Chief Information Security Officer

Job Description and Duties

We are advertising this position as until filled. We will review applications on the 2nd and 4th Friday of each month.

California’s long-awaited statewide Cradle-to-Career Data System has launched. You can help build a statewide system that brings together existing data with the aim of addressing barriers to opportunity from early learning, through K-12, college, and career.

We are hiring a Chief Information Security Officer to be the information security authority in a management role, overseeing state staff and contractors’ efforts to validate security-related functional and non-functional requirements and directing the maintenance and enforcement of security policies and standards to safeguard C2C systems, data, interfaces, and information processing infrastructure.

We are looking for a leader who is excited to build something new with a small, entrepreneurial team. Our ideal candidate is passionate about information security and risk management, collaborative, and experienced in implementing state, federal, and industry standards and best practices.

About the Role

As the Chief Information Security Officer, you will have responsibility for the information security of the C2C Data System and the Office itself. This includes:

• Security Architecture and Engineering. Managing security staff/consultants and reviewing/approving security deliverables throughout all phases of the System Development Life Cycle (SDLC).
• Security Program and Governance. Set the enterprise information security vision, strategy, program objectives, and roadmap aligned with departmental mission, statewide policies (SAM, SIMM), and federal standards (NIST).
• Identity, Access, and Data Protection. Implement and manage identity and access management (IAM) controls and processes; enforce the least-privilege principle and access governance across systems and data.
• Incident Response and Technology Recovery. Maintain the Cybersecurity Incident Response Plan (IRP); lead incident response efforts of detection, investigation, containment, eradication, recovery, reporting, and post-incident reviews.

Your work will be challenging, fun, and focused on enabling Californians to build a more equitable future.

We are a remote-centric team, and this position can be primarily remote for California residents. Hybrid schedules are subject to change based on Executive Orders or directives, bargaining agreements, and the business needs of the organization.

Ideal Candidate

The ideal candidate would have the following knowledge, skills, and abilities.

• Strategic and operational mastery across governance, security engineering, operations, awareness, and risk, with defined metrics and executive reporting
• Expert knowledge of the technical implementations of premiere IAM cloud platforms (e.g., Okta) with respect to Access Control (AC), Identification and Authentication (IA), and Audit and Accountability (AU)
• Expertise in security architecture, technology recovery, policy governance, and oversight of external agreements and partners
• Strong interpersonal, analytical, and communication skills; ability to lead multi-disciplinary teams and influence stakeholders across the enterprise

You will find additional information about the job in the .

Working Conditions

This position provides hybrid telework opportunities, with employees required to work in-person at least two days per week. This is subject to change based on operational needs.

The salary ranges listed do not include the 3% General Salary Increase effective July 1, 2025.

Desirable Qualifications

In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:

• Strategic and operational mastery across governance, security engineering, operations, awareness, and risk, with defined metrics and executive reporting
• Expert knowledge of the tec hnical implementations of premiere IAM cloud platforms (e.g., Okta) with respect to Access Control (AC), Identification and Authentication (IA), and Audit and Accountability (AU)
• Expertise in security architecture, technology recovery, policy governance, and oversight of external agreements and partners
• Strong interpersonal, analytical, and communication skills; ability to lead multi-disciplinary teams and influence stakeholders across the enterprise
• Ability to adjust to changing priorities and quickly respond to urgent matters
• Ability to collaborate in a team environment while keeping an Enterprise perspective and demonstrating initiative, ownership, accountability, and independence
• The successful candidate will be required to pass a criminal background check (see Education Code 10873)
• Current and verifiable Certified Information Systems Security Professional (CISSP) certification and/or Certified Information Security Manager (CISM) certification
• Current and verifiable Certified in Risk and Information Systems Control (CRISC)
• Current and verifiable Certified Information Security Auditor (CISA) certification

Benefits

Benefit information can be found on the CalHR website and the CalPERS website.

Examination Information

Take the online to become list eligible for this position.

The Limited Examination and Appointment Program (LEAP) is an optional pathway to state civil service for people with disabilities. Visit the CalHR LEAP page for additional information.

Required Application Package Documents

The following items are required to be submitted with your application. Applicants who do not submit the required items timely may not be considered for this job:

• Current version of the State Examination/Employment Application STD Form 678 (when not applying electronically), or the Electronic State Employment Application through your Applicant Account at All Experience and Education relating to the Minimum Qualifications listed on the Classification Specification should be included to demonstrate how you meet the Minimum Qualifications for the position.
• Resume is optional. It may be included, but is not required.