Chief Information Security Officer

Salary: $115,000.00 - $170,000.00 Annually
Location : Columbus, OH
Job Type: Full-Time
Remote Employment: Flexible/Hybrid
Job Number: 202557
Department: Information Security
Opening Date: 05/07/2025

Summary
Organization Summary

FCDC provides cost-effective, business-driven, collaborative, and secure IT services and solutions to public service agencies throughout Ohio's most dynamic county. Our goals are simple, but expansive: to be the most trusted enterprise technology service provider for Franklin County and a national leader in digital government services. Every day, the FCDC team empowers local government departments, agencies, teams, and nonprofits to deliver top-notch services to residents and businesses in central Ohio, and we take pride in the work they accomplish with our support.
Job Summary
The Deputy Chief Information Security Officer, reporting to the Chief Information Officer, is responsible for designing, implementing, and overseeing the information security program and framework for Franklin County and the Franklin County Data Network (FCDN). This individual possesses vast experience in information security practices, secure network architecture, information security frameworks, and risk management methodologies. S/He will be responsible for leading security resources utilizing multiple coaching and development techniques. The Chief Information Security Officer will assist the CIO with preserving confidentiality, integrity, availability, and non-repudiation of County information resources through developing, deploying, and embedding information security architecture, policies, and standards. The Chief Information Security Officer must demonstrate practical communication skills and the ability to train others on security policies and practices. S/he must be able to manage staff, contractors, and services, providing technical direction as necessary. This position will play a major role in the ongoing evolution of an Information Security Program.
Employees new to FCDC or promoted into new positions must successfully complete a 180-day probationary period, and all employees must adhere to current Employee Handbook policies.

Essential Duties and Responsibilities
To perform this job successfully, candidates must be able to perform each essential duty and fulfill each responsibility satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The essential duties and responsibilities include:
•  Provide oversight and guidance for complex IT architecture projects with competency to preserve the confidentiality, integrity, availability, and non-repudiation of Franklin County and the FCDN.
•  Responsible for developing, deploying, and embedding information security architecture, policies, and standards as envisioned by the CIO.
•  Coordinate the documentation, distribution, and enforcement of FCDN security policies, standards, and procedures, collaborating with key IT staff to develop and implement communication strategies for all cybersecurity policies and procedures.
•  Create, maintain, and educate on cyber risk management methodologies.
•  Develop effective security risk and control metrics.
•  Responsible for ensuring the execution of day-to-day security operations.
•  Regularly collaborate with the Chiefs over the Enterprise Architecture, Financial Services, Partner Experience Team, and GX Foundry teams to ensure the cohesion of planning, implementation, and communication strategies.
•  Develop strong partnerships with Franklin County Agency leadership to ensure compliance with security best practices, provide clarity on initiatives, and assist when complex items arise.
•  Serve as the escalation point for security initiatives.
•  Stay current on the latest security legislation, regulations, advisories, alerts, and vulnerabilities affecting Franklin County Agencies.
•  Establish relationships with key security solution vendors to ensure alignment on contracting, resources, and incident support.
•  Serve as the FCDN security audit and governance lead. Prepare and submit required reports to internal and/or external stakeholders, ensuring that systems, software, networks, and information are evaluated for security compliance.
•  Provide program guidance that ensures vulnerability evaluation, risk documentation, and control implementation to reduce risk to an acceptable level.
•  Development of an ongoing comprehensive Identity and Access Management program strategy that defines and provides appropriate secure access to FCDN technology assets while considering new threat vectors.
•  Manages direct manager functions including: development and motivation, activity tracking, hiring, performance appraisals, and promotions.
•  Provides guidance to direct managers in developing, motivating, and guiding security engineers and analysts.
•  Provides ongoing support of a vulnerability management program encompassing the external network, internal network, servers, PCs, applications, and all endpoint devices.
•  Review and monitor the incident response program to address, control, and manage information security incidents, events, changes, or security breaches. Ensure that the incident response program is aligned with the FCDN security program.
•  Supports the security and awareness training program to ensure it meets the unique needs of county agencies.
•  Continue implementing the Data Loss Prevention program, which defines and provides appropriate data security processes, protocols, and access controls.
•  Ensures that security reviews are performed and adhered to on behalf of county agencies to assure compatibility with existing technology, evaluate the associated risk, and make control recommendations for solutions based on the evaluation's findings.
•  Technical SME for annual Cyber Security Insurance policy review. Security Tools

Deep understanding of the following security tools and security areas:
•  Network
•  Intrusion detection and prevention tools
•  Firewall systems
•  Web and content filtering tools Identity
•  Privileged identity management tools
•  Identity Lifecycle Management solutions
•  Identity Federation and Multi-Factor Authentication solutions
•  Security Engineering
•  Log correlation engines
•  End Point Detection and Response
•  Mobile Device Management (MDM) tools
•  Vulnerability Scanning
•  Data Loss Prevention
•  PHI, PII, PCI, and sensitive data classification solutions
•  Microsoft Purview capabilities SUPERVISORY RESPONSIBILITIES

Oversees the managers of the information security teams. This role requires providing coaching and guidance to employees on processes and governance. Oversight of contract employees and services is also necessary.
Qualifications
Technical Skills
•  Proven working experience building and maintaining security systems.
•  Excellent analytical and problem-solving skills.
•  Solid technical knowledge of security industry best practices and procedures.
•  Experience with network technologies, systems, security, and monitoring tools.
•  Familiarity with web-related technologies (Web applications, web services, service-oriented architectures) and network/web-related protocols.
•  Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
•  Problem-solving skills and ability to work under pressure.
•  Understanding the system hardening processes, tools, guidelines, and benchmarks.
•  Familiarity with security domains and solutions utilized to implement controls within each. Education Level/Work Experience & Certification

NOTE: Relevant work experience years can be converted to formal education years at a ratio of 2:1

Preferred: Master's Degree in computer science, cybersecurity, or any relevant discipline.

Required: Bachelor's degree in computer science, cybersecurity, or any relevant discipline.
Preferred: 12+ years of experience in IT Security, with 8+ years of leadership in cybersecurity.

Required: 10+ years of experience in IT Security, with 5+ years of leadership in cybersecurity.
Preferred: CISSA and PMP

Required: CISSP or CISM
Supplemental Information
INTELLECTUAL ABILITIES

Chief Information Security Officer
Decision Making / Problem Solving
•  Makes sound, well-informed, and objective decisions in a timely manner.
•  Compares data, information, and input from various sources to draw conclusions; takes action consistent with available facts, constraints, and probable consequences.
•  Applies rational and creative processes to identify unknown root causes of problems.
•  Based on the situation, decide the best course of action, implement the solution, and follow up to see how it works.
•  Calculates and evaluates the long-term consequences of a decision. Communication
•  Clearly conveys and receives information and ideas through various media to individuals or groups in a manner that engages the listener, helps them understand and retain the message, and invites response and feedback.
•  Keeps others informed as appropriate click apply for full job details