SENIOR INFORMATION SECURITY MANAGER

Salary :

$126,078.00 - $195,422.00 Annually

Location :

CA, CA

Job Type:

Full-Time

Remote Employment:

Flexible/Hybrid

Job Number:

8041MR-0624-157(AP)

Department:

OCERS

Opening Date:

06/14/2024

Closing Date:

6/20/2024 3:00 PM Pacific

CAREER DESCRIPTION

SENIOR INFORMATION SECURITY MANAGER

Agency Promotional Opportunity - Only current OCERS employees may apply.

This recruitment will be open and advertised from Friday, June 14, 2024, and close at 3:00 PM on Thursday, June 20, 2024.

OCERS offers a competitive benefits package, a defined benefit pension plan which has reciprocity with the Public Employees Retirement System (PERS), and a deferred compensation 457 plan. OCERS offers up to an annual $10,000 Educational and Professional Reimbursement, a $3,500 taxable optional benefit plan, annual leave, and a flexible/hybrid work schedule.

DESCRIPTIONThe Orange County Employees Retirement System (OCERS) invites you to join our growing TEAM! We are now accepting online applications to fill the position of Senior Information Security Manager.

WHO WE AREEstablished in 1945, the Orange County Employees Retirement System (OCERS) provides retirement, death, disability, and cost-of-living benefits to retirees of the County of Orange and certain County districts. Serving approximately 52,000 members, OCERS is governed by a ten-member Board of Retirement that is responsible for managing a $23 billion dollar fund. For more information about OCERS, please click here.

MissionOCERS' mission is to provide secure retirement and disability benefits with the highest standards of excellence.

VisionOCERS' vision is to be a trusted partner providing premier pension administration, distinguished by consistent, quality member experiences and prudent financial stewardship.

Values

Open and TransparentCommitment to Superior ServiceEngaged and Dedicated WorkforceReliable and AccurateSecure and SustainableTHE OPPORTUNITYUnder the direction of the Director of Information Security, the Senior Information Security Manager will perform a variety of duties including the evaluation, implementation, maintenance, and daily management of the agency's information security systems and solutions. Additionally, they will perform duties related to threat detection and prevention, vulnerability management, security education, incident response, security control implementation, and similar related duties as required. This position requires strong analytical skills, strong knowledge of cybersecurity standards and principles, and the ability to interface with all levels of the organization.

ESSENTIAL DUTIES, AND RESPONSIBILITIESInclude but are not limited to the following:Govern

Assist executive management (e.g., Director of Information Security) to ensure the organization's cybersecurity strategy, risk management strategy, policies, and procedures are established, communicated, and monitoredUnderstand OCERS' mission, stakeholder expectations, dependencies, and legal, regulatory, and contractual requirements and how they influence cybersecurity risk management decisionsUnderstand OCERS' priorities, constraints, risk appetite, and assumptions that are used to support cybersecurity risk decisionsAssist with establishing and communicating cybersecurity roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvementAssist with establishing, communicating, and enforcing organizational cybersecurity policies and proceduresAssist with reviewing performance and outcomes from cybersecurity risk management activities to inform, improve, and adjust the risk management strategyAssist with ensuring cyber supply chain risk management processes are identified, established, managed, monitored, and improvedIdentify

Assist executive management (e.g., Director of Information Security) in determining the organization's current cybersecurity risksUnderstand the organization's assets (e.g., data, hardware, software, systems, facilities, services, people), suppliers, and the associated cybersecurity risksAssist executive management in prioritizing its efforts consistent with its cybersecurity risk management strategy and missionIdentify improvement opportunities for the organization's policies, plans, processes, procedures, and practices to support effective cybersecurity risk managementProtect

Implement safeguards to manage cybersecurity risks commensurate with OCERS' risk appetiteSecure assets to prevent or lower the likelihood and impact of adverse cybersecurity eventsAssist with ensuring access to physical and logical assets is limited to authorized users, services, and hardware and managed commensurate with the assessed risk of unauthorized accessAssist with ensuring the organization's personnel are provided with cybersecurity awareness and training so they can effectively perform their cybersecurity-related tasksAssist with ensuring data is managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of informationAssist with ensuring the hardware, software (e.g., firmware, operating systems, applications), and services of physical and virtual platforms are managed consistent with the organization's risk strategy to protect their confidentiality, integrity, and availabilityAssist with ensuring security architectures are managed within the organization's risk strategy to protect asset confidentiality, integrity, and availability, and organizational resilienceDetect

Ensure assets are monitored to find anomalies, indicators of compromise, and other potentially adverse eventsEnsure anomalies, indicators of compromise, and other potentially adverse events are analyzed to characterize the events and detect cybersecurity incidentsRespond

Help to ensure responses to detected cybersecurity incidents are managed appropriatelyAssist with investigations to ensure effective response, supporting forensics, and recovery activitiesAssist with ensuring response activities are coordinated with internal and external stakeholders as required by laws, regulations, or policiesAssist with containment activities to prevent expansion of an event and mitigate its effectsRecover

Execute restoration activities to ensure operational availability of systems and services affected by cybersecurity incidentsEnsure restoration activities are coordinated with internal and external partiesGeneral

Establishes and maintains cohesive working relationships with public officials, vendors, supervisors, executives, technical and non-technical staff, and others encountered in the course of workTakes on additional duties as assigned

MINIMUM QUALIFICATIONS The minimum qualifications required for entry into the classification are as follows:Education and/or Experience Bachelor's degree from an accredited college or university with a major in Computer Science or related field, an MBA or MS is highly desirableANDFive years of increasingly responsible experience in cybersecurity application and infrastructure, technology management including two years of supervisory and project management experienceANDHands on experience with current cybersecurity technologies.Special Notes, Licenses, or Requirements

One (1) or more certifications such as CISSP, CISM, GSE, or equivalentA valid California C driver's license or the ability to arrange necessary and timely transportation for field travelMay be required to use personal vehicleA complete background investigation is required; a felony or misdemeanor conviction may be a disqualifying factor from employmentPlease click for additional details about the Senior Information Security Manager classification.KNOWLEDGE/SKILLS/ABILITIES The following lists the knowledge, skills, and abilities necessary to perform the essential duties of the position. For the full list, please view the job description

Knowledge of

Intrusion detection methodologies and techniques for detecting host and network-based intrusionsControls related to the use, processing, storage, and transmission of dataNetwork security architecture concepts including topology, protocols, components, and principlesNew and emerging information technology (IT) and cybersecurity technologiesCurrent and emerging threats/threat vectorsSkills/Ability to

Advise executive management (e.g., Director of Information Security) on risk levels and security postureEnsure security improvement actions are evaluated, validated, and implemented as requiredEnsure cybersecurity requirements are integrated into the continuity planning for each systemInterpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity programConduct and participate in information security risk assessmentsPHYSICAL, MENTAL, AND ENVIRONMENTAL CONDITIONS The physical and mental demands described here are representative of those that are customarily required to successfully perform the essential functions of this class.Physical and Mental Demands

Speak and hear well enough to communicate in English clearly and understandably in person, over the telephone, and in large or small groupsManual dexterity sufficient to use hands, arms, and shoulders repetitively to operate a telephone, keyboard, write, and use a calculatorMental stamina to interact professionally with members of the Board of Retirement, Employers, staff, and retirement system membersVision sufficient to read fine print and a computer monitorIndependent body mobility, agility, and stamina to stand, walk, stoop, bend, and twist, to access a standard office environmentAbility to sit for prolonged periods of timeBody strength sufficient to lift up to 15 pounds and carry filesEnvironmental Conditions

The primary workplace is in an office environment, working with standard office equipmentPeripheral office equipment generates a quiet to moderate noise levelOperates in an environment that includes elected officials, non-elected officials, government agencies, community interest groups, and the general public in the development and coordination of OCERS affairsOut-of-area travel may be required to attend professional conferences and meetingsBENEFITS OCERS offers a competitive benefits package that includes a choice of several health plans, annual leave, and paid holidays. Additionally, OCERS has a defined benefit pension plan which has reciprocity with the Public Employees Retirement System (PERS) and a deferred compensation 457 plan. OCERS offers up to an annual $10,000 Educational and Professional Reimbursement, a $3,500 taxable optional benefit plan, and a flexible/hybrid work schedule.

For additional information and details about the OCERS pension and benefits offered, please

SELECTION PROCEDURESOCERS' Human Resources Department will screen all application materials to identify qualified candidates.

Applications submitted without a completed supplemental information form will be disqualified from further consideration. After screening all applications, the more qualified candidates will be referred to the next step in the recruitment process and notified via e-mail of all further procedures applicable to their application status.

Applications Appraisal Panel (AAP) | Application Rating (Refer/Non-Refer) Application materials will be rated by a panel of job knowledge experts for those qualifications most needed to perform the duties of the job. The more qualified candidates will be referred to the next step. All notifications regarding this recruitment will be sent via e-mail.

Qualifications Appraisal Panel | Oral Interview Candidates will be interviewed and rated by a panel of job knowledge experts. Each candidate's rating will be based on responses to a series of structured questions designed to elicit the candidate's qualifications for the job.

Based on OCERS' needs and the number of applications received, the selection procedures listed above may be modified, and all affected candidates will be notified.

HOW TO APPLYOnly on-line applications with the

completed supplemental questions

will be accepted.

E-mail is the primary form of notification during the recruitment process. Please ensure your correct e-mail address is on your application and only use one e-mail account.

Your application should highlight all of the areas in which you have developed expertise, matching your professional experience with the specific qualifications listed above.

It is recommended that you record or print your confirmation page, as this verifies receipt of your on-line application.

You may apply on-line at OCERS website:

For specific information pertaining to this recruitment please contact John Nguyen at (714) 569-4855 or email [email protected].

Do not submit resumes to this email address as they will not be considered in lieu of the required application process.

ADDITIONAL INFORMATION

EMAIL NOTIFICATIONEmail is the primary form of notification during the recruitment process. Please ensure your correct email address is included in our application and use only one email account.

NOTE: User accounts are established for one person only and should not be shared with another person. Multiple applications with multiple users may jeopardize your status in the recruitment process for any positions for which you apply.

Candidates will be notified regarding their status as the recruitment proceeds via email through the GovernmentJobs.com site. Please check your email folders, including spam/junk folders, and/or accept emails ending with "governmentjobs.com" and "ocgov.com." If your email address should change, please update your profile at

FREQUENTLY ASKED QUESTIONSClick for additional Frequently Asked Questions.

EEO INFORMATION

EEO INFORMATIONOCERS, as an Equal Employment Opportunity employer, encourages applicants from diverse backgrounds to apply.

Administrative Management *In addition to the County's standard suite of benefits -- such as a variety of health plan options, sick and vacation time and paid holidays -- we also offer an excellent array of benefits such as:

Retirement: Benefits are provided through the Orange County Employees' Retirement System (OCERS). Please go to the following link to find out more about Defined Benefit Pensions and OCERS Plan Types/Benefits.

Paid Leave: Twelve holidays per year plus sick and vacation timeHealth & Dependent Care Reimbursement AccountsDental Insurance: County pays 100% of employee and dependent premiumsPaid Life Insurance: $100,000 life insurance policyPaid Accidental & Death and Dismemberment Insurance: $100,000 AD&D insurance policyPaid Short & Long Term Disability insurance programs457 Defined Contribution Program

*Effective 07/01/20, management employees who are sworn Public Safety Managers receive health insurance benefits through the AOCDS Medical Benefit Plans.

Click for information about benefits offered to County of Orange employees.

01

Thank you for your interest in the Senior Information Security Manager position. You are required to provide full and complete responses to the supplemental questions. Your completed responses to these supplemental questions will be evaluated to determine your qualifications and must be completed properly in order to be given full consideration for the next phase in the selection process. Supplemental questions are designed to help you present your qualifications for this position and will be rated based on the information that you supply. Please provide succinct, concise, descriptive, and detailed information and highlight all of the areas in which you have developed expertise, matching your professional experience with the specific qualifications and abilities for each question. Resumes will not be accepted in lieu of completing the supplemental questions. By selecting yes below, you acknowledge that you have read and understood the requirements of this application.

YesNo

02

Do you possess a Bachelor's degree from an accredited college or university with a major in Computer Science or a related field, and/or do you also hold an MS degree?

YesNo

03

This is an agency promotional opportunity only. Are you a current OCERS employee?

YesNo

04

I certify that all statements made in this Supplemental Questionnaire are true and complete to the best of my knowledge. I understand that any false statement(s) of material facts or omissions may subject me to disqualification.

Required Question
#J-18808-Ljbffr