MANAGER OF INFORMATION SECURITY RISK AND COMPLIANCE

Overview

On Site
$129,164 - $154,363
Full Time

Skills

Auditor
budget
firewall
network
contracts
Information Security
external auditing
ad hoc reports
manage staff
configuration management

Job Details

Under the direction of the Chief Information Security Officer (CISO), manages the CISO s Information Technology Governance Risk and Compliance (ITGRC) program and executes it in a manner that is consistent with the County s Information Security Framework. Assists in the preparation and management of the information security office budget, vendor contracts and contractors. Prepares project, status and ad hoc reports which indicate the project s progress, problems and/or solutions. Reviews technology proposals for Information Technology (IT) compliance controls and recommends adjustments to align to the County s Information Security Framework. Oversees the execution of information security risk assessments along with internal and external auditing for Information Security and Compliance (ISO). Manages team members regarding security risk and compliance related projects. Performs other duties as assigned.

This position is Actively Recruited and At-Will.

**This position is grant-funded**

Attention Applicants: Please be advised that the County s job titles are under review and may be subject to change. Changes to job titles listed in postings for County vacancies will not impact the posted salary range.

Minimum Qualifications

  • Graduation from an accredited college or university with a Bachelor s Degree.
  • Five (5) years of full-time work experience managing information security projects or information security architecture.
  • Experience with NIST, PCI, HIPAA or CJIS.
  • Valid drivers license.

Preferred Qualifications

  • Graduation from an accredited college or university with a Bachelor s Degree in Computer Science, Information Technology or Information Systems.
  • Certification as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified Information Security Auditor (CISA).
  • Experience supervising ITGRC employees.

This position is considered a safety-sensitive position. Candidates who are selected to fill safety-sensitive positions must pass a required drug test as part of the pre-employment background check process.

Candidates who are contacted will be required to produce original required documents (e.g., current driver s license, diploma, school transcript, certifications, etc.) listed on the Notice of Job Opportunity within five (5) days of being extended an offer, in writing, by the Bureau Chief of BHR (or designee). Candidates will be notified of how to submit the required document.

Degrees awarded outside of the United States with the exception of those awarded in one of the United States territories and Canada must be credentialed by an approved U.S. credential evaluation service belonging to the National Association of Credential Evaluation Services (NACES) or the Association of International Credential Evaluators (AICE). Original credentialing documents must be presented at time of interview.

KNOWLEDGE, SKILLS, ABILITIES AND OTHER CHARACTERISTICS

  • Knowledge of IT security theory, technologies, policies, best practices and enterprise architectures.
  • Thorough knowledge of or experience with IT control standards and frameworks (e.g. NIST).
  • Strong knowledge of or experience with compliance regulations (e.g. HIPAA).
  • Thorough knowledge of secure network/systems configuration management as well as an understanding of networking concepts/devices.
  • Knowledge of application development methodologies and regulatory laws.
  • Knowledge of existing and firewall architecture, operations and protocols.
  • Ability to work independently and manage multiple complex projects.
  • Ability to manage staff and vendors as related to implementing IT compliance related tasks.
  • Excellent oral and written communication skills including the ability to document requirements, communication plans, project status reports and other relevant project-related issues.
  • Excellent problem-solving skills.
  • Ability to incorporate best practices when implementing security measures to protect data during the development and implementation of architectural designs with emphasis on network and/or applications layers.
  • This position requires moderate to extensive travel to work assignments throughout Cook County.

The duties listed are not set forth for purposes of limiting the assignment of work. They are not to be construed as a complete list of the many duties normally to be performed under a job title or those to be performed temporarily outside an employee's normal line of work.

Benefits Package

  • Medical, Dental, and Vision Coverage
  • Basic Term Life Insurance
  • Pension Plan and Deferred Compensation Program
  • Employee Assistance Program
  • Paid Holidays, Vacation, and Sick Time
  • You May Qualify for the Public Service Loan Forgiveness Program (PSLF)

For further information on our excellent benefits package, please click on the following link:

*Must be legally authorized to work in the United States without sponsorship.

*This position requires successful completion of post-offer tests, which may include a background check, drug screen and medical examination.

Falsification of any information in the application process will result in disqualification, dismissal after hire, and/or placement on the County s Ineligible for Rehire List for a period of two (2) or five (5) years. For current County employees, such falsification may result in discipline, up to and including termination, and placement on the County s Ineligible for Rehire List for a period of two (2) or five (5) years. See Cook County Code of Ordinances, Article II, Sections 44-54 Unlawful Practices Relating to Employees and Employment - Penalty, 44-56 Political Discrimination; Cook County Employment Plan, Section V.N. Pre-Interview License and Certification Verification; Supplemental Policy No. 2014-2.13 Ineligible for Rehire List; and Cook County Personnel Rules 3.3(b) (7) (d)

EEO Statement

Cook County Government is an Equal Employment Opportunity ( EEO ) employer. Cook County prohibits illegal discrimination and harassment and affords equal employment opportunities to employees and applicants without regard to race, color, sex, age, religion, disability, national origin, ancestry, sexual orientation, marital status, parental status, source of income, housing status, military service or discharge status, gender identity, genetic information, or any other protected category established by law, statute or ordinance as further defined in Chapter 44. Human Resources, Article II. Personnel Polices, Section 44-53 of the Cook County Code of Ordinances and Chapter 42. Human Relations, Article II. Human Rights, Section 42-35 of the Cook County Code of Ordinances.