CalPERS Expands Recruitment of Information Security Officer

This story is limited to Techwire Insider members.

This story is limited to Techwire Insider members. Log in below to read this story or learn more about membership.

The country’s largest public pension fund has expanded its search for a new information security official (RSSI).

The California Public Employees Retirement System (CalPERS) is seeking an Executive (Career Executive Assignment) to provide direction and policy direction to the CalPERS Information Security Office, Information Technology Services Directorate ( ITSB) and the company.

The CISO, who will report to the General Counsel of CalPERS, will have “broad authority and managerial responsibility to protect the privacy, confidentiality, integrity and availability of CalPERS information and services”, states the declaration of duty for the position. “The CISO aligns the departments responsible for information security, privacy and security operations to enable CalPERS business objectives to meet acceptable levels of security and privacy risk. “

The position has been open since February, when the former CISO, Liana Bailey-Crimmins, was appointed state technology director and transferred to California Department of Technology.

The responsibilities of the CISO are as follows:

  • Administration of a strategic and comprehensive information security and confidentiality program to ensure appropriate levels of confidentiality, integrity, availability and confidentiality of information assets held, controlled and / or processed by CalPERS. Creation of a ‘risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, suppliers, consumers and others third “. (40%);
  • Oversees the information security and privacy governance structure through the line governance program, including the Information Security Steering Committee. Provide regular reports on the status of the information security program and emerging risks to enterprise risk management teams, key business leaders and the board of directors as part of a strategic program business risk management. (25 percent)
  • Manages and provides policy direction for the CalPERS privacy program, balancing the privacy and business use of information relating to CalPERS members, business partners and stakeholders. Improves the use of data to ensure the security and protection of CalPERS, its members, employees and third party associates. (20%)
  • Create internal networks between the information security team and business line leaders, corporate compliance, audit, physical security, legal and human resource management teams to ensure the alignment. Maintain external networks comprised of industry peers, ecosystem partners, vendors and other relevant parties to address common cybersecurity trends, findings, incidents and risks. Serve as a liaison with external agencies, such as law enforcement and other advisory bodies, to ensure that the organization maintains a strong security position and is kept abreast of relevant threats identified by these agencies. (15%)

Since the position provides access to sensitive information, applicants are subject to background checks and financial disclosure rules.

The requirements for the position include:

  • At least seven to 10 years of experience in a combination of risk management, information security and IT jobs (at least five in a leadership role).
  • The ability to communicate information security and risk related concepts to technical and non-technical audiences at various hierarchical levels, ranging from board members to technical specialists.
  • Knowledge and understanding of relevant legal and regulatory requirements such as the Health Insurance Portability and Accountability Act (HIPAA) and the payment card industry data security standard.
  • Project management skills: financial / budget management, planning and resource management.
  • Knowledge of common information security management frameworks, such as the International Standard Organization / International Electrotechnical Commission (ISO / IEC) 27001, Control Objectives for Information and Related Technology (COBIT), as well as those of the National Institute of Standards and Technology (NIST), including 800-53 and the cybersecurity framework.
  • Professional certification in security management is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

The CISO position has a monthly salary range of $ 10,831 to $ 12,903, and recruiting will remain active until the position is filled. For more information, see the job posting or contact Veronica Ortiz-Torres.

Dennis noone

Dennis Noone is Editor-in-Chief of Techwire. He is a career journalist, having worked as a reporter and editor for small town newspapers and major metro dailies in California, Nevada, Texas and Virginia, most notably as an editor for USA Today at Washington, DC. He lives in the foothills of Northern California.

See more stories from Dennis Noone

Previous Response plans and backup strategies underpin cyber resilience
Next SJSU hosts “The Burn and Beyond: Wildfires, Drought and Environmental Justice” webinar

No Comment

Leave a reply

Your email address will not be published.