"Alerted.org

Chief Information Security Officer

City of Dubuque

1 Positions

ID: 70038

Posted On 06/04/2025

Job Overview

Position Summary

**GENERAL SUMMARY:** The Chief Information Security Officer (CISO) is responsible for developing and implementing a strategic technology security program for the City of Dubuque and managing the security of our technology-related physical and digital assets; and for ensuring that the city and its subcontractors implement industry best practice policies, procedures and practices that address physical security, cyber security, data privacy and protection, as well as compliance with relevant laws and regulations. The CISO will plan, implement, upgrade and monitor security measures for the protection of computer networks and information; assess system vulnerabilities for security risks and propose and implement risk mitigation strategies; ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure; respond to computer security breaches and viruses; and perform other duties as assigned.

The CISO provides thought leadership in conjunction with engagement in industry and government forums; collaborates with state and federal cyber security experts and practitioners; and reviews contracts with third parties for appropriate security language, including data privacy and protection language required by state and federal laws.

The successful candidate should be able to foster a culture of physical and cyber security awareness that drives behavioral changes within the organization. The CISO should have excellent analytical skills and the ability to minimize risk to ensure the physical safety and integrity of personnel and organization information.

**DISTINGUISGHING FEATURES OF THE CLASS:** Work in this class involves application of knowledge providing vision, leadership, oversight and management of technology-related physical and cyber security policies, procedures, and practices. Duties include overseeing the security of systems, networks, data and end user devices; being in charge of application of standards, policies and security risk assessments, and supervising incident investigations.

Job Duties

JOB DUTIES:

+ Build a comprehensive security program including physical safety and cybersecurity policies with consideration of business and legal requirements, risk (likelihood and impact) and criticality; and build consensus among stakeholders.

+ Develop, maintain and enforce physical and cyber security policies and practices designed to protect sensitive data assets, ensure data privacy and comply with laws and regulations including the Federal Information Security Management Act (FISMA), Payment Card Industry (PCI), the Criminal Justice Information System (CJIS) and other applicable privacy laws.

+ Review existing security measures incident response plans and update protocols.

+ Oversight of contractors, outsourcers, consultants, sub-contractors and “as a service” vendors including managed security services, infrastructure engineering, operations, desktop support and software development ensuring compliance with laws and regulations.

+ Serve as the compliance officer ensuring technology solutions adhere to best practices and meet security requirements, including Software-as-a Service (SaaS) contracts, Infrastructure-as-a-Service (IaaS) contracts, Platform-as-a-Service (PaaS) contracts and customized software development solutions. Review requests for proposals, requests for information and contracts for technology data and physical security requirements with approval/modification responsibilities.

+ Develop, maintain and manage a third-party security assessment program for key vendor relationship and third-party providers.

+ Oversee the daily operations of the city to identify potential technology security risks and room for improvements.

+ Foster a culture of physical and digital security awareness

+ Conduct training sessions and communicate with personnel.

+ Manage, evaluate and resolve technology-related physical or digital security incidents or breaches.

+ Lead implementation of an incident response plan if an incident occurs including work with cyber-insurance and forensic partners.

+ Ensure technology-related security policies comply with federal laws and legislations.

+ Present risk assessments and improved technology-related security policies to management team members.

+ Work with management to develop and implement a budget for security programs.

+ Update knowledge about emerging industry or technology trends.

+ Coordinate project activities with other personnel or departments.

+ Takes part in after-hours scheduled on-call

+ Takes part in monthly maintenance responsibilities for the city’s technology

KNOWLEDGE, SKILLS, AND ABILITIES

+ **Computers and Electronics Security** - Knowledge of current physical and logical security issues and best practices in datacenter infrastructure, networks, end user computing and applications. Knowledge of the cloud computing industry, including Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS), including the security and privacy issues associated with using cloud infrastructure. Knowledge of processors, chips, electronic equipment, and computer hardware and software, including applications and programming. Knowledge and experience in the policy and regulatory environment of information security in government. Ability to translate security and privacy standards to policy, administration, and compliance/incident response activities.

+ **Business Administration** - Project management, written and oral communication skills. Knowledge of business principles involved in strategic planning, resource allocation, leadership technique and coordination of resources. Ability to gather information and complete Service Auditor Reports. Planning and task management skills. Ability to manage and assure successful delivery from outsourced third-party security and infrastructure providers.

+ **Telecommunications** - Knowledge of transmission, broadcasting, switching, control, and operation of telecommunications systems.

+ **Engineering and Technology** - Knowledge of the practical application of engineering science and technology including applying principles, techniques, procedures, and equipment to the design and production of various services.

+ **Customer Service** - Knowledge of principles and processes for providing customer service including customer needs assessment, meeting quality standards for services, and evaluation of customer satisfaction. Ability to work in collaboration with a variety of stakeholders to identify and discuss issues.

Qualifications

Minimum Qualifications

+ Bachelor’s degree in information security, privacy, or compliance.

+ Industry Security Certification such as a valid and current CISSP, CISA or CISM certification.

+ Minimum of 7 years of experience in managing information security programs, information technology or related field in accordance with standards from the National Institute of Standards and Technology (NIST) and the Federal Information Processing Standards (FIPS).

+ Or an equivalent combination of education and experience,

Preferred Qualifications

+ Advanced degree in information security, privacy, or compliance.

+ Additional certifications in CAP (FISMA), PCI QSA, CSA CCSK (Cloud) or ISO 27001

+ Experience in a similar role of Chief Security Officer (CSO)

+ Experience in an organization with a significant “footprint” in the government sector.

Supplemental Information

**Supervisory Status** : Functional

**RESIDENCY REQUIREMENT:** Employee shall establish their principal place of residence within fifty (50) miles of the corporate limits of the city of Dubuque as soon as practicable after appointment, but within two years of appointment.

**FLSA STATUS:** Exempt

Primary Contact

214881

City of Dubuque Human Resources Department

Human Resources Department, Human Resources Department

563-589-4125

Phone

Phone

Phone

Fax

[email protected]

Email

True

False

True

Job Details

Categories

Information Technology/Telecommunications

Location

Dubuque, IA

Job Type

Employee

Full/Part

Full Time

Pay/Salary

$91,313.04 - $119,377.44 Annually

Benefits

Health Insurance

Dental Insurance

Life Insurance

Retirement Plan

Paid Vacation

Paid Sick Leave

PTO (Paid Time Off)

Paid Holidays

Tuition Reimbursement

Qualifications

Education

Bachelors

Experience

5-10 Years

Company ID

931

Job REQ #

\# Positions

1

Start Date

20250604

End Date

20250801

Featured Job

0

TH Ad

0

TH Comments

Similar Jobs

Chief Technology Officer

Cottingham & Butler/ SISCO

Security Officer I

UnityPoint Health Finley Hospital

Security Officer I

UnityPoint Health Finley Hospital

Share this Job

City of Dubuque

About the Company

Whether at City Hall or out on city streets, our employees serve our residents, businesses, and visitors every day. Join the City of Dubuque team to be part of a high-performance organization dedicated to the community and to delivering excellent municipal services. We are input-oriented, see problems as opportunities, search for creative solutions, and work as a team to accomplish goals and build partnerships. At the City of Dubuque, your work is meaningful and supports the community.

The City of Dubuque values its employees and offers competitive salaries and benefits such as:

+ Health and Dental Insurance

+ 12 weeks of Paid Parental Leave

+ Paid Time Off and 11 Paid Holidays

+ Flexible Spending Accounts

+ Retirement Savings (IPERS)

+ Deferred Compensation Plan

+ Life and AD&D Insurance Coverage

+ Short-Term Disability

+ Employee Assistance Program

+ Tuition Reimbursement Program

+ Longevity Pay Starting After 6 Years of Service

+ Flexible Work Arrangements

+ Paid Time Volunteering

With positions in over 30 departments and divisions, your perfect career fit is waiting for you at the City of Dubuque. Ready to join our team? Visit www.CityOfDubuque.org/Jobs .