7140 - Information Security Officer (Must Reside in Sacramento to be Considered)

Job Description: 7140 - Information Security Officer (Must Reside in Sacramento to be Considered)

Position Summary
The Information Security Officer is responsible for developing, managing, and implementing enterprise-wide information security programs. This role ensures organizational systems and data are secure by applying industry best practices, standards, and regulatory requirements. The position provides leadership and direction to information security staff, oversees security operations, and coordinates with stakeholders to identify, assess, and mitigate cyber and physical threats.

Key Responsibilities

• Direct and manage the organization s information security program, including enterprise systems and industrial control networks.
• Develop, implement, and maintain information security policies, standards, and procedures.
• Oversee security incident management, including investigation, response, reporting, and coordination with external partners.
• Lead security assessments, penetration testing, and risk evaluations to identify and remediate vulnerabilities.
• Provide guidance to executives and business units on security standards, best practices, and risk mitigation strategies.
• Monitor emerging threats, regulatory changes, and industry trends to adapt security practices.
• Manage the Incident Response Plan and coordinate with internal and external stakeholders during large-scale incidents.
• Supervise, train, and evaluate information security staff, fostering continuous professional development.
• Oversee security awareness training programs and promote a strong security culture across the organization.
• Participate in procurement and technology evaluation processes to ensure security requirements are met.
• Prepare and manage budgets, reports, and records related to the information security program.

Required Knowledge & Skills

• Principles and practices of information security standards, frameworks, and regulations (e.g., NIST, CIS CSC, HIPAA, PCI, FedRAMP).
• Risk and threat assessment processes, incident response, business continuity, and disaster recovery planning.
• Secure networking, systems administration, and secure programming practices.
• Management and organizational theory, including supervision, training, mentoring, and performance management.
• Strong written and verbal communication skills, able to engage with both technical and non-technical audiences.
• Ability to interpret and apply laws, codes, and regulations related to information security.
• Budget planning, monitoring, and resource allocation.

Minimum Qualifications

• Education: Bachelor s degree or higher in Cyber/Information Security, Computer Science, Information Systems, Computer Engineering, or a closely related field.
• Experience: At least seven (7) years of progressively responsible experience in cybersecurity, including secure networking, systems administration, and management. Must include at least three (3) years of supervisory experience leading information security programs.
• Certification (one or more):
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• CGEIT (Certified in the Governance of Enterprise IT)
• CRISC (Certified in Risk and Information Systems Control)
• Or an equivalent, industry-recognized certification.

Preferred Qualifications

• Experience with industrial control systems (ICS) security.
• Familiarity with government or regulated industry compliance requirements.
• Strong background in managing cross-functional teams and vendor relationships.