Find The RightJob.

Information Security Officer - IT Division

Description

Under general direction, the Information Security Officer is responsible for the leadership, oversight, and execution of the Court’s information security, cybersecurity, privacy, and risk management programs. The Information Security Officer establishes and enforces security governance, policies, and controls to protect the confidentiality, integrity, and availability of Court information systems and data. This position provides strategic security leadership, oversees security operations and incident response, ensures regulatory and Judicial Council of California compliance, manages security risk across enterprise and Software-as-a-Service (SaaS) environments, and advises judicial officers and executive leadership on information security matters.

Examples of Duties

Duties may include, but are not limited to the following:

Provides enterprise-wide leadership for cybersecurity, information security, and privacy programs.
Develops, implements, and maintains the Court’s information security governance framework, including policies, standards, procedures, and controls.
Establishes and oversees security programs covering network security, application security, cloud and SaaS security, endpoint protection, identity and access management, and data protection.
Develops and maintains the Court’s short and long-term information security strategy and roadmap, aligned with Court objectives and enterprise architecture.
Conducts and oversees security risk assessments, threat modeling, and vulnerability management across on-premises, cloud, and SaaS environments.
Ensures security requirements and controls are embedded into system design, procurement, and enterprise architecture decisions.
Develops, manages, and monitors the information security budget; oversees procurement and lifecycle management of security tools, services, and SaaS solutions.
Conducts vendor security due diligence, including risk assessments, contract security terms, and compliance reviews; ensures third-party vendors and service providers meet Court security, privacy, and data protection requirements.
Oversees the Court’s security incident response program, including detection, investigation, containment, remediation, and post-incident review.
Ensures compliance with Federal Bureau of Investigations (FBI) Criminal Justice Information Systems (CJIS) Security Policy, Internal Revenue Service (IRS) Publication 1075, Judicial Council of California policies, and applicable state and federal data protection requirements.
Supports internal and external audits, assessments, and compliance reviews; tracks and remediates findings.
Oversees disaster recovery, business continuity, and cyber resilience planning and testing.
Advises judicial officers, executive leadership, and management on security posture, risks, incidents, and mitigation strategies.
Plans, prioritizes, schedules, assigns, and evaluates work of assigned personnel; assists with interviews and selection; trains and motivates staff; monitors and evaluates staff performance.
Coordinates with statewide judicial branch security initiatives, external agencies, and partner courts.
Promotes a culture of security awareness, accountability, and compliance across the Court.

Minimum Qualifications

Education: Bachelor’s Degree from an accredited college or university in Information Technology, Information Security, Computer Science, or a closely related field.

-And-

Experience: Five (5) years full-time experience in information security, information assurance, or a closely related field, including responsibility for security governance, compliance, risk management, or security architecture.

Substitution: Additional relevant full-time information security experience may be substituted for the Bachelor’s Degree on a year-for-year basis.

Certification: Relevant security certifications are highly desirable.

Preferred certifications include: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Chief Information Security Officer (CCISO), Certified in Risk and Information Systems Control (CRISC), International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 Lead Auditor, or Computing Technology Industry Association (CompTIA) Security+.

CJIS training and cloud security certifications, including Amazon Web Security (AWS) Security, Azure Security Engineer, and Google Cloud Security, are also valued.

Knowledge of:

Information security governance, risk management, and compliance frameworks (National Institute of Standards and Technology (NIST) Cybersecurity Framework, NIST 800-53, ISO 27001, Center for Internet Security Critical Security Controls (CIS Controls); federal and state data security standards, particularly FBI CJIS Security Policy, IRS Publication 1075, and Judicial Council of California information security policies; security incident detection, response, and forensic processes; enterprise security architecture, including identity and access management, network security, endpoint protection, encryption, and logging/monitoring; cloud and SaaS security models, shared responsibility frameworks, and third-party risk management; vulnerability management, threat modeling, and risk assessment methodologies; security budget development, procurement processes, and vendor risk management in public sector environment; principles and practices of supervision, training, staff development and performance management; principles and practices of effective team building, team leadership and conflict resolution; design, installation and maintenance of enterprise, distributed systems to courts, state agencies or other hosted court community; networking functions from network hardware and software vendors and products, network security policies, techniques and procedures, network documentation, configuration, maintenance and diagnostic procedures and techniques; internet and intranet architecture; development of long and short-term strategic initiatives for the enterprise organization; principles and practices of technical problem solving; principles, processes and techniques of project management and related software; designing disaster recovery solutions, including planning, implementation and testing; principles, practices and techniques of providing customer service; change management principles and practices.

Ability to:

Plan, organize and supervise the work of information security and information technology staff; provide leadership and direction to a professional and technical group of staff; motivate, train, coach, evaluate and discipline staff; establish, monitor and control projects and schedules to meet goals and objectives; translate complex security risks into business impact for judicial officers, executive leadership and non-technical stakeholders; understand highly complex information technology systems and issues; identify and articulate security problems and recommend documented solutions; establish and maintain effective and cooperative working relationships with judicial officers, executive leadership, court staff, vendors, and external agencies; communicate effectively both orally and in writing; promote and maintain a team environment; understand the Court’s strategic business objectives as they relate to information security.

Other Information

Must be able to pass a criminal history background check.

Possession of a valid California driver’s license or the ability to utilize an alternative method of transportation when needed to carry out job-related essential functions.

Similar jobs

No similar jobs found

Term of use Privacy policy