Yosemite Community College District

Chief Information Security Officer - Information Technology - Central Services

Salary:  Management Salary Schedule (2024-2025) Range 42: $10,624 to $13,502 monthly or $10,869 to $13,747 monthly with earned Doctorate. New appointees will receive year-for-year credit for prior management experience to a maximum of Step C.

Closing Date: Wednesday, July 30th, 2025 at 11:59 P.M.

To apply, submit your application and required documents on-line via our applicant system at: http://50.73.55.13/counter.php?id=305300

Scope of Assignment

DEFINITION

Under the direction of the Vice Chancellor of Information Technology and Institutional Research, the Chief Information Security Officer (CISO) designs, implements, and supports the security and infrastructure of District systems, servers, peripherals and network devices. This role also analyzes, plans, designs, implements, maintains, troubleshoots and enhances networks security systems, processes and policies. This includes but is not limited to server virtualization, LANs, WANs, wireless technologies and the physical and logical components that integrate these systems together.

SUPERVISION RECEIVED AND EXERCISED

The Chief Information Security Officer (CISO) reports directly to the Vice Chancellor of Information Technology and Institutional Research and may provide support to other IT areas and to the district’s leadership team, classified staff, and faculty members.

MINIMUM QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The Education/Experience, Knowledge and Ability requirements are representative of essential duties. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions of the position.

Knowledge of:

• Methods and procedures of standardizing, securing, maintaining, and operating computers and peripheral equipment in an enterprise environment

• Software License compliance laws and methodologies

• Microsoft Active Directory and Azure Active Directory

• Current server virtualization, network switching and routing, firewalls, data backup and recovery solutions, cloud computing resources, VoIP systems, business software applications

(e.g. Office 365), and related systems used by the District

• Security and business continuity (disaster recovery and backup) planning and execution

• Troubleshooting, diagnostic techniques, procedures, equipment and tools used in computer and peripheral repair

• Technology documentation and presentation techniques

• Project management methods and techniques

• Supervisory knowledge and/or experience to successfully oversee a team, while providing complex project coordination across departments

• Professional and effective oral and written communication

Ability to:

• Apply NIST and GLBA regulations to current operations

• Delegate, plan, schedule and perform complex maintenance and upgrades to critical infrastructure

• Respond to incidents and events, implement appropriate counter measures to maintain and protect security of district data.

• Plan, schedule and perform complex maintenance and upgrades to critical infrastructure

• Maintain current knowledge of technical advances in all areas of responsibility

• Prepare clear, concise, and accurate system documentation and reports

• Establish and maintain cooperative and effective working relationships with IT staff, members of the District community and outside  contacts

• Analyze networking systems to modify current standards and develop innovative solutions to address changing conditions

• Demonstrate interpersonal skills using tact, patience, and courtesy

• Understand and carry out oral and written directions

• Direct the work of other technical support employees

• Supervise staff as assigned

• Create and maintain positive business relationships with the broader District community and third-party vendors

• Manage and track budgets

• Demonstrate sensitivity to and understanding of the diverse academic, socioeconomic, cultural, disability, gender identity, sexual orientation, and ethnic backgrounds of community college students and employees

ESSENTIAL DUTIES

Strategic Leadership and Planning:

• Provides strategic leadership in cybersecurity.

• Develop and implement a comprehensive information security strategy aligned with the District’s mission and goals.

• Lead the creation and maintenance of security-related board policies and administrative procedures.

• Monitor emerging technologies (e.g., AI, IoT, cloud) and evolving threats to proactively adapt security strategies.

• Advise leadership on the security implications of digital transformation initiatives.

• Lead the development of a cybersecurity roadmap and maturity model for long-term planning.

Information Security Operations and Risk Management:

• Oversee the implementation and enforcement of security policies, including NIST and CIS controls, across all systems and devices.

• Conduct regular security audits and assessments; lead mitigation efforts for identified risks.

• Manage and maintain the District’s Security Information and Event Management (SIEM) system and data loss prevention tools.

• Lead the District’s response to cybersecurity incidents in accordance with the incident response plan.

Infrastructure and Systems Security:

• Design, implement, and maintain secure network infrastructure, including firewalls, backup systems, and disaster recovery solutions.

• Perform or direct security upgrades and enhancements to critical IT infrastructure.

• Ensure the reliability, security, and performance of all security-related systems and services.

Compliance and Governance:

• Ensure compliance with applicable laws, regulations, and standards related to information security.

• Implement and manage the cybersecurity governance, risk, and compliance (GRC) framework to ensure alignment with regulatory requirements and industry standards.

• Continuously evaluate and manage the organization’s cyber risk posture, including third-party and supply chain risks.

• Serve as the primary liaison with law enforcement and regulatory bodies during cybersecurity investigations or audits.

Training and Awareness:

• Develop and deliver security training programs and awareness initiatives for staff and faculty.

• Provide guidance and mentoring to IT staff on security best practices and protocols.

• Foster a culture of security throughout the organization by promoting shared responsibility for cybersecurity.

Team Leadership and Collaboration:

• Provide leadership and direction to technical support staff involved in security operations.

• Foster a collaborative and high-performing work environment within the security team.

• Coordinate security-related projects across IT operations, applications, and systems teams.

Budget and Resource Management:

• Develop and manage the information security budget, including technology lifecycle planning.

• Identify and implement cost-effective security solutions and services.

• Manage vendor relationships and contracts related to security services, including outsourced managed security providers.

• Develop, justify, and evaluate cybersecurity investments to ensure alignment with strategic goals and risk tolerance.

Stakeholder Engagement and Communication:

• Build strong relationships with internal stakeholders to promote a culture of security awareness.

• Translate complex security issues into business terms for non-technical stakeholders.

• Prepare and present cybersecurity reports to the Chancellor, Board of Trustees, and other stakeholders.

• Communicate effectively with all levels of the District community regarding security initiatives and incidents.

• Collaborate with academic and administrative departments to ensure alignment of security practices with institutional needs.

Licenses and Certificates:

• Possession of a valid California Motor Vehicle Operator’s License Required

• SSCP – Systems Security Certified Practitioner Preferred

• CISSP – Certified Information Systems Security Professional Preferred