Deputy Chief Information Security Officer

Job Description
In support of the CIO, the Chief Information Security Officer (CISO), and the OIT Executive Management Team, the Deputy Chief Information Security Officer (DCISO) brings their experience and passion for the field to join a dynamic Security Team responsible for managing information security risk to systems and data throughout The City of Philadelphia. This role provides support to the CISO at a strategic level with the development and maintenance of security policies, standards, and procedures. This role is also critical to shaping the direction of the Information Security Strategy for the City by assisting with the evaluation of emerging trends and best practices in cybersecurity. The DCISO will analyze technology trends and advancement in areas of IT security and help plan for the long-term direction of the IT organization’s security hardening for City systems. The DCISO shall act on behalf of the CISO as assigned, and, in the absence of the CISO, as the principal security officer advising on IT security-related decisions to inform executive decisions.
Additionally, the DCISO conducts regular risk assessments and participates in project design reviews with business lines and IT project managers. This includes a dynamic range of topics including networking, cloud computing technologies, and endpoint technologies. As such, the DCISO plays a key role in assuring architecture deployments meet security standards. As part of this role’s day to day responsibilities, the DCISO can be expected to interact with and be a subject matter expert on a range of security domains including Incident Response, SIEM technologies, web and DNS proxies, EDR platforms, privileged access management methodologies, EntraID, and others.
Essential Functions
- Assists the CISO advising the CIO and executive management team on cybersecurity issues, policies and practices.
- Evaluate system designs and architectures using a risk-based approach.
- Perform risk assessments to identify information security risk.
- Assists the Information Security Group in overseeing a team of security personnel and vendors working together to safeguard the City’s assets, intellectual property, and information systems.
- Assists the CISO identifying protection goals, objectives, and metrics consistent with the OIT’s strategic plan.
- Acts as subject matter expert for suite of security tools including EDR, SIEM, vulnerability scanner.
- Engages with the CISO in directing the development and implementation of security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.
- Maintains relationships with other localities, state and federal law enforcement and other related government agencies.
- Assists with Incident response planning as well as the investigation of security breaches.
- Schedules periodic security audits and works with outside consultants as appropriate for independent security audits.
- Working with the CISO, provides strategic leadership and guidance at the executive level in critical areas of technology administration having institution, state-wide and/or national impact.
- Assists the CIO and CISO in leading overall information technology strategic planning to achieve business goals by prioritizing information technology initiatives and coordinating the evaluation, deployment, and management of current and future technology projects.
- Engages with CISO to provide leadership for planning, developing, and implementing information technology initiatives.
- Ensures that disaster recovery and business continuity plans comply with OIT’s security goals and objectives.
- Reviews plans with the CISO and helps schedule security upgrades and maintenance of software.
- Oversees cross-institutional initiatives and executive level projects, fostering strategic partnerships in carrying out enterprise-wide computing services for the central IT organization.
- Performs miscellaneous job-related duties as assigned.
Competencies, Knowledge, Skills and Abilities
Managerial
- Must be an articulate and persuasive leader who can communicate security-related concepts to a broad range of technical and non-technical staff.
- Experience with planning, auditing, and risk management.
- Strong interpersonal and communication skills and the ability to work effectively with a wide range of constituencies in a diverse community.
- Skilled in organizing resources and establishing priorities.
- Ability to provide strategic guidance and counsel to clientele in the assessment and development of existing and/or proposed systems and their security architecture(s).
- Ability to foster a cooperative work environment.
- Experience with IT Risk Management principles, including performing risk assessments, maintaining risk registers, prioritizing remediation activities.
Technical
- Experience configuring and managing common security tools including EDR, proxies, SIEM solutions, vulnerability scanners, privileged access management solutions, CNAPP, Office365 Security tools.
- Experience securing cloud environments.
- Experience securing Active Directory environments.
- Experience managing third-party security assessments including penetration testing and web application testing.