Chief Information Security Officer (Ciso)

The Department of Information Technology in Nassau County delivers robust, accessible, and trusted solutions that empower the County government to anticipate, detect, respond to, and recover from cyber threats.

The Chief Information Security Officer (CISO) is a senior executive in Information Security, responsible for crafting and overseeing policies and initiatives aimed at mitigating compliance, operational, strategic, financial, and reputational security risks associated with safeguarding the County's data, systems, and technology. This role involves spearheading cybersecurity strategies and programs across County departments at an enterprise level. Reporting directly to the Commissioner of Information Technology, the CISO oversees all facets of Security Operations (SOC), IT Security, Governance, Risk & Compliance, and Emerging Technology & Risk Management.

Key responsibilities include:

· Establishing a strategic and comprehensive Information Security program that defines, develops, maintains, and implements policies and processes ensuring consistent, effective Information Security practices. These practices aim to minimize risk and ensure the integrity, confidentiality, and availability of the County's information assets.

· Leading the design and implementation of robust security controls to identify vulnerabilities and fortify digital files and electronic infrastructures.

· Guiding teams in enhancing, maintaining, and updating security technologies (e.g., firewalls) to ensure the secure utilization of computer networks and the secure transmission and retrieval of information.

· Addressing disaster recovery, business continuity, and risk management needs within the County IT Department.

· Vigilantly monitoring and responding to computer security breaches, viruses, intrusions, and conducting forensic investigations as needed.

· Cultivating and maintaining cybersecurity partnerships for intelligence sharing and coordinated responses within the County and across the region.

· Developing and administering current security policies, overseeing their approval, training, and dissemination, managing security and risk awareness, and implementing and monitoring county-wide training and reporting programs.

Required Technology Proficiencies:

· Extensive knowledge of current principles, practices, and procedures involved in developing and implementing an Information Security program.

· Thorough familiarity with common Information Security frameworks like ISO/IEC 27001, ITIL, COBIT, NIST Cybersecurity Framework, as well as regulatory standards such as PCI/DSS, HIPAA, and CJIS.

· Excellent written and verbal communication skills, strong interpersonal and collaborative abilities, and the capacity to convey Information Security and risk-related concepts to both technical and non-technical audiences.

Minimum Qualifications and Education Requirements:

· Graduation from a federally-accredited or New York State-registered college with a Bachelor's Degree in information technology security, computer information systems, computer science, management information systems, or a related field.

Seven (7) years of experience in information technology security

NOTE: A Certified Information Systems Security Professional (CISSP ®) certificate is required within one year.

Preferred Skills:

· 10+ years of experience in cybersecurity.

· Fundamental understanding of cybersecurity technologies in a municipal setting.

· Proficiency in an interpreted programming language (e.g., PHP, Python, Perl, Ruby, etc.).

· Familiarity with attacker tactics, techniques, and procedures.

· Background in malware analysis, intrusion detection, and/or threat intelligence.

· Experience in threat hunting, proactively investigating potential risks and identifying suspicious behavior in networks using threat intel.

· Proficiency in host and memory forensics (including live response) for Windows, OSX, and/or Linux.

· Extensive knowledge across the Security domain with a deep focus on one or more areas such as Logs and events processing, Incident Management, Detection, and/or response tool development.

· Previous experience in a Security Operations Center (SOC) & MITRE Framework.

· Experience in scoping, implementing and analyzing network and host-based SEIM solutions.

Job Types: Full-time, Part-time

Pay: From $145,000.00 per year

Expected hours: 35 per week

Benefits:

• Employee assistance program
• Flexible spending account
• Health insurance
• Paid time off
• Retirement plan
• Vision insurance

Schedule:

• Monday to Friday

Work Location: In person