We are advertising this position as until filled. We will review applications on the 2nd and 4th Friday of each month.

*California state employees must reside in California. *

**We are a remote-centric team, and this position can be primarily remote for California residents. Hybrid schedules are subject to change based on Executive Orders or directives, bargaining agreements, and the business needs of the organization.
This position provides hybrid telework opportunities, with employees required to work in-person at least two days per week. This is subject to change based on operational needs.

• The office is located at 1810 16th Street, Sacramento
• Please note, CalHR is not an E-Verified employer.*

Why join CalHR?
California’s long-awaited statewide Cradle-to-Career Data System has launched. You can help build a statewide system that brings together existing data with the aim of addressing barriers to opportunity from early learning, through K-12, college, and career.

We are hiring a Chief Information Security Officer to be the information security authority in a management role, overseeing state staff and contractors’ efforts to validate security-related functional and non-functional requirements and directing the maintenance and enforcement of security policies and standards to safeguard C2C systems, data, interfaces, and information processing infrastructure.

We are looking for a leader who is excited to build something new with a small, entrepreneurial team. Our ideal candidate is passionate about information security and risk management, collaborative, and experienced in implementing state, federal, and industry standards and best practices.

About the Role
As the Chief Information Security Officer, you will have responsibility for the information security of the C2C Data System and the Office itself. This includes:
• Security Architecture and Engineering. Managing security staff/consultants and reviewing/approving security deliverables throughout all phases of the System Development Life Cycle (SDLC).
• Security Program and Governance. Set the enterprise information security vision, strategy, program objectives, and roadmap aligned with departmental mission, statewide policies (SAM, SIMM), and federal standards (NIST).
• Identity, Access, and Data Protection. Implement and manage identity and access management (IAM) controls and processes; enforce the least-privilege principle and access governance across systems and data.
• Incident Response and Technology Recovery. Maintain the Cybersecurity Incident Response Plan (IRP); lead incident response efforts of detection, investigation, containment, eradication, recovery, reporting, and post-incident reviews.

Your work will be challenging, fun, and focused on enabling Californians to build a more equitable future.

Ideal Candidate
The ideal candidate would have the following knowledge, skills, and abilities.
• Strategic and operational mastery across governance, security engineering, operations, awareness, and risk, with defined metrics and executive reporting
• Expert knowledge of the technical implementations of premiere IAM cloud platforms (e.g., Okta) with respect to Access Control (AC), Identification and Authentication (IA), and Audit and Accountability (AU)
• Expertise in security architecture, technology recovery, policy governance, and oversight of external agreements and partners
• Strong interpersonal, analytical, and communication skills; ability to lead multi-disciplinary teams and influence stakeholders across the enterprise
You will find additional information about the job in the Duty Statement: https://www.calcareers.ca.gov/CalHrPublic/FileDownload.aspx?aid=31464590&name=DS-ITMII-CISO(Proposed).pdf

Minimum Requirements
You will find the Minimum Requirements in the Class Specification.
• INFORMATION TECHNOLOGY MANAGER II: https://hrnet.calhr.ca.gov/CalHRNet/SpecCrossReference.aspx?ClassID=1406

Classification:
INFORMATION TECHNOLOGY MANAGER II
$11,388.00 - $13,842.00/month
• New to State candidates will be hired into the minimum salary of the classification or minimum of alternate range when applicable.
• The salary ranges listed do not include the 3% General Salary Increase effective July 1, 2025.

Required Application Package Documents
The following items are required to be submitted with your application. Applicants who do not submit the required items timely may not be considered for this job:
• Current version of the State Examination/Employment Application STD Form 678 (when not applying electronically), or the Electronic State Employment Application through your Applicant Account at www.CalCareers.ca.gov. All Experience and Education relating to the Minimum Qualifications listed on the Classification Specification should be included to demonstrate how you meet the Minimum Qualifications for the position.
• Resume is optional. It may be included, but is not required.

Applicants requiring reasonable accommodations for the hiring interview process must request the necessary accommodations if scheduled for a hiring interview. The request should be made at the time of contact to schedule the interview. Questions regarding reasonable accommodations may be directed to the EEO contact listed on this job posting.

Desirable Qualifications
In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:
• Strategic and operational mastery across governance, security engineering, operations, awareness, and risk, with defined metrics and executive reporting
• Expert knowledge of the technical implementations of premiere IAM cloud platforms (e.g., Okta) with respect to Access Control (AC), Identification and Authentication (IA), and Audit and Accountability (AU)
• Expertise in security architecture, technology recovery, policy governance, and oversight of external agreements and partners
• Strong interpersonal, analytical, and communication skills; ability to lead multi-disciplinary teams and influence stakeholders across the enterprise
• Ability to adjust to changing priorities and quickly respond to urgent matters
• Ability to collaborate in a team environment while keeping an Enterprise perspective and demonstrating initiative, ownership, accountability, and independence
• The successful candidate will be required to pass a criminal background check (see Education Code 10873)
• Current and verifiable Certified Information Systems Security Professional (CISSP) certification and/or Certified Information Security Manager (CISM) certification
• Current and verifiable Certified in Risk and Information Systems Control (CRISC)
• Current and verifiable Certified Information Security Auditor (CISA) certification

Steps for how to apply = (Please email CalHR's recruiters when you have applied, CalHRTalentEngagement@calhr.ca.gov)

• For more details of the job responsibilities (Duty Statement,) the minimum requirements, comp/benefits, how to apply and more click on the job posting link: https://calcareers.ca.gov/CalHrPublic/Jobs/JobPosting.aspx?JobControlId=513964
• You will need to take the online Information Technology Manager II exam to become list eligible for this position, if you have not already --> These questions relate to your experience and are used to determine the appropriate job classification based on your background/experience. • https://calcareers.ca.gov/CalHrPublic/Exams/ExamBulletin.aspx?ExamControlId=1755 PLEASE view the details of the “Examination Information” AND the “Training and Experience Examination Preview” in the exam link. This information will help you with the exam. • Click 'Apply' --> Login or create a CalCareers account if you do not have one already. Then click 'Continue' for the exam. • The Limited Examination and Appointment Program (LEAP) is an optional pathway to state civil service for people with disabilities. Visit the CalHR LEAP page for additional information.
• Once you have taken the exam, go back to the job posting if you are not guided there: https://calcareers.ca.gov/CalHrPublic/Jobs/JobPosting.aspx?JobControlId=513964 and click Apply --> "I have eligibility' and complete your application. Make sure your application (not your resume) shows how your experiences aligns with the duty statement and meets the minimum qualifications.
• Attach your resume and responses to the Statement of Qualifications. See the "Special Requirements" section for details on the Statement of Qualifications. --> Not attaching your response to the Statement of Qualifications questions on your application on CalCareers will prevent you from moving forward in the hiring process.

A tip to share for the exam:

• For the ‘exam,’ the exams are questions around your experience. Include all your experience from every job to volunteer work, internships, leading groups and/or projects, and more. Don’t sell yourself short. Before you start the exam, review the sample questions in the exam bulletin. This gives you a sense of what we’ll ask you. Have your resume handy. You’ll need it during the exam.

Equal Opportunity Employer
The State of California is an equal opportunity employer to all, regardless of age, ancestry, color, disability (mental and physical), exercising the right to family care and medical leave, gender, gender expression, gender identity, genetic information, marital status, medical condition, military or veteran status, national origin, political affiliation, race, religious creed, sex (includes pregnancy, childbirth, breastfeeding and related medical conditions), and sexual orientation.
It is an objective of the State of California to achieve a drug-free work place. Any applicant for state employment will be expected to behave in accordance with this objective because the use of illegal drugs is inconsistent with the law of the State, the rules governing Civil Service, and the special trust placed in public servants.