Chief Information Security Officer by Alameda County Water District Jul 23, 2025 Job Location Fremont, CA Application Deadline 08/30/2025 How to Apply Selection Procedure: Application materials including a supplemental questionnaire must be submitted online at: www.acwd.org/jobs. The first review of applications will be Friday, August 8, 2025. As soon as a candidate has been selected, the position will close. Candidates who present the best job-related qualifications will be invited to participate in a qualification appraisal as well as an interview by an appraisal panel. Candidates passing the qualifications appraisal process will be ranked on an employment list for further consideration. Top-ranking candidates will be invited to a personal interview with the hiring Supervisor. Description Under general direction from the Director of Engineering and Technology, and within the framework of policies and procedures, plans, organizes, coordinates and implements District-wide cybersecurity compliance, activities and operations, to ensure the confidentiality, integrity and availability of information technology systems; serves as a subject matter expert and an internal consultant on cybersecurity and information privacy matters to improve cybersecurity risk management, and performs a variety of professional and technical level tasks relative to assigned area of responsibility. The incumbent in this position directs the Districtwide information technology security program while performing the full range of routine to complex and specialized technical activities in cybersecurity and information privacy. Assignments are given in general terms and subject to periodic review while in progress and upon completion by the Director of Engineering and Technology. There is significant latitude for discretion and independent judgment in the selection of work methods to achieve established goals. The Ideal Candidate Comprehensive knowledge of key information technology controls and risk frameworks applicable to both IT and OT environments. Broad working knowledge of compliance and regulatory requirements related to information security, integrity, and privacy. Extensive experience providing technical leadership in the areas of information privacy and security including experience leading, managing, and evaluating technical teams. Experience in development and adoption of information security policies, procedures, and standards. Broad knowledge of information security technologies, current and emerging information security trends, threats, tactics, and cyber defense mechanisms. Thorough understanding of security architectures and TCP/IP protocols including installation and configuration requirements for LANs, WANs, VPNs, routers, firewalls, and related network and security devices. Knowledge and experience with Windows, Active Directory, Group Policy, DNS, encryption, patch management, anti-virus, system configuration management Extensive experience managing information security risk programs including developing and executing information security vulnerability assessments, audits, mitigations, and remediations. Evidenced experience ensuring the security of on-premises systems and cloud services. Expertise partnering, communicating, and collaborating with a diverse audience of stakeholders (i.e., end users, peers, managers, executives, and vendors). Excellent analytical and problem-solving skills. Ability to develop and maintain effective and cooperative working relationships. Ability to change priorities, work under pressure and meet critical deadlines. Ability to exercise a high degree of initiative, independence of action, tact and good judgment. Ability to make and provide sound recommendations and decisions. Reputable industry-related certifications Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) GIAC Security Leadership (GSLC) Certified Ethical Hacker (CEH) Job Responsibilities TYPICAL EXAMPLES OF DUTIES MAY INCLUDE, BUT ARE NOT LIMITED TO THE FOLLOWING: Coordinates the continuous development, implementation and update of information security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with best practices and any local, state and federal regulations. Develop and implement a comprehensive cybersecurity program by researching, identifying, and analyzing existing and potential security threats; develop and manage the frameworks, processes, and tools necessary to properly manage risk and to make risk-based decisions related to Information Technology (IT) and Operational Technology (OT), including but not limited to Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) activities. Implement processes to continuously monitor District software and systems for vulnerabilities; monitor logs and alerts for security events and assist IT and SCADA systems staff in patching and updating District systems on a continuous basis; monitor and assess success of patching and updating of District systems and infrastructure. Lead and participate in complex projects designed to provide for the protection of District information assets; recommend solutions and appropriate technology to meet District needs; design project and resource plans and schedules; develop proposals using cost/benefit analysis; evaluate proposed system hardware and software to ensure compatibility with existing systems; coordinate with vendors and contractors. Provides functional supervision to District staff involved in cybersecurity projects and activities. Proactively identify and mitigate cybersecurity risks and respond to observations identified by third party auditors/security service providers. Review cybersecurity vulnerabilities and conduct penetration testing on a periodic basis. Develop periodic reports and dashboards presenting the level of controls, compliance and current IT and SCADA risk posture. Lead, implement and maintain District-wide training related to cybersecurity. Represent information security and privacy function on committees and outside organizations as necessary; coordinate emergency preparedness activities and tabletop exercises related to cybersecurity. Assist IT and SCADA Administrators in creating, implementing, and testing emergency and disaster recovery measures that ensure continual operational readiness of District systems. Work closely and collaborate with other departments’ staff responsible for OT and SCADA systems. Serve as the District’s central point of contact for information security related incidents or violations; investigate and document cybersecurity incidents, lead and assist in remediation of cybersecurity incidents and vulnerabilities, make recommendation for improvements. Coordinate information security incident response and reporting for events or exploited vulnerabilities including unauthorized system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information. Work as a liaison with local, state and federal authorities requiring information and reports on security incidents to FBI or other law enforcement agencies. Participate in budget preparation; prepare cost estimates for budget recommendations; submit justifications for program materials, equipment, supplies, and services Stay abreast of new trends and developments in the areas of cybersecurity, networking, server and storage systems, disaster recovery; attend and participate in group meetings. Perform other related work as required. Typical Qualifications Possession of a Bachelor’s degree from an accredited college or university with a major in information systems, computer science, or closely related field and Five (5) years progressively responsible professional level work experience in Information Security. Additional Requirements Must possess a valid California driver’s license upon hire and have a satisfactory driving record. Possession of information technology security certifications such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) are highly desirable.