Deputy CISO and Privacy Officer

Job Description and Duties

All applicants will be considered, however SROA/Surplus candidates will be given priority.

Are you interested in making life better for Californians? Are you looking for a career and not just a job? Do you want to create a meaningful impact in your community? If you answered yes to any of these questions, then the California Department of Tax and Fee Administration (CDTFA) has a career opportunity waiting for you! California not only needs you, it wants you as part of the growing workforce. New employees, new ideas, and new creative perspectives are needed in all areas at the CDTFA. We value staff and are dedicated to employee career development. Our agency supports the development of staff by offering training to flourish in their position and programs to promote and explore upward mobility. To learn more about us, please see CDTFA Gateway to New Opportunities video

Under the general direction of the Chief Information Security Officer (CISO) Information Technology Manager II (IT Manager II), the Information Technology Manager I (IT Manager I) serves as the Deputy CISO & Privacy Officer for the California Department of Tax & Fee Administration (CDTFA). In this role, the Deputy CISO & Privacy Officer provides strategic and operational leadership for information security, cyber risk management, compliance, privacy and business continuity programs, ensuring a well-managed security posture across the department.

The Deputy CISO & Privacy Officer manages the Information Security Office (ISO): Security Governance & Assurance unit (SGA) and the Security Operations Center (SOC), ensuring governance activities are aligned and integrated with preventative, detective, and corrective security controls. This includes ensuring confidential and sensitive data, such as federal tax information (FTI), personally identifiable information (PII) and other critical assets are properly safeguarded. Close collaboration with IT and business leaders is required to ensure cybersecurity risks are effectively managed and aligned across operational, oversight and assurance functions.

Additionally, the Deputy CISO & Privacy Officer serves as the Privacy Officer, responsible for data protection strategy and execution of policy development, privacy by design, compliance monitoring, incident investigation and breach response. The Privacy Officer ensures adherence to federal and state regulations, reinforcing the department’s commitment to data privacy and security.

Under Government Code 14200, this position may be eligible for partial telework for eligible candidates residing in California. All telework/hybrid schedules require staff to report to the office a minimum number of days per week. Schedules are subject to change.

Currently, per the California Budget Act of 2025, all California Department of Tax and Fee Administration salaries are subject to the provisions of the State of California’s Personal Leave Program.

This is a re-advertisement of JC-493937. If you previously applied under JC-493937 you would need to re-apply under this new Job Control, JC-501905 in order to be considered.

This recruitment has been posted for more vacancies than currently exist as it may be used to fill additional identical vacancies which occur within 180 days of the closing date of this bulletin.

You will find additional information about the job in the .

Working Conditions

• Position located in a high-rise building.

• Standard office environment.

• Requires being in a stationary position, consistent with office work, for extended periods of time.

• Daily use of a personal computer, office equipment, and/or telephone.

• Work long, irregular or after hours as required.

• Telework is partially available.

Special Requirements

• This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.; for more information about E-Verify, please go to

• Position requires employee to be fingerprinted and successfully pass a background investigation.

• Travel required five percent (5%) of the time.

Desirable Qualifications

In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:

• Knowledge of program management principles and practices.

• Knowledge of risk management processes.

• Knowledge of mission assurance practices and principles.

• Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices.

• Knowledge of cybersecurity threats and vulnerabilities.

• Knowledge of business continuity and disaster recovery (BCDR).

• Knowledge of endpoint, network, and web application security risks.

• Knowledge of new and emerging technologies.

• Knowledge of Security Information & Event Management (SIEM) platforms and related logging.

• Knowledge of Endpoint Protection Platform/Detection & Response.

• Knowledge of Network Detection & Response.

• Knowledge of incident response principles and practices.

• Knowledge of Identity Access and Management.

• Knowledge of IT Infrastructure including cloud based environments and enterprise systems.

• Knowledge of computer networking principles and practices.

• Knowledge of server administration principles and practices.

• Knowledge of system life cycle management principles and practices.

• Knowledge of telecommunications principles and practices.

• Knowledge of security controls.

• Knowledge of privacy laws and regulations.

• Knowledge of Privacy Impact Assessment (PIA) principles and practices.

• Knowledge of Personally Identifiable Information (PII) attributes.

• Knowledge of supply chain risk management principles and practices.

• Knowledge of data classification tools and techniques.

Benefits

CDTFA appreciates and proudly celebrates diversity with an emphasis of an inclusive atmosphere in all levels of the organization. CDTFA is a participant in The Government Alliance on Race and Equity (GARE) Capitol Cohort to advance racial equality and advance opportunities for all in California. Employees of different races, ethnicities, genders, ages, religions, disabilities, gender orientations and personal experiences are welcomed to contribute to the success of CDTFA.

The CDTFA was presented with the Large State Employer of the Year Award for 2018 from The Association of California State Employees with Disabilities (ACSED); showcasing CDTFA’s support of employment, promotion, and fair treatment of persons with disabilities.

CDTFA values its staff and is dedicated to employee career development. Our agency supports the development of staff by offering training to flourish in their position and programs to promote and explore upward mobility.

Working for the State offers great opportunities, generous benefits, and career development. In addition, you can look forward to:

• Nearby (third-party) parking.
• Convenient to public transportation.
• Located near downtown, major freeway access.

For more information about the outstanding benefits offered to State Employees

Benefit information can be found on the CalHR website and the CalPERS website.

Supplemental Questionnaire Requirement

Applicants must include a Supplemental Questionnaire (SQ) for this recruitment. Applications without an SQ or include an SQ that does not directly answer all the items below will not be considered. Resumes do not take the place of the SQ.

SQ Requirements:

• Name on SQ.
• Job Control number on SQ.
• SQ must be no more than two pages in length, single-spaced.

Respond directly to the following SQ question(s):

Describe your experience leading enterprise wide cybersecurity or privacy programs. How have you monitored and enforced compliance with internal policies and external regulations? Describe how you have facilitated cross functional collaboration to support cybersecurity or privacy programs and initiatives.

You must provide specific information in your response(s) which demonstrates how your knowledge, skills, and training meet the needs of this position.

Required Application Package Documents

The following items are required to be submitted with your application. Applicants who do not submit the required items timely may not be considered for this job:

• Current version of the State Examination/Employment Application STD Form 678 (when not applying electronically), or the Electronic State Employment Application through your Applicant Account at All Experience and Education relating to the Minimum Qualifications listed on the Classification Specification should be included to demonstrate how you meet the Minimum Qualifications for the position.
• Resume is required and must be included.
• Other - A completed Supplemental Questionnaire (SQ) must be submitted with your STD. 678 in order to be considered for this position. Please see the Supplemental Questionnaire Requirement section of this job posting for additional information.