Information Services Deputy Director - Chief Information Security Officer (Unclassified)

Full Job Description

This vacancy is with the Information Services department. The eligibility list created by this vacancy may be used to hire other vacancies in the department or County.

The IS Deputy Director and Chief Information Security Officer (CISO) provides strategic leadership and oversight for Ramsey County’s Infrastructure Services and Security Services divisions.

This dual-function role is responsible for advancing a comprehensive, county-wide information security program while ensuring the reliability, modernization, and resilience of foundational IT infrastructure.

As a member of the IS Senior Leadership team, the Deputy Director/CISO leads and develops managers and supervisors, partners with County departments to deliver secure and dependable services and identifies and manages information security risks in alignment with regulatory requirements and executive risk tolerance.

Reporting directly to the Chief Information Officer, this role also represents Information Services in the CIO’s absence, supporting both day-to-day operations and long-term strategic decision-making.

To manage the development and implementation of a county-wide information security program to ensure that information assets are adequately protected; to identify, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements; to work with executive management to determine acceptable levels of risk for the county; to work proactively with departments to implement practices that meet defined policies and standards for information security; to work with leadership and teams to improve processes and technology to ensure foundational services are delivered; and to perform related duties as assigned.

This role will also contribute to achieving the overall county information technology (IT) vision as a part of the IS Senior Leadership team.

This position reports to the Chief Information Officer, and in their absence, the CISO may represent the county in all matters related to Information Services functions, including the day-to-day operations of the department.

To view or print a copy of the complete Ramsey County job (class) description for this position, go to: Job Descriptions.

Once at this page, you can browse the alphabetical list or search for a job description.

Flexible Workplace:This position is identified under the designation of ‘flex work eligible’, meaning that the employee can formally opt to be in-office full-time or work a flex schedule in which at least two-days per week are performed in office and other days can be performed in a remote-first environment.

Regardless of selection, the position carries expectations regarding on-site responsibilities and will require schedule flexibility beyond the minimum expectations set forth in the county’s flexible workplace policy.

To view Ramsey County’s Flexible Workplace policy, go to: Flexible Workplace Policy

Requirements

1. Promote a diverse, culturally competent and respectful workplace.
2. Provide information security leadership and direction through the continued development, implementation, and maintenance of the enterprise information security program.
3. As part of the IS management team, assist the Chief Information Officer in developing information technology strategic plans to support the vision, mission, goals and values of the county.
4. Lead and engage in the planning, development and implementation of the strategy and vision for all technology services and functions.
5. Advocate for and protect the enterprise information assets by serving as the key information security advisor to the organization and act as the official information security representative to internal customers, external partners, audit and regulatory organizations.
6. Build a comprehensive enterprise security strategy which includes implementing, directing, and overseeing the governance, assessment, consulting, monitoring and reporting functions.
7.  Partner with Office of Compliance to develop, implement, update and enforce county-wide information security policy, procedures, guidelines, and standards to ensure county-wide compliance with federal and Minnesota statutory and regulatory requirements for information security including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), Criminal Justice Information Services (CJIS) requirements and other applicable requirements.
8. Consult with management on information security matters, such as the effect of state and federal laws, industry related regulations, and industry best practices on security related initiatives, projects, business operations, and department specific policy.
9. Monitor information security trends internal and external to Ramsey County, understand potential threats, vulnerabilities and control techniques and provide consultation to executive management and departments about information security issues and risks affecting the organization and advise them on the appropriate actions to be taken.
10. Maintain relationships with local, state and federal law enforcement and other related government agencies. 
11. Establish and maintain effective relationships and work collaboratively across departments to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, initiate business practice changes and establish roles and responsibilities to ensure data is protected.
12. Ensure the security of the remote and mobile computing environment.
13. Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.
14. Manage security incidents and events to protect IT assets and data. Act as a central point of contact for all data security compromising incidents, develop incident handling procedures, and report incidents as required by law.
15. Manage the security team including hiring staff, mentoring, coaching, providing professional development opportunities, establishing performance standards, completing evaluations, and recognizing and addressing performance problems.
16. Create and facilitate the information security risk assessment process, including reporting to executive management and oversight of remediation efforts to address findings.
17. Create and manage a county-wide information security and risk management awareness training program.

Develop and manage effective recovery plans that ensure data privacy and information integrity in response to business need and compliance requirements in the event of a disaster.

Provide leadership with updates of the development, documentation and maintenance of the county-wide disaster recovery plans.

18. Monitor and report on county information, security activities and compliance.
19. Own the end-to-end lifecycle, strategy, performance, and continual improvement of one or more assigned IT services to ensure they meet business needs, defined Service Level Agreements (SLAs) and customer expectations. 
20. In the absence of the Chief Information Officer, may assume the duties and responsibilities of the CIO, managing and providing general oversight of the IS organization.

(The work assigned to a position in this classification may not include all possible tasks in this description and does not limit the assignment of any additional tasks in this classification. Regular attendance according to the position’s management approved work schedule is required.)

ESSENTIAL FUNCTIONS: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21.

Qualifications

Education: Bachelor’s Degree in management information systems, computer science or a related field.

Experience: Five years of progressively responsible information technology experience in the areas of security and risk management, including at least two years in a leadership role.

Substitution: Equivalent combination of education and related experience.

Additional Information