POSITION SUMMARY:

The Chief Information Security Officer of the County of Berks is responsible for collaborating with the county CIO and other county leadership in overseeing and managing the cybersecurity strategy, operations, and compliance efforts for the organization. This position plays a critical role in protecting the confidentiality, integrity, and availability of the organization's information assets and systems while ensuring compliance with relevant policies, laws, and regulations. The CISO and his/her staff will develop and execute a comprehensive cybersecurity strategy aligned with the organization's goals and objectives. This position will serve as one of the primary advisors to organizational leadership on cybersecurity matters, providing guidance and recommendations to mitigate risks and address emerging threats. The CISO and his/her staff will strive to ensure adherence to regulatory requirements such as the Criminal Justice Information Services (CJIS) Security Policy, HIPAA, and other applicable federal, state, and local laws.

The CISO will collaborate with leadership to develop, implement, and update cybersecurity policies and procedures. This position will play a key role in developing and maintaining the organization’s Cybersecurity Incident Response Plan, ensuring preparedness to address and recover from security incidents. The CISO will work with stakeholders to create and regularly update the organization’s Continuity of Operations Plan (COOP), ensuring resilience and continuity during disruptions. This position will be responsible to collaborate with the rest of the I.S. department and operational teams to integrate security measures into system design, procurement, and implementation processes. The CISO will evaluate and recommend security technologies, tools, and services to enhance the organization’s cybersecurity posture. The CISO and his/her staff will be responsible for overseeing the deployment, management, and monitoring of security infrastructure, including firewalls, IDS/IPS, EDR solutions, and many other security and technology solutions.

POSITION RESPONSIBILITIES:

Essential Functions

The duties and responsibilities of this position include, but are not necessarily limited to:

• Accountable for the overall performance and efficacy of security projects and programs
• Analyzing security risks.
• Managing compliance efforts for HIPAA, CJIS, PCI, and other sensitive data sets.
• Recommending and implementing security safeguards.
• Monitoring compliance with security laws and regulations.
• Investigating information security and compliance incidents.
• Manage security reporting & executive reporting.
• Oversee end-user security awareness program.
• Manage regular security and compliance tasks.
• Serve as project manager for designated security projects.
• Review security and compliance of equipment configurations.
• Maintain security and compliance documentation.
• Oversee and manage vulnerability management.
• Evaluate purchasing decisions and install new equipment.
• Support the organization's business continuity and disaster recovery planning and response.
• Schedules and conducts tabletop exercises and simulations.
• Works with CIO and IT leadership team on risk management and risk reporting.
• Design and manage the implementation of governance efforts.
• Create and review policies and procedures to align with established standards.
• Manage security audits and assessments and resulting findings.
• Manages and oversees the County’s HIPAA security effort

MINIMUM EDUCATION AND EXPERIENCE:

• Bachelor’s degree in Computer Science, Information Technology, or other related field of study
• Five years of firewall administration experience.
• Five years of experience in information systems architecture and design
• Five years of experience in incident management/incident response
• Eight years of experience in network administration or cybersecurity
• IT Security Certifications required: Certified Information Security Professional (CISSP), Certified Information Security Manager (CISM), or other approved certification.
• Valid state-issued driver’s license required for local travel to County sites.
• Any equivalent combination of experience and training that provides the required knowledge, skills, and abilities.

MINIMUM KNOWLEDGE, SKILLS, AND ABILITIES:

• Expert knowledge of OSI Model’s Layer 2 through Layer 7 network traffic
• Expert knowledge in current cybersecurity best practices and trends
• Ability to work with the coach technical team members to ensure that all solutions are secure.
• Ability to work with external vendors and contractors to evaluate new products and maintain existing products.
• Strong attention to detail and ability to solve problems effectively.
• Expert knowledge of firewall and security configuration
• Expert knowledge of routing and switching infrastructure, configuration, and protocols
• Knowledge of Microsoft server configurations and active directory
• Expertise in project management
• Knowledge of enterprise technology topology, including data center best practices, network design, and SAN implementation.
• Ability to work with information security staff and policies to ensure that all solutions are inherently secure.
• Knowledge of IT best practices and service offerings.
• Ability to work with vendors and contractors regarding new product evaluation and maintenance of existing products.
• Ability to keep accurate records and documentation.
• Ability to analyze complex problems and envision resolutions.
• Ability to communicate effectively both orally and in writing.
• Ability to thrive in a stressful, fast-paced team environment.
• Ability to handle stress.
• Physical presence in the office is required.

PHYSICAL DEMANDS:

Work involves standing, walking, sitting, lifting, carrying, talking, hearing, using hands to handle, feel objects, tools, or controls, and reaching with hands and arms. Vision abilities required by this job include close vision and the ability to adjust focus. The employee must occasionally lift and/or move up to 50 pounds a distance of 15 feet or less.

WORKING ENVIRONMENT:

Normal office environment

This position description serves as a guideline for communicating the essential functions and other information about the position to the applicant/employee. It is not intended to create a binding employment contract nor cover every detail of the position, and may be changed where appropriate.