Chief Information Security Officer
City of Tucson - Information Technology
Full Time Executive-level / Director USD 102K - 178K
City of Tucson
POSITION DUTIES AND QUALIFICATIONS
SUMMARY OF DUTIES:
Designs and directs a citywide information security program and partners with city leadership on risk management to provide the protection and confidentiality of data and other information assets of the city.This job reports to: Chief Information Officer
DUTIES AND RESPONSIBILITIES:*
Position Specific Summary
The Chief Information Security Officer position at the City of Tucson’s Information Technology (IT) Department is responsible for the development and implementation of a comprehensive citywide information security program. This position manages risks, ensures data protection and compliance with legal, external, and public interest obligations.
Work is performed under the supervision of the Director of Information Technology. This position exercises supervision over cybersecurity and compliance personnel.
Duties and Responsibilities
Develops short- and long-term strategies for optimizing the City's Information Security Plan, formulates policies to detect and mitigate threats, and advises the City Manager’s Office on data security for major IT projects. Oversees disaster recovery, business continuity, and the Cybersecurity team's budget and operations, ensuring comprehensive IT engagement and operational effectiveness. Represents the division in meetings with county, state, and advisory bodies on City data security policies and programs.
Collaborates with risk management and leadership to establish and maintain the City's risk register to ensure effective cybersecurity risk management and accountability tracking. Oversees citywide security policies, the Written Information Security Program (WISP), and data governance, while promoting ongoing security and privacy training across all organizational levels. Sets citywide processes for protecting electronic and physical environments and leads cross-departmental efforts to address process violations and compromised data.
Leads security management practices, designs secure architecture, and ensures compliance with policies while monitoring system performance. Collaborates with IT leaders to track anomalies, investigate threats, and address vulnerabilities based on prioritized response plans. Conducts audits, resolves security gaps, and manages contracts for security software and equipment and presents recommendations.
Oversees threat and vulnerability assessments, conducts routine network and system evaluations for abnormal behavior, and prioritizes response plans. Manages penetration testing and investigates unsecured data or systems, ensuring compliance with policies and governance. Restricts access and blocks threats in high-risk areas, working with relevant parties for swift resolution.
Recommends professional development for IT security staff and department data officers, coordinating training and awareness programs. Partners with the Public Information Office to guide the public on cyber hygiene and awareness. Addresses threats from bad actors misrepresenting City identities.
Provides supervision through clear direction, sets performance expectations, and guides the team's efforts toward achieving goals. Conducts performance reviews, offers constructive feedback, and supports employee development. Participates in the hiring process by interviewing candidates and making recommendations for new hires.
Performs all other duties and tasks as assigned.
Working Conditions
Mostly office environment.
* All duties, responsibilities listed are subject to change.
MINIMUM REQUIRED QUALIFICATIONS:
Education:
Bachelor's degreeWork Experience:
Five (5) years of directly related experienceLicense:
Any combination of relevant education and experience may be substituted on a year-for-year basis.
ADDITIONAL MINIMUM REQUIRED QUALIFICATIONS:
Education:
Bachelor's degreeWork Experience:
-Five (5) years of directly related experienceLicense/Certifications:
Languages:
PREFERRED QUALIFICATIONS:
Seven (7) years in information technology or security management with five (5) years concentrated in information security. At least 4 of required 7 years in Lead or Supervisory capacity in a related functional area.Experience in: information security principles and frameworks (NIST, ISO 27001/2), designing, implementing, and managing security programs, remote access systems (RAS), digital certificates, sniffers, Demilitarized Zones (DMZ)/Transaction Zones, Intrusion Detection/Intrusion Prevention Systems (IDS/IPS), Security Information & Event Management (SIEM), ICS/SCADA, Internet of Things(IOT), cloud security, business continuity planning, auditing, security automation and orchestration tools, Health Insurance Portability and Accountability Act(HIPAA), Criminal Justice Information Systems(CJIS), Payment Card Industry(PCI) and related regulatory compliance requirements, risk management, contract and vendor negotiation, and physical security.
Certification in: Certified Information Security Auditor (CISA), CompTIA+ Security
Active membership in professional information security organizations (ISSA, ISACA etc.).
ADDITIONAL POSITION INFORMATION:
Position Title:
Chief Information Security OfficerTo view the full job profile including classification specifications and physical demands click here.
Department Name:
Information TechnologyDepartment Link:
No WebsiteRecruiter Name:
Liliana Almeraz (99363)Recruiter Email:
ccs_hr@tucsonaz.govFTE%:
100FLSA:
ExemptPosition Type:
Regular COMPENSATION & BENEFITS Full Hourly Range: $51.78 - 89.33 USDThe Full Hourly Range reflects the City of Tucson's pay range at the time of posting. The City of Tucson considers several factors when extending an offer, including but not limited to, the role and associated responsibilities, a candidate's work experience, education/training, key skills, and internal equity.
The City of Tucson offers a generous benefits package for benefit-eligible positions.The comprehensive, flexible, and affordable coverage is designed to optimize health and well-being, security and future, and peace of mind. Benefits begin with medical, dental, vision, life, disability, and FSA coverage, surpassing your standard 401(k) program by offering a rich pension plan plus optional Roth and pretax deferred compensation savings.
With your well-being in mind, our paid time off program provides new hires with 38 paid days off in the first year of employment, with time off increasing steadily in subsequent years. We offer twelve weeks of paid parental leave, paid tuition reimbursement, student loan repayment, off- and on-the-job training, and opportunities to forge connections with peers and the community through employee resource groups and paid volunteer hours.
You can learn more about our benefits at https://www.tucsonaz.gov/Departments/Human-Resources/Employee-Benefit-Snapshot.
POSTING INFORMATION
Posting Close Date:
Applicants must submit their completed application by 01-02-2025 at 11:59 p.m. MSTAPPLICATION INSTRUCTIONS
Please see the special application instructions below and follow the directions for applying to this position.
Special Instructions:
**To apply for this position, you must submit both a resume and a cover letter at the time of application. Applications missing either document will be considered incomplete and will not be considered further. Please note that resumes and cover letters submitted after the application deadline will not be reviewed.As part of your application, the cover letter must address the following questions:
1. During your tenure as a CISO (or equivalent leadership role), what was the most significant challenge you faced during your tenure, and how did you address it to achieve measurable results?
2. Can you share a specific example of an information security strategy you developed and implemented? What steps did you take to identify and prioritize risks, and how did you measure the effectiveness of the strategy over time?
3. What has been the largest cyber-attack you’ve dealt with in your career? What immediate actions did you take, and how did the experience influence your approach to cybersecurity strategy moving forward?
Physical and lifting abilities/requirements are determined by position and are included in the position description.
Background Check: This position has been designated to require a criminal background check.
CITY OF TUCSON IS AN EQUAL OPPORTUNITY/AFFIRMATIVE ACTION EMPLOYER and does not discriminate based on race, color, religion, sex (including sexual orientation, gender identity, and pregnancy), national origin, veteran status, age, disability, genetic testing, or any other protected status. If you believe you have been a victim of discrimination, you may file a complaint with the City of Tucson's Office of Equal Opportunity Programs, U.S. Equal Employment Opportunity Commission (EEOC) or Arizona Attorney General's Office of the Civil Rights Division (ACRD). Click for more information from ACRD about employment discrimination and how to file a complaint with ACRD
The City of Tucson employs only U.S. citizens and lawfully authorized non-U.S. citizens. All new employees must show employment eligibility verification as required by the U.S. Citizenship and Immigration Services.
The City of Tucson is committed to providing access and reasonable accommodation for individuals with disabilities or who require religious accommodation; please contact Human Resources at EmployeeLeaves@tucsonaz.gov or 520-791-2619.
City of Tucson is an Equal Opportunity/Affirmative Action/Veterans/Disability Employer.
Questions? If you need assistance applying for any position, please contact recruitment@tucsonaz.gov or 520-791-4241.
ccs_hr@tucsonaz.govTags: Audits Automation CISA CISO Cloud Compliance CompTIA Governance HIPAA ICS IDS Internet of Things Intrusion detection Intrusion prevention IoT IPS ISACA ISO 27001 Monitoring NIST Pentesting Privacy Risk management SCADA Security strategy SIEM Strategy Vulnerabilities
Perks/benefits: Career development Equity / stock options Flex hours Flex vacation Health care Insurance Medical leave Parental leave
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.