Deputy Chief Information Security Officer

Company Description

A best-in-class city that attracts best-in-class talent, Philadelphia is an incredible place to build a career. From our thriving arts scene and rich history to our culture of passion and grit, there are countless reasons to love living and working here. With a workforce of over 30,000 people, and more than 1,000 different job categories, the City of Philadelphia offers boundless opportunities to make an impact. 
As an employer, the City of Philadelphia values inclusion, integrity, innovation, empowerment, and hard work above all else. We offer a vibrant work environment, comprehensive health care and benefits, and the experience you need to grow and excel. If you’re interested in working with a passionate team of people who care about the future of Philadelphia, start here.
What We Offer:
•    Impact - The work you do here matters to millions. 
•    Growth - Philadelphia is growing, why not grow with it? 
•    Diversity & Inclusion - Find a career in a place where everyone belongs.
•    Benefits - We care about your well-being.
 

The Office of Innovation & Technology (OIT) is the central IT agency for the City of Philadelphia headed by the Chief Information Officer (CIO). OIT oversees all major information and communications technology initiatives for the City of Philadelphia - increasing the effectiveness of the information technology infrastructure, where the services provided are advanced, optimized, and responsive to the needs of the City of Philadelphia’s businesses, residents, and visitors. OIT responsibilities include: identifying the most effective approach for implementing new information technology directions throughout city government; improving the value of the city’s technology assets and the return on the city’s technology investments; ensuring data security continuity; planning for continuing operations in the event of disruption of information technology or communications services; and supporting accountable, efficient and effective government across every city department, board, commission and agency.

Job Description

In support of the CIO, the Chief Information Security Officer (CISO), and the OIT Executive Management Team, the Deputy Chief Information Security Officer (DCISO) brings their experience and passion for the field to join a dynamic Security Team responsible for managing information security risk to systems and data throughout The City of Philadelphia.  This role provides support to the CISO at a strategic level with the development and maintenance of security policies, standards, and procedures.  This role is also critical to shaping the direction of the Information Security Strategy for the City by assisting with the evaluation of emerging trends and best practices in cybersecurity.  The DCISO will analyze technology trends and advancement in areas of IT security and help plan for the long-term direction of the IT organization’s security hardening for City systems. The DCISO shall act on behalf of the CISO as assigned, and, in the absence of the CISO, as the principal security officer advising on IT security-related decisions to inform executive decisions. 

Additionally, the DCISO conducts regular risk assessments and participates in project design reviews with business lines and IT project managers.  This includes a dynamic range of topics including networking, cloud computing technologies, and endpoint technologies.  As such, the DCISO plays a key role in assuring architecture deployments meet security standards.  As part of this role’s day to day responsibilities, the DCISO can be expected to interact with and be a subject matter expert on a range of security domains including Incident Response, SIEM technologies, web and DNS proxies, EDR platforms, privileged access management methodologies, EntraID, and others.  
 

Essential Functions
•    Assists the CISO advising the CIO and executive management team on cybersecurity issues, policies and practices.
•    Evaluate system designs and architectures using a risk-based approach.
•    Perform risk assessments to identify information security risk.
•    Assists the Information Security Group in overseeing a team of security personnel and vendors working together to safeguard the City’s assets, intellectual property, and information systems.
•    Assists the CISO identifying protection goals, objectives, and metrics consistent with the OIT’s strategic plan.
•    Acts as subject matter expert for suite of security tools including EDR, SIEM, vulnerability scanner.
•    Engages with the CISO in directing the development and implementation of security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.
•    Maintains relationships with other localities, state and federal law enforcement and other related government agencies. 
•    Assists with Incident response planning as well as the investigation of security breaches.
•    Schedules periodic security audits and works with outside consultants as appropriate for independent security audits.  
•    Working with the CISO, provides strategic leadership and guidance at the executive level in critical areas of technology administration having institution, state-wide and/or national impact.
•    Assists the CIO and CISO in leading overall information technology strategic planning to achieve business goals by prioritizing information technology initiatives and coordinating the evaluation, deployment, and management of current and future technology projects.
•    Engages with CISO to provide leadership for planning, developing, and implementing information technology initiatives.
•    Ensures that disaster recovery and business continuity plans comply with OIT’s security goals and objectives.
•    Reviews plans with the CISO and helps schedule security upgrades and maintenance of software.
•    Oversees cross-institutional initiatives and executive level projects, fostering strategic partnerships in carrying out enterprise-wide computing services for the central IT organization.
•    Performs miscellaneous job-related duties as assigned.

Competencies, Knowledge, Skills and Abilities

Managerial
•    Must be an articulate and persuasive leader who can communicate security-related concepts to a broad range of technical and non-technical staff.
•    Experience with planning, auditing, and risk management.
•    Strong interpersonal and communication skills and the ability to work effectively with a wide range of constituencies in a diverse community.
•    Skilled in organizing resources and establishing priorities.
•    Ability to provide strategic guidance and counsel to clientele in the assessment and development of existing and/or proposed systems and their security architecture(s).
•    Ability to foster a cooperative work environment.
•    Experience with IT Risk Management principles, including performing risk assessments, maintaining risk registers, prioritizing remediation activities.
Technical
•    Experience configuring and managing common security tools including EDR, proxies, SIEM solutions, vulnerability scanners, privileged access management solutions, CNAPP, Office365 Security tools. 
•    Experience securing cloud environments.
•    Experience securing Active Directory environments.
•    Experience managing third-party security assessments including penetration testing and web application testing.

Qualifications

•    Completion of a bachelor’s degree program at an accredited college or university, which has included major course work in computer science, information science, system analysis, software engineering, or a closely related field.
•    Minimum of 5 years work experience working directly in an Information Security capacity.
•    Minimum of 2 years work experience working in an Information Security management capacity.
•    Demonstrated project management skills.
•    Working knowledge of security frameworks including NIST, CIS, OWASP.
•    Valid industry recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), is preferred but not required.

Additional Information

Salary Range: $130,000 - $140,000

Starting salary to be determined based on experience and qualifications.

Important: To apply, candidates must provide a cover letter and a resume.

Discover the Perks of Being a City of Philadelphia Employee:
•    We offer Comprehensive health coverage for employees and their eligible dependents
•    Our wellness program offers eligibility into the discounted medical plan
•    Employees receive paid vacation, sick leave, and holidays
•    Generous retirement savings options are available
•    Pay off your student loans faster - As a qualifying employer, City of Philadelphia employees are eligible to participate in the Public Service Loan Forgiveness program. Join the ranks of hundreds of employees who have already benefited from this program and achieved student loan forgiveness.
•    Enjoy a Free Commute on SEPTA - Starting September 1, 2023, eligible City employees will no longer have to worry about paying for SEPTA public transportation. Whether you're a full-time, part-time, or provisional employee, you can seize the opportunity to sign up for the SEPTA Key Advantage Program and receive free Key cards for free rides on SEPTA buses, trains, trolleys, and regional rails.
•    Unlock Tuition Discounts and Scholarships - The City of Philadelphia has forged partnerships with over a dozen esteemed colleges and universities in the area, ensuring that our employees have access to a wide range of tuition discounts and scholarships. Experience savings of 10% to 40% on your educational expenses, extending not only to City employees but in some cases, spouse and dependents too!
Join the City of Philadelphia team today and seize these incredible benefits designed to enhance your financial well-being and personal growth!

*The successful candidate must be a city of Philadelphia resident within six months of hire

Effective May 22, 2023, vaccinations are no longer required for new employees that work in non-medical, non-emergency or patient facing positions with the City of Philadelphia. As a result, only employees in positions providing services that are patient-facing medical care (ex: Nurses, doctors, emergency medical personnel), must be fully vaccinated.

The City of Philadelphia is an Equal Opportunity employer and does not permit discrimination based on race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, source of income, familial status, genetic information or domestic or sexual violence victim status. If you believe you were discriminated against, call the Philadelphia Commission on Human Relations at 215-686-4670 or send an email to faqpchr@phila.gov.