Information Security Officer

To be considered for this position you will need to submit all of the following:
Application including work experience listed
Supplemental Application
Resume

• Plan organize control and direct the Districts cybersecurity and data privacy programs and operations; assure compliance with applicable laws codes rules and regulations.E
• Facilitate an information security governance structure in alignment with existing District technology governance programs including the formation of an information security steering committee or advisory board.E
• Develop socialize and coordinate approval and implementation of cybersecurity policies.E
• Provide regular reporting on the status of the information cybersecurity program to the Chief Technology Officer Superintendent of Schools and the Board of Education in support of student outcomes.E
• Work with procurement and legal representatives to assure information security and privacy requirements are included in contracts and thirdparty data sharing is compliant with applicable laws and regulations.E
• Establishan information security awareness training program for employees contractors and other approved system users; establish metrics to measure the effectiveness of security training programs for the different audiences.E
• Continually assess the Districts cybersecurity maturity model and cyber risk posture and develop continuous improvement plans.E
• Develop an information security vision and strategy aligned to organizational priorities and enable and facilitate the Districts business objectives; assure senior stakeholder buyin and mandate.E
• Direct the information security function across the District to assure consistent and highquality information security management in support of the business goals.E
• Direct the work of staff and contractors including the work of project teams engaged in designing configuring implementing and monitoring the Districts cybersecurity controls systems.E
• Design the Districts cybersecurity controls systems in accordance with applicable frameworks such as National Institute of Standards and Technology (NIST) 80053 Center for Internet Security (CIS) and Internal Standardization Organization (ISO) 27001.E
• Oversee the development and implementation of cybersecurity controls to assure the confidentiality integrity and availability of confidential data that is stored and retrieved online including student data employee data health information and payment information.E
• Supervise and evaluate the performance of assigned staff; interview and select employees and recommend transfers reassignment termination and disciplinary actions.E
• Test evaluate and recommend new and emerging technologies for consideration and adoption into District technology systems; direct the implementation of innovative technologies and procedures for technology systems.E
• Conduct cybersecurity reviews of new and existing information systems data products and instructional applications; recommend fitness for use and/or develop risk acceptance criteria.E
• Provides clear risk mitigating directives for information systems owners including the application of controls.E
• Oversee and review system specifications bids and Requests for Proposals to assure technical requirements and standards are met; make presentations and provide recommendations to the Chief Technology Officer regarding the purchase of cybersecurity services and tools.E
• Communicate with business leaders legal auditors contractors technology service providers staff and other outside organizations to coordinate program activities conduct investigations incident response resolve issues and exchange information.E
• Develop and prepare preliminary budgets for assigned functions; analyze and review budgetary and financial data; authorize and control expenditures in accordance with established limitations.E
• Prepare or direct the preparation and maintenance of a variety of records and files and prepare reports related to assigned activities; prepare data for a variety of reports.E
• Participate in and attend a variety of meetings workshops conferences and training to maintain current knowledge of emerging cybersecurity trends; make presentations regarding cybersecurity program objectives plans and achievements.E
• Operate a variety of office equipment including a computer and assigned software; drive a vehicle to conduct work and visit sites.E
• Perform related duties as assigned.

Knowledge of:
Information security principles practices and procedures.
NIST and CIS cyber security controls frameworks.
California Privacy Rights Act (CPRA) Family Educational Right and Privacy Acts (FERPA) Health Insurance Portability and Accountability Act (HIPAA) Childrens Internet Protection Act (CIPA) Payment Card Industry Data Security Standards (PCIDSS) and other relevant privacy and information security laws and regulations.
Cybersecurity risk assessment techniques.
Cybersecurity software and tools including next generation firewall (NGFW) web application firewall (WAF) security incident and event management (SIEM) endpoint detection and response (EDR) data loss prevention (DLP) and virtual private network (VPN).
Identity management and user access controls including authentication authorization and encryption technologies.
Vulnerability management.
Digital forensics techniques for investigating cybersecurity incidents.
Contract and vendor management.
Principles of administration employee supervision and training.
General principles and practices of government purchasing and contract administration.
Strategic planning and project management techniques.
Records management and ediscovery techniques.
Report preparation techniques.
Oral and written communication skills.
Interpersonal skills using empathy selfawareness and positivity.

Ability to:
Plan organize control and direct the Districts cybersecurity and data privacy programs and operations.
Prepare and present oral and written reports and recommendations clearly concisely and logically to a variety of audiences.
Maintain current knowledge of industry trends and technological advances in the field.
Prepare detailed project plans and documentation.
Analyze and interpret data.
Analytically and logically evaluate information propositions and claims.
Make decisions and choose optimal courses of action in a timely fashion.
Understand interpret and assure compliance with applicable laws and regulations.
Respond positively to change and modify behaviors as situations require.
Focus on details of work content processes and products.
Conduct work with integrity and ethics.
Develop and maintain trust through honesty and personal accountability.
Design and manage processes and procedures that can be executed by and through others.
Work collaboratively with others to achieve shared goals.
Engage effectively in dialogue with a variety of stakeholders.
Communicate effectively both orally and in writing.
Establish and maintain cooperative and effective working relationships with others.
Maintain composure to identify and resolve conflicts.
Train supervise and evaluate assigned personnel.

Education and Training:
Bachelors degree in cybersecurity computer science engineering information systems management software engineering or a related field. A Masters degree is preferred.

Valid Certified Information Systems Security Professional (CISSP) certification.

Experience:
Five years of cybersecurity managementlevel experience in a large user environment including two years of experience providing cybersecurity services in a regulated industry with one or more of the following information security compliance objectives (FERPA HIPAA PCIDSS CJIS CPPA).
Experience in a public K12 educational environment is preferred.

Two years of additional experience may be substituted for two years of the required education.

Any other combination of education training and experience which demonstrates that the applicant is likely to possess the required skills knowledge or abilities may be considered.

The following certifications are desirable:
Certified Information Security Manager (CISM).
GIAC Information Security Officer (GISO)
GIAC Security Leadership Certification (GSLC)

Positions in this class require the use of a personal automobile and possession of a valid California class C drivers license.




If you have questions regarding your applications or the recruitment process you may contact: or.

Nondiscrimination Statement: The Long Beach Unified School District prohibits unlawful discrimination harassment (including sexual harassment) intimidation or bullying targeted at any student or employee by anyone based on the student or employees actual or perceived race color ancestry nationality national origin immigration status ethnic group identification ethnicity age religion marital status pregnancy and related conditions parental status physical or mental disability medical condition sex sexual orientation gender gender identity gender expression or genetic information or association with a person or group with one or more of these actual or perceived characteristics.

For questions or complaints contact Equity Compliance Officer: Steve Rockenbach Director of Employee Relations1515 Hughes Way Long Beach CA and Title IX Coordinator: Kimberly Dalton Director of Human Resource Services 1515 Hughes Way Long Beach CA and 504 Coordinator: Jenny R. Acosta Program Administrator 2221 Argonne Ave LB.

If you have questions regarding your applications or the recruitment process you may contact: or.

SELECTION PROCEDURE:
The examination process for this recruitment may be comprised of one or any combination of the following: screening of the applicants training background and experience; evaluation of responses on a supplemental application; written examination(s); qualifications appraisal oral examination; performance examination; or technical oral examination scored on a jobrelated basis. Only the most highly qualified candidates will be invited to continue in the examination process. Successful candidates who pass all parts of the examination process will be placed on the eligibility list in order of their relative merit as determined by these competitive examinations. The eligibility list for this classification will remain in effect for a period of 6 months.