education: Bachelor’s Degree in management information systems, computer science or a related field.
 
Experience: Five years of progressively responsible information technology experience in the areas of security and risk management, including at least two years in a leadership role.
 
Substitution: Any combination of education, training and experience that equates to nine years in the areas listed above.
 
Certifications/Licensure: None.
 
Preferred Experience: Professional certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified information System Auditor (CISA) or other information security credentials.
 
Exam/Screening Process Information

This position will remain open for application until filled.  Applicants should respond promptly as initial screening of resumes and letters of interest will occur tentatively during the week of Monday, November 27th, 2023.  
 
This is an unclassified, at-will position, holding a confidential relation to the department head or elected official. This position requires an open screening and selection process. There is no exam for this unclassified, at-will, position.  All applicants who meet the minimum qualifications will be forwarded to the department for consideration. Please read below for further instructions.
 
Definition of Unclassified from the Ramsey County Personnel Act:
Subdivision 1. General. "The appointing authority may discharge employees in the unclassified service with or without cause. Employees in the unclassified service have no right to a grievance appeal from discharge or other disciplinary action under sections 383A.281 to 383A.301. An employee in an unclassified position shall not have tenure but shall be entitled to all benefits associated with tenure such as vacation leave, sick leave, health insurance, and other benefits as determined by the county board."

Interested candidates may apply by completing the online application and submitting a letter of interest and resume. Your letter of interest should include a brief (one page) narrative describing your interest in this position, understanding of the duties, and why you feel you are a suitable candidate for the position.
 
The letter of interest, resume and the application may be sent electronically by attaching the materials to the online posting.  If you have difficulty uploading your materials, you may contact Jolie Vu at gaohleechi.vu@co.ramsey.mn.us for assistance.
 
To print a paper application for this posting click Paper Application (Download PDF reader).
 
Criminal Background Checks: All employment offers are conditioned upon the applicant passing a criminal background check. Convictions are not an automatic bar to employment. Each case is considered on its individual merits and the type of work sought. However, making false statements or withholding information will cause you to be barred from employment, or removed from employment.
 
E-Verify Participation: Ramsey County participates in the federal E-Verify program. This means that Ramsey County will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization.  If the Government cannot confirm that you are authorized to work, Ramsey County is required to give you written instructions and an opportunity to contact DHS and/or the SSA before taking adverse action against you, including terminating your employment.  Employers may not use E-Verify to pre-screen job applicants and may not limit or influence the choice of documents you present for use on the Form I-9.
 
Equal Opportunity Employer: Ramsey County provides equal access to employment, programs and services without regard to race, color, creed, religion, age, sex (except when sex is a Bona Fide Occupational Qualification), disability, marital status, sexual orientation or gender identity, public assistance or national origin.

For further information regarding this posting, please contact gaohleechi.vu@co.ramsey.mn.us.

Ramsey County

Contact: Gaohleechi Vu
Phone 651-266-2700
Email Gaohleechi.Vu@co.ramsey.mn.us
121 7th Place East
Saint Paul, MN 55101
US
Transit: On bus line, On the Green Line