Information Security Officer

To be considered for this position you will need to submit all of the followingApplication including work experience listedSupplemental ApplicationResumeUnder administrative direction, plan, organize, control and direct the District's cybersecurity and data privacy programs and operations; assure information assets, applications, systems, infrastructure, and processes are protected in the digital ecosystem in which the District operates and cybersecurity measures comply with statutory and regulatory requirements regarding information confidentiality, integrity, and availability; perform related duties as assigned.The classification specification does not describe all duties performed by all incumbents within the class. This summary provides examples of typical tasks performed in this classification.Plan, organize, control and direct the District's cybersecurity and data privacy programs and operations; assure compliance with applicable laws, codes, rules, and regulations. EFacilitate an information security governance structure in alignment with existing District technology governance programs, including the formation of an information security steering committee or advisory board. EDevelop, socialize and coordinate approval and implementation of cybersecurity policies. EProvide regular reporting on the status of the information cybersecurity program to the Chief Technology Officer, Superintendent of Schools, and the Board of Education in support of student outcomes. EWork with procurement and legal representatives to assure information security and privacy requirements are included in contracts and third-party data sharing is compliant with applicable laws and regulations. EEstablish an information security awareness training program for employees, contractors, and other approved system users; establish metrics to measure the effectiveness of security training programs for the different audiences. EContinually assess the District's cybersecurity maturity model and cyber risk posture and develop continuous improvement plans. EDevelop an information security vision and strategy aligned to organizational priorities and enable and facilitate the District's business objectives; assure senior stakeholder buy-in and mandate. EDirect the information security function across the District to assure consistent and high-quality information security management in support of the business goals. EDirect the work of staff and contractors, including the work of project teams engaged in designing, configuring, implementing, and monitoring the District's cybersecurity controls systems. EDesign the District's cybersecurity controls systems in accordance with applicable frameworks such as National Institute of Standards and Technology (NIST) 800-53, Center for Internet Security (CIS) and Internal Standardization Organization (ISO) 27001. EOversee the development and implementation of cybersecurity controls to assure the confidentiality, integrity, and availability of confidential data that is stored and retrieved online including student data, employee data, health information, and payment information. ESupervise and evaluate the performance of assigned staff; interview and select employees and recommend transfers, reassignment, termination, and disciplinary actions. ETest, evaluate and recommend new and emerging technologies for consideration and adoption into District technology systems; direct the implementation of innovative technologies and procedures for technology systems. EConduct cybersecurity reviews of new and existing information systems, data products, and instructional applications; recommend fitness for use and/or develop risk acceptance criteria. EProvides clear risk mitigating directives for information systems owners, including the application of controls. EOversee and review system specifications, bids, and Requests for Proposals to assure technical requirements and standards are met; make presentations and provide recommendations to the Chief Technology Officer regarding the purchase of cybersecurity services and tools. ECommunicate with business leaders, legal, auditors, contractors, technology service providers, staff and other outside organizations to coordinate program activities, conduct investigations, incident response, resolve issues and exchange information. EDevelop and prepare preliminary budgets for assigned functions; analyze and review budgetary and financial data; authorize and control expenditures in accordance with established limitations. EPrepare or direct the preparation and maintenance of a variety of records and files and prepare reports related to assigned activities; prepare data for a variety of reports. EParticipate in and attend a variety of meetings, workshops, conferences, and training to maintain current knowledge of emerging cybersecurity trends; make presentations regarding cybersecurity program objectives, plans, and achievements. EOperate a variety of office equipment including a computer and assigned software; drive a vehicle to conduct work and visit sites. EPerform related duties as assigned.Note: At the end of some of the duty statements there is an italicized "E". This is strictly for use in compliance with the Americans with Disabilities Act.Knowledge ofInformation security principles, practices, and procedures.NIST and CIS cyber security controls frameworks.California Privacy Rights Act (CPRA), Family Educational Right and Privacy Acts (FERPA), Health Insurance Portability and Accountability Act (HIPAA), Children's Internet Protection Act (CIPA), Payment Card Industry Data Security Standards (PCI-DSS), and other relevant privacy and information security laws and regulations.Cybersecurity risk assessment techniques.Cybersecurity software and tools including next generation firewall (NGFW), web application firewall (WAF), security incident and event management (SIEM), endpoint detection and response (EDR), data loss prevention (DLP), and virtual private network (VPN).Identity management and user access controls, including authentication, authorization, and encryption technologies.Vulnerability management.Digital forensics techniques for investigating cybersecurity incidents.Contract and vendor management.Principles of administration, employee supervision, and training.General principles and practices of government purchasing and contract administration.Strategic planning and project management techniques.Records management and e-discovery techniques.Report preparation techniques.Oral and written communication skills.Interpersonal skills using empathy, self-awareness, and positivity.Ability toPlan, organize, control and direct the District's cybersecurity and data privacy programs and operations.Prepare and present oral and written reports and recommendations clearly, concisely and logically to a variety of audiences.Maintain current knowledge of industry trends and technological advances in the field.Prepare detailed project plans and documentation.Analyze and interpret data.Analytically and logically evaluate information, propositions, and claims.Make decisions and choose optimal courses of action in a timely fashion.Understand, interpret, and assure compliance with applicable laws and regulations.Respond positively to change and modify behaviors as situations require.Focus on details of work content, processes, and products.Conduct work with integrity and ethics.Develop and maintain trust through honesty and personal accountability.Design and manage processes and procedures that can be executed by and through others.Work collaboratively with others to achieve shared goals.Engage effectively in dialogue with a variety of stakeholders.Communicate effectively both orally and in writing.Establish and maintain cooperative and effective working relationships with others.Maintain composure to identify and resolve conflicts.Train, supervise and evaluate assigned personnel.Education and TrainingBachelor's degree in cybersecurity, computer science, engineering, information systems management, software engineering or a related field. A Master's degree is preferred.Valid Certified Information Systems Security Professional (CISSP) certification.ExperienceFive years of cybersecurity management-level experience in a large user environment, including two years of experience providing cybersecurity services in a regulated industry with one or more of the following information security compliance objectives (FERPA, HIPAA, PCI-DSS, CJIS, CPPA).Experience In a Public K-12 Educational Environment Is Preferred.Two years of additional experience may be substituted for two years of the required education.Required SkillsAny other combination of education, training and experience, which demonstrates that the applicant is likely to possess the required skills, knowledge or abilities, may be considered.The following certifications are desirable:Certified Information Security Manager (CISM).GIAC Information Security Officer (GISO)GIAC Security Leadership Certification (GSLC)Positions in this class require the use of a personal automobile and possession of a valid California class C driver's license.If you have questions regarding your applications or the recruitment process you may contact: perscom@lbschools.net or 562-435-5708.Nondiscrimination Statement: The Long Beach Unified School District prohibits unlawful discrimination, harassment (including sexual harassment), intimidation, or bullying, targeted at any student or employee by anyone, based on the student or employees actual or perceived race, color, ancestry, nationality, national origin, immigration status, ethnic group identification, ethnicity, age, religion, marital status, pregnancy and related conditions, parental status, physical or mental disability, medical condition, sex, sexual orientation, gender, gender identity, gender expression, or genetic information, or association with a person or group with one or more of these actual or perceived characteristics.ÂFor questions or complaints, contact Equity Compliance Officer: Steve Rockenbach, Director of Employee Relations,1515 Hughes Way, Long Beach, CA 90815, 562-997-8220, srockenbach@lbschools.net and Title IX Coordinator: Kimberly Dalton, Director of Human Resource Services, 1515 Hughes Way, Long Beach, CA 90815, 562-997-8108, kdalton@lbschools.net and 504 Coordinator: Jenny R. Acosta, Program Administrator, 2221 Argonne Ave, LB 90815, 562-986-6870, JRAcosta@lbschools.net.ÂIf you have questions regarding your applications or the recruitment process you may contact: perscom@lbschools.net or 562-435-5708. ÂSELECTION PROCEDUREThe examination process for this recruitment may be comprised of one or any combination of the following:  screening of the applicant's training, background, and experience; evaluation of responses on a supplemental application; written examination(s); qualifications appraisal oral examination; performance examination; or technical oral examination, scored on a job-related basis.  Only the most highly qualified candidates will be invited to continue in the examination process.  Successful candidates who pass all parts of the examination process will be placed on the eligibility list in order of their relative merit as determined by these competitive examinations.  The eligibility list for this classification will remain in effect for a period of 6 months.