: Professional security management certification such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Chief Information Security Officer (CCISO), or Certified Information Systems Auditor (CISA).
Control Objectives for Information and Related Technology, COBIT 5 Foundation, or higher a plus. Information Technology Infrastructure Library (ITIL) certification preferred.
A strong background in leading and managing information security implementation, research, and strategic planning at the Information Security Officer-level preferred.
Must have strong skills in communications, collaboration and consensus-building, and teamwork. Prior experience working in state or local government is a plus.
The ISO must have expert/advanced knowledge, capabilities, and competencies in the business environment and must ensure that information systems are maintained in a fully functional and secure mode. Advanced knowledge of current, new, and emerging information security technologies, processes, management and monitoring tools, security convergence, and physical and logical security.
Ability to act in a professionally calm and collective demeanor in high-pressure, high-stress situations such as instances of threat, vulnerability and risk detection, remediation, countermeasures, and management. Must have expert-level knowledge in incident response. High degree of initiative, dependability, and ability to work with little supervision.
Must be an innovative critical thinker with strong problem-solving skills. Excellent analytical skills and ability to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives. Ability to analyze, review, and act upon data and a variety of descriptive and inferential statistics and metrics having complex facts and issues.
Must have strong project management, financial/budget management, scheduling, and resource management skills. Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Must have expert-level knowledge in all areas of defense-in-depth information security domains. Must have strong knowledge of IT audit and information security frameworks. Ability to work well with people from all levels of the organization with varying degrees of technical experience. Ability to express complex technical concepts clearly and concisely both verbally and in writing. Ability to coordinate disparate drivers, constraints, and personalities while maintaining objectivity and a strong understanding of security. Strong skills in business management and professional communication. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, and COBIT, and familiarity with National Institute of Science and Technology (NIST) standards related to information security. Working knowledge of diverse information security technologies and platforms.