Division Director - Information & Cyber Security

Hillsborough County

  • Tampa, FL
  • Permanent
  • Full-time
  • 13 days ago
Job Category: Information TechnologyJob Description:Job OverviewThe Cyber Security Services Division Director develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization. She/he focuses on Cyber Security risk management, significant changes in our business environment, and the ever-more complicated technology and threat landscape. It is expected that she/he formalizes a security and risk program and facilitates information security governance through implementation of a hierarchical governance program.Salary$118,643 - $207,750BenefitsCore Competencies
  • Customer Commitment - Proactively seeks to understand the needs of the customers and provide the highest standards of service.
  • Dedication to Professionalism and Integrity - Demonstrates and promotes fair, honest, professional and ethical behaviors that establishes trust throughout the organization and with the public we serve.
  • Organizational Excellence - Takes ownership for excellence through one's personal effectiveness and dedication to the continuous improvement of our operations.
  • Success through Teamwork - Collaborates and builds partnerships through trust and the open exchange of diverse ideas and perspectives to achieve organizational goals.
Duties and ResponsibilitiesNote: The following duties are illustrative and not exhaustive. The omission of specific statements of duties does not exclude them from the position if the work is similar, related, or a logical assignment to the position. Depending on assigned area of responsibility, incumbents in the position may perform one or more of the activities described below.
  • Develops, implements and monitors a strategic, comprehensive enterprise information security and IT risk management program to ensure integrity, confidentiality and availability of information owned, controlled or processed by the organization.
  • Manages the enterprise's security organization to ensure the team operates efficiently and effectively, including hiring, training, staff development, and performance management to ensure a culture of continuous improvement, ensuring the team remains agile and prepared to tackle emerging security challenges.
  • Facilitates governance, risk, and compliance by implementing a hierarchical governance program, which includes establishing an information security steering committee or advisory board.
  • Develops, maintains and publishes up-to-date security policies, standards and guidelines, and oversees training and dissemination of security policies and practices. Creates a framework for roles and responsibilities regarding information ownership, classification, accountability and protection.
  • Authorizes, performs, and/or delegates forensic investigations related to security incidents.
  • Working with Human Resources or other appropriate authorities, authorizes, performs, or delegates insider and personnel digital investigations.
  • Creates, communicates and implements a risk-based process for vendor risk management, including assessment of and treatment for risks that may result from partners, consultants and other service providers.
  • Develops and manages information security budgets and monitors them for variances, including securing grants, advocating for budget allocations, and obtaining state cybersecurity funding.
  • Creates and manages information security and risk management awareness training programs for all employees, contractors and approved system users.
  • Works directly with the business units to facilitate IT risk assessment and risk management processes and works with stakeholders through the enterprise on identifying acceptable levels of residual risk.
  • Provides periodic reporting on the status of the information security program to enterprise risk teams, and senior management leaders as part of a strategic enterprise risk management program.
  • Other related duties as assigned.
Job Specifications
  • Ability to manage difficult situations with composure and maintain effective relationships.
  • Skilled in oral and written communication, including grammar, composition, and active listening.
  • Skilled in collecting, analyzing, and interpreting complex data.
  • Ability to apply logic and sound judgment to solve problems and evaluate alternatives.
  • Knowledge of accounting principles, budget methods, and financial reporting.
  • Ability to manage budgets, grants, and cybersecurity funding.
  • Knowledge of strategic planning, resource allocation, and organizational leadership.
  • Ability to plan, direct, delegate, and evaluate programs and staff.
  • Ability to navigate political environments and align stakeholders across agencies.
  • Ability to develop and execute enterprise-level cybersecurity strategies.
  • Knowledge of Zero Trust, NIST frameworks, CIS controls, and risk management.
  • Ability to oversee SOC operations, GRC programs, and enterprise security architecture.
  • Strong time management, organization, and prioritization skills.
  • Ability to work under pressure, meet deadlines, and handle confidential information.
Physical Requirements
  • Position is typically in an office environment.
  • Speaking, Vision, Hearing, Sitting, Standing
  • Use of Office Machinery such as PCs, Smart Phones, Tablets, Calculators and Multi-Function Devices.
Work Category
  • Sedentary work - Exerting up to 10 pounds of force occasionally, and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
Minimum Qualifications Required
  • A bachelor's degree from an accredited college or university with a major in Cybersecurity, Computer Science, or related field; AND
  • A minimum of 10 years of direct technical cyber security experience. At least 5 years of experience in a significant leadership role, managing cybersecurity, or technology teams; OR
  • An equivalent combination of education, training and experience that would reasonably be expected to provide the job-related competencies noted below. (For education and experience only, does not include legally required Licenses or Certifications.); AND
  • Required: CISSP (Certified Information Systems Security Professional, or CISM (Certified Information Security Manager).
Emergency Management ResponsibilitiesIn the event of an emergency or disaster, an employee may be required to respond promptly to duties and responsibilities as assigned by the employee's department, the County's Office of Emergency Management, or County Administration. Such assignments may be for before, during or after the emergency/disaster.Additional Job RequirementsA department, depending on the nature of its mission and operations, may require that employees in all or certain positions in this job classification: * Maintain the ability to pass the background checks required for the position. These background checks may include but are not limited to:
  • Criminal History Background Check using Florida Department of Law Enforcement (FDLE) Criminal Justice Information Services (CJIS)
  • Level 1 and Level 2 Background screening (Ch. 435 Florida Statutes)
  • Child Abuse, Abandonment and Neglect Record Check using the State Automated Child Welfare Information System (SACWIS)
  • Sex Offender and Sexual Predator record check using the list maintained by the Florida Department of Law Enforcement (FDLE)
2. Possess the necessary job-related license(s) or certification(s) that may include possession of a Florida Driver License (Class E).

Hillsborough County