Chief Information Security Officer

Working within OIT and reporting directly to the City’s CIO, the Chief Information Security Officer (CISO) is the top technology security executive for the City of Philadelphia.  The CISO will coordinate security efforts across the City and will identify information technology security initiatives and standards. The CISO establishes and manages City-wide security policies and processes controlling the workflow and integrity of city data, applications, systems and networks.  The position is generally accountable for the management and direction of all city cybersecurity policies and controls.  Essential Functions    Advises CIO and OIT Executive Management Team on cybersecurity issues, policies and practices.    Directs and approves the design of security systems.    Oversees teams of cyber security personnel and vendors who safeguard the City’s assets, intellectual property, information systems and the physical security of Information Technology processing facilities.    Coordinates hiring, training, evaluation and mentoring of security personnel and the development of education/training programs to ensure appropriate awareness of security policies, procedures, and standards.    Identifies protection goals and objectives and prepares metrics and evaluations on performance and efficacy of those goals/objectives consistent with the OIT’s and the City’s strategic plan.    Directs the development and implementation of security policies, standards, guidelines and procedures to ensure ongoing maintenance of security in coordination with OIT’s IT Compliance Office and Chief of Operations.    Along with the CIO, prepares regular briefings on the status of the city’s security issues, programs and objectives for Mayor’s Office and cabinet members and other City elected officials.     Maintains relationships with other localities, state and federal law enforcement and other related government agencies.     Physical security responsibilities will include asset protection, access control to information processing facilities, and more.    Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness and more.    Oversees Incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.    Schedules periodic cyber and data security audits and works with outside consultants as appropriate for independent security audits.    Ensures that disaster recovery and business continuity plans comply with OIT’s security goals and objectives and coordinates with leadership at the City’s Office of Emergency Management and Office of Risk Management on these efforts.    Meets with data processing managers to determine impact of proposed changes in hardware or software.    Reviews, plans, budgets and schedules security upgrades and maintenance of software.    Meets with subordinate supervisors to discuss progress of work, resolve problems, and ensure that standards for quality and quantity of work are met.    Adjusts hours of work, priorities, and staff assignments to ensure efficient operation.    Approves budget and expenditures for the Information Security Group including full time staff and contractors.Competencies, Knowledge, Skills and Abilities    Must be an articulate and persuasive leader who can communicate security-related concepts to a broad range of technical and non-technical staff.    Should have experience with planning, auditing, and risk management, as well as contract and vendor negotiation.    Strong interpersonal and communication skills and the ability to work effectively with a wide range of constituencies in a diverse community.    Skill in organizing resources and establishing priorities.    Strategic planning and advanced leadership skills.    Ability to develop requests for and evaluate proposals in reference to leading-edge information services security technology.    Ability to provide strategic guidance and counsel to clientele in the assessment and development of existing and/or proposed systems.    Ability to foster a cooperative work environment.