Information Security Manager

The Information Security Manager is responsible for enhancing and maintaining the cybersecurity program to protect Jefferson County’s data, information systems, digital assets, and networks. Partners with the CISO to oversee security strategy, risk management, and policies. Collaborates with operational IT teams, law enforcement agencies, external security organizations, and business stakeholders to foster a culture adhering to Confidentiality, Integrity, and Availability and to ensure security is integrated across operations. Provides leadership for security initiatives and incident response, monitors emerging threats, and ensures alignment with regulatory requirements and organizational objectives.

SCHEDULE:

This hybrid (remote work and in-office) position is a full-time role, typically operating on a 5-day work week schedule, Monday- Friday, working 8-hour shifts. 

COMPENSATION:

Hiring Range: $150,000.00 – $160,000.00 USD Annual

Compensation will be determined based on education, experience, and skills.

BENEFITS:

Jefferson County offers a generous benefits package that supports your personal and professional life. Benefits include medical, dental, and vision insurance, paid time off and holidays including a starting bank of 40 hours of PTO for new hires, retirement matching, wellness programs, tuition reimbursement, flexible schedules, remote work options and more. For more information, click here for our Total Rewards summary. 

ESSENTIAL DUTIES:

• Perform all duties of Security Engineer.
• Manage and mentor a team of security analysts, engineers, and architects.
• Lead comprehensive security assessments, audits, penetration tests, and risk analyses to identify gaps in security architecture and develop a resulting security risk management plan.
• Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).
• Oversee development and maintenance of security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
• Provide subject matter expertise on security technologies, architecture, and best practices, including incorporating AI into security operations and strategies.
• Lead incident response efforts, including investigation, containment, and recovery, minimizing potential impact and coordinating with external partners.
• Develop and execute comprehensive security strategy plans and roadmaps aligned with business objectives, including cloud and on-premise architecture.
• Collaborate with senior leadership to communicate the importance of security initiatives and priorities, including regular presentations on security updates and relevant topics to elected officials, board members, and other County leaders.
• Stay up-to-date with regulatory changes, industry trends and best practices, emerging security threats and technologies, adapting strategies as needed.
• Other duties as assigned.

QUALIFICATIONS:

Research shows that women and other underrepresented and historically marginalized groups tend to apply only when they check every box in the posting. If you are reading this and hesitating to click “apply” for that reason, we encourage you to go for it! A true passion and excitement for making an impact is just as important as work experience. 

Minimum Qualifications:

• Bachelor’s degree.
• A minimum of seven (7) years of direct experience in team leadership, IT security engineering, system hardening and network security.
• Note an equivalent combination of education and experience is acceptable.

Preferred Knowledge, Skills and Abilities:

• Knowledge and understanding of relevant legal and regulatory requirements, such as: CJIS, HIPAA, PCI-DSS.
• Knowledge and understanding of common information and security management frameworks, such as ISO/IEC 27001, ITIL, CIS, and NIST, including 800-53 and Cybersecurity Framework.
• Sound business acumen ability to develop and implement security strategies that are aligned with the County's business goals and risk profile.
• Excellent stakeholder management skills, communication skills, interpersonal and collaborative skills, and the ability to communicate cybersecurity and risk related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Ability to lead and motivate the cybersecurity team to achieve tactical and strategic goals and influence entities and decisions, even when no formal reporting structure exists.
• Ability to manage multiple concurrent projects.
•  Provide financial/budget management, scheduling and workforce management and other administrative and technical support, as needed.
• Handle inquiries professionally.
• Receptive to feedback.
• Certifications Desired: CISSP, CISM, CIPM or equivalent.

ADDITIONAL JOB INFORMATION:

Accommodations Statement: We encourage people with disabilities to apply and are committed to providing reasonable accommodations throughout our hiring process. For assistance with applications, interviews, or other hiring-related accommodations, contact [email protected]. This contact is for accommodation requests only and cannot provide application status updates. 

• Criminal History and MVR Background Checks are required for every position. 
• A valid Colorado driver’s license is required for positions that drive on County Business in either a county or personal vehicle within 30-days of hire or beginning to serve as an intern or volunteer. 
• Offer of employment contingent upon successful completion of criminal history, motor vehicle report, education verification, and/or references.
• Current Jefferson County employees must apply through their employee profile in Workday.
• In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

APPLICATION:

Qualified applicants are encouraged to apply immediately. All applicants must submit an online employment application by 11:59PM on the posted cut-off date. Follow this link to apply now: Jefferson County Colorado Career Opportunities

A resume and cover letter submitted with your application is encouraged but will not substitute for the information requested on the application. Applications are reviewed for minimum qualifications listed in the qualifications section of the job bulletin, and applicants are contacted directly by the hiring team if selected. To view the status of your application, please log into your candidate portal.   

For more details on the recruitment process, please visit: https://www.jeffco.us/1860/FAQs

Questions? Contact the Jefferson County Recruitment Team at 303-271-8420 or [email protected]