CHIEF INFORMATION SECURITY OFFICER (IT)

Salary: 56.7288 Hourly: 117996

MINIMUM QUALIFICATIONS

• Ten (10) years progressive professional IT experience
• AND five (5) years professional experience in cybersecurity including leadership responsibilities
• AND five (5) years experience in enterprise risk management, security auditing, and compliance oversight
• AND five (5) years experience supervising or managing IT and/or cybersecurity staff

Equivalent combinations of education and experience may be considered. Experience in public sector or governmental environments preferred.

DESIRED CERTIFICATIONS

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• GIAC certifications
• Other relevant advanced cybersecurity certifications

SPECIAL REQUIREMENTS

• Must be willing to work irregular hours (nights and weekends) in response to cybersecurity incidents.
• Must obtain and maintain certifications as determined by the CIO.
• Will be required to pass background and security clearance checks.

PHYSICAL REQUIREMENTS

• Must be able to perform Essential Job Duties and Functions with or without reasonable accommodations.

JOB SUMMARY The Chief Information Security Officer (CISO) is responsible for establishing leading and continuously improving Genesee Countys enterprise information security and risk management program. This executive leadership role provides strategic direction and governance for cybersecurity, data protection, regulatory compliance, business continuity, and technology risk management across all County departments and offices. The CISO develops and implements a comprehensive county-wide security strategy aligned with business objectives, legal requirements, and industry best practices. The position is appointed by and reports to the Chief Information Officer and works closely with County leadership, elected officials, department heads, and external partners.

ESSENTIAL JOB DUTIES AND FUNCTIONS

Strategic Leadership & Governance

• Develops and executes a comprehensive enterprise cybersecurity strategy and roadmap.
• Establishes a county-wide information security governance framework.
• Advises the CIO, County leadership, and elected officials on cybersecurity risks, threats, and mitigation strategies.
• Provides executive-level reporting on risk posture, security incidents, compliance status, and emerging threats.
• Leads the development of long-term cybersecurity investment and budget planning.

Risk Management & Compliance

• Establishes and maintains a formal enterprise risk management framework for cybersecurity.
• Oversees security audits, risk assessments, and vulnerability management programs.
• Ensures compliance with applicable federal, state, and local regulations and standards.
• Develops, maintains, and enforces information security policies, standards, and procedures.
• Coordinates third-party risk management and vendor security reviews.

Security Architecture & Operations

• Provides executive oversight of county IT architecture, infrastructure security, and data protection strategies.
• Ensures security measures are integrated into system design, development, procurement, and implementation processes.
• Oversees implementation and management of security technologies including firewalls, VPNs, endpoint protection, identity and access management, and data loss prevention.
• Ensures appropriate security controls are embedded in new systems, networks, and data center initiatives.

Incident Response & Resilience

• Leads the Countys cybersecurity incident response program.
• Directs response efforts for security breaches, threats, and cyber incidents.
• Oversees development and testing of disaster recovery and business continuity plans.
• Coordinates with law enforcement, regulatory bodies, insurance carriers, and external cybersecurity partners as needed.

Program & Operational Management

• Ensures the internal IT security framework operates effectively while supporting business needs across departments.
• Evaluates new initiatives and projects for security architecture alignment and risk mitigation.
• Leads security-related change management and stakeholder education initiatives.
• Establishes cybersecurity awareness and training programs for all County employees.
• Develops and tracks key performance indicators (KPIs) and key risk indicators (KRIs) for cybersecurity performance.

Leadership & Supervision

• Builds and leads a high-performing cybersecurity team.
• Fosters a culture of security awareness and accountability across the organization.
• Works collaboratively with department leadership to balance security, usability, and operational efficiency.

Please see the attached job description for more details.