DEPARTMENTAL INFORMATION SECURITY OFFICER II

Full Job Description

EXAM NUMBER
b2612C
TYPE OF RECRUITMENT
We welcome applications from anyone.

As the nation’s largest public mental health department, Los Angeles Department of Mental Health ensures access to care and treatment for our most vulnerable residents in a region with more than 10 million people.

Make an impact by helping diverse and underserved populations in a variety of settings throughout LA County. We offer phenomenal medical and life insurance, fantastic retirement benefits, along with many additional incentives! Help us build a better future!

Are you ready for a fulfilling career path?

Filing Start Date:

We will be accepting online applications from February 12, 2026, 8:00 a.m. (PT) - Continuous. We will keep accepting applications until the position is filled. The application window may close unexpectedly once we have enough qualified candidates.

THIS ANNOUNCEMENT IS BEING REPOSTED TO REOPEN THE FILING PERIOD AND REMOVE FAIR CHANCE AND COVID-19 LANGUAGE.

OUT-OF-CLASS EXPERIENCE WILL NOT BE ACCEPTED FOR THIS EXAMINATION. REQUIRED EXPERIENCE MUST BE FULLY MET AND INDICATED ON THE APPLICATION.

Salary Information:

This position is subject to the provisions of the Management Appraisal of Performance Plan (MAPP). Initial salary placement and subsequent salary adjustments will be made in accordance with MAPP guidelines and regulations.

Definition:

Under general direction, leads the information security function for a large to very large County department and is responsible for the development and delivery of a comprehensive departmental information security strategy to optimize the department’s security posture.

Classification Standards:

Positions allocable to this class report to a Departmental Chief Information Officer (DCIO) or senior departmental executive and receive programmatic guidance and instruction from the County Chief Information Security Officer (CISO).

The Departmental Information Security Officer II (DISO II) is generally restricted to one per department and is typically allocated to large or very-large departments that have a cybersecurity function of sufficient size and complexity to necessitate a full-time cybersecurity function, based on a qualitative analysis of the department workforce size in conjunction with scope, and complexity of information technology systems security requirements; information technology-related regulatory, contractual and technical environment; architecture; type, sensitivity and complexity of information collected, processed, and stored; and organizational structure and business strategic alignment.

Requirements

• Develops and maintains the departmental Information Security Program including policies, standards, and procedures; cybersecurity control evaluation, selection, and implementation; and architectures, products and services, pursuant to County Chief Information Office architectures, standards and guidelines, and Board polices and applicable laws.
• Works with departmental business units to conduct information security risk assessments, and participates in regular reviews of security standards, governance, data compliance and privacy management, audit, risk assessments, physical and logical access reviews, risk assessments and data destruction solutions.
• Conducts vulnerability assessments to identify existing or potential weaknesses in systems and processes that could lead to compromises; facilitates remediation of identified vulnerabilities within processes, systems and applications and coordinates investigations with the CISO, Countywide Chief Privacy Officer (CPO), CCIRC, Auditor-Controller, and law enforcement agencies as necessary.

Leads and performs routine assessments and periodic inspections of departmental information technology systems to ensure security controls are functioning properly and effectively and recommends appropriate corrective measures to eliminate or mitigate system compromises.

Actively participates in federal, State and local audits and reviews for the department. Coordinates the department's information technology-related aspects of annual or biennial ICCP audits.

• Provides guidance to department management and implements necessary policies, standards or controls to address department-specific regulatory and contractual factors.
• Collaborates with departmental team members to align security posture to facilitate achievement of business objectives.
• Collaborates with application and software developers to ensure production applications will meet established information security policies, standards and business requirements using appropriate processes and application development tools and techniques.

Promotes and coordinates development and distribution of information security and privacy awareness training and education for departmental employees in cooperation with the CISO and CPO.

Promotes Countywide initiatives pertaining to information security and privacy education and awareness programs.

Represents the department on County cybersecurity governance bodies, committees and workgroups and participates and assists in the development, review, and recommendation of Countywide information technology security policies, technical and operational standards, procedures and guidelines.

Identifies and recommends industry standard methodologies for cybersecurity, coordinating communication and collaboration among County departments on countywide and departmental cybersecurity issues.

• Serves as a member of the Countywide Cybersecurity Incident Response Committee (CCIRC). Establishes and leads a Departmental Cybersecurity Emergency Response Team (DCERT) and develops appropriate security incident notification procedures for departmental management, CISO, CPO and CCIRC.
• Participates in Countywide activities for, and directs or conducts departmental reviews, evaluations, and provides recommendations of software products and controls related to cybersecurity.
• Participates with the responsible County entities in the development and implementation of Countywide business continuity and disaster recovery plans to ensure that these incorporate appropriate cybersecurity measures.
• Collaborates with the department's CPO regarding electronic data and physical records, privacy incident and breach response, privacy audits, and other initiatives pertaining to the County’s privacy program components and related policies.
• In collaboration with information technology operations, ensures proper departmental inventories of information technology assets and software licenses.
• Reviews departmental information technology projects and, in conjunction with County Counsel, reviews information technology contract terms to ensure information security sufficiency.
• Participates in the review of information technology facility acquisition, construction, and remodeling projects to ensure conformity to County information security policies, standards, guidelines and industry protocols, as needed.
• Supervises and/or manage and coordinate subordinate security officers, supervisors and technical staff, as needed.
• Serve as a witness or subject-matter expert for the department in legal matters concerning cybersecurity, as needed.

Qualifications

REQUIREMENTS TO QUALIFY:

Option I: A Bachelor’s Degree* in Computer Science, Information Security, Information Assurance, Business Administration or a related field -AND- Five (5) years of progressively responsible** experience in a combination of risk management, information security, and cybersecurity roles -AND- Two (2) years of experience in Information Technology Project Management.

Option II: Three (3) years of experience administering an Information Technology security program at the level of Departmental Information Security Officer I***.

License:

A valid California Class C Driver License or the ability to use an alternative method of transportation when needed to carry out job-related essential functions.

Physical Class II:

Light: This class includes administrative and clerical positions requiring light physical effort that may include occasional light lifting to a 10-pound limit and some bending, stooping, or squatting. Considerable ambulation may be involved.

Special Requirement Information:

Transcript:

*In order to receive credit for any college or university course, or any type of college or university degree, or any certificates, such as Bachelor's or higher.

It is necessary to include a legible copy of the official diploma, or official transcripts from the accredited institution which shows the area of specialization with your application at the time of filing or within 7 calendar days of filing.

Accredited institutions are those listed in the publications of regional, national, or international accrediting agencies which are accepted by the Department of Human Resources (DHR).

These agencies must be recognized by the United States Department of Education (USDE) and/or the Council for Higher Education Accreditation (CHEA).

Publications such as American Universities and Colleges and the International Handbook of Universities are also acceptable references.

We also accept degrees conferred by institutions that have been evaluated by an academic credential evaluation agency recognized by the National Association of Credential Evaluation Services (NACES) or the Association of International Credential Evaluators, Inc.

(AICE) and that have been deemed by the evaluating agency to be the equivalent of a degree from an accredited United States institution.

Official Transcript is defined as a transcript that bears the college seal and states "official and/or copy" issued by the school's Registrar Office.

A printout of the transcript from the school's website is NOT considered official and; therefore, will NOT be accepted and may result in the application being incomplete or rejected.

**Progressively responsible experience is work experience that clearly shows an upward progression in the level of duties and responsibilities from one job to the next.

***At the level of Departmental Information Security Officer I in the County of Los Angeles is defined as: Under general direction, leads the information security function for a medium to large County department or a large Health Care Organization consisting of 5,000 employees or more, and is responsible for the development and delivery of a comprehensive departmental information security strategy to optimize the department’s security posture.

A medium to large sized Department is defined as a Los Angeles County Department consisting of 4000 or more employees.

Note: Applicants may still qualify even if your job title isn’t exactly the same as the ones listed.

What matters is that your experience is at a similar level — meaning your job involves similar responsibilities, requires comparable skills and knowledge, and takes place within a similar organizational structure.

Please provide a clear explanation of your experience to demonstrate that it is at the appropriate level.

Desirable Qualifications:

Industry Certifications: e.g., Certified Information Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk & Information Systems Control (CRISC)

Experience working with HIPAA Security rule and Meaningful Use 2 security requirements.

Experience composing and delivering technical presentations to leadership, which convey and explain technical issues and procedures.

Experience managing multiple tasks and complex IT projects, changing priorities, meetings and constrained deadlines through subordinates, supervisors and/or staff to achieve department operational objectives.

Experience developing IT policies, standards, procedures, and business planning processes.

Experience writing, reviewing, and developing Requests for Proposals, Requests for Quotations and Requests for Information.

Experience reviewing, monitoring, and negotiating contracts for capital equipment, software and/or IT services. Experience directing technology assessments, audits, and investigations and writing accompanying reports.

Additional Information

EXAMINATION CONTENT

An evaluation of education, training, and experience based upon application, desirable qualifications, and supplemental questionnaire information weighted 100%. Additional credit will be given for desirable qualifications.

Candidates must achieve a passing score of 70% or higher in order to be placed on the eligible register. Notice of non-acceptance and final results will be sent via email.

Eligibility Information

The names of candidates receiving a passing grade in the examination will be placed on the eligible register in the order of their score group for a period of twelve (12) months following the date of promulgation.

Applications will be processed on an as-received basis and promulgated to the eligible register accordingly. Retake: No person may compete for this examination more than once in a twelve (12) month period.

Special Information

Past and present mental health clients, parents, and family members are encouraged to apply.

Vacancy Information

The eligible register for this examination will be used to fill a vacancy in the Department of Mental Health, Chief Information Office Bureau (CIOB).

Available Shift

Appointees may be required to work any shift, including evenings, nights, weekends or holidays.

Application and Filing Information

Applicants are required to complete and submit an online Los Angeles County Employment Application AND Supplemental Questionnaire in order to be considered for this examination.

Paper applications, resumes, or any unsolicited documents will not be accepted in lieu of completing the online application and Supplemental Questionnaire.

We must receive your application on the last day of filing. Application filing may be suspended at any time without advance notice.

Instructions For Filing Online

We only accept applications filed online. Applications submitted by U.S. mail, fax, or in person are not accepted. Apply online by clicking on the "Apply" green button at the top right of this posting. This website can also be used to get application status updates.

Please fill out the application completely. Provide relevant job experience including employer's name and address, job title, beginning and ending dates, number of hours worked per week, and description of work performed.

We may verify information included in the application at any point during the examination and hiring process, including after an appointment has been made.

Falsification of information could result in refusal of application or rescission of appointment.

Copying verbiage from the Requirements or class specification as your work experience will not be sufficient to demonstrate meeting the requirements.

Doing so may result in an incomplete application and may lead to disqualification.

We will send notifications to the email address provided on the application, so it is important that you provide a valid email address.

If you choose to unsubscribe or opt out from receiving our emails, it is possible to view notices by logging into governmentjobs.com and checking the profile inbox.

It is every applicant's responsibility to take steps to view correspondence, and we will not consider claims of missing notices to be a valid reason for re-scheduling an exam part.

Register the below domains as approved senders to prevent email notifications from being filtered as spam/junk mail.

New email addresses need to be verified. This only needs to be done once per email address and can be done at any time by logging in to govermentjobs.com and following the prompts. This is to enhance the security of the online application and to prevent incorrectly entered email addresses.

Federal law requires that all employed persons have a Social Security Number, so include yours when applying.

For those who do not have access to a computer or the internet, we provide access to complete an application at public libraries throughout the county.

All applicants must file their application online using their own user ID and password. Using a family member's or friend's login information may erase a candidate's original application record.

For the time being, all notifications, including results letters and notices of non-acceptance, will be sent electronically to the email address provided on the application.

It is important that you provide a valid email address.

Please add hsacks@dmh.lacounty.gov as well as noreply@governmentjobs.com and info@governmentjob.com to your email address and list of approved senders to prevent email notification from being filtered as span/junk/clutter mail.

Applicants have the ability to opt out of emails from LA County. If you unsubscribe, you will not receive any email notification for any examination for which you apply with Los Angeles County.

Regardless of whether you choose to unsubscribe, you can always check for notifications by logging into governmentjobs.com and viewing your profile inbox, which saves a copy of all emailed notices.

Anti-Racism, Diversity, and Inclusion (ARDI):

The County of Los Angeles recognizes and affirms that all people are created equal and are entitled to all rights afforded by the Constitution of the United States.

We are committed to promoting Anti-Racism, Diversity, and Inclusion efforts to address the inequalities and disparities amongst race.

We support the ARDI Strategic Plan and its goals by improving equality, diversity, and inclusion in recruitment, selection, and employment practices.

Department Contact
Department Contact Name: Lola Sacks, Exam Analyst
Department Contact Phone: (323) 705-4072 or (213) 972-7034
Department Contact Email: exams@dmh.lacounty.gov

ADA Coordinator Phone (323) 705-4072
Teletype Phone 800-735-2922
California Relay Services Phone 800-735-2922