Chief Information Security Officer-Covered California

 Chief Information Officer

Under administrative direction of the Chief Information Officer, the Information Technology Manager II (ITM II), Chief Information Security Officer (CISO), oversees the Information Security Office. Develops and maintains information security policies for Covered California that incorporate applicable federal, state, local, and industry legal, statutory, and regulatory requirements. Ensures that personally identifiable information is protected with operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability, and to prevent unauthorized or inappropriate access, use, or disclosure. Ensures ongoing monitoring, assessments, and other methods are in place and updated to report and mitigate non-adherence, and oversees staff who serve as the primary liaison with federal, state, and internal auditors for audits of information security controls. This position serves under the domain of Information Security Engineering. Duties may include access to information systems containing protected enrollee information, including federal tax information, protected health information, and personally identifying information.

To review the full job description, click here.


Learn more about the Information Technology Division here.

This position is located in Sacramento, near Cal Expo, but near full-time or full-time remote work may be possible through at least December 31, 2020.


NOTE: To be considered for this job opportunity, applicants must be reachable on an employment list, have transfer eligibility, or have reinstatement eligibility.If you are new to California State service and you do not have list eligibility, you must take the exam for this classification. To gain employment list eligibility, please click here to access the exam bulletin.


NOTE: Possession of minimum qualifications will be verified prior to interview and/or appointmentIf it is determined an applicant does not meet the minimum qualifications, the applicant’s name may be removed from the eligibility list.


Minimum Requirements

You will find the Minimum Requirements in the Class Specification.


Additional Documents


Desirable Qualifications

In addition to evaluating each candidate’s relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:
  • Current Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) Certification or equivalent.
  • 5+ years’ experience managing or leading diverse Information Security teams including direct and matrixed employees and contractors.
  • Experience directing Security Incident Response Teams and collaborating with internal and external stakeholders on information security practices, procedures, and policies.
  • 7+ years of enterprise cybersecurity or relevant information technology experience. Current knowledge of Information Security / cybersecurity tools and Security Information Event Management (SIEM).
  • Knowledge of Federal and State information security policies, standards, principles, practices, and frameworks. (SAM 5300 – NIST 800-53).
  • Current knowledge and experience in Information Security Risk Assessments, Security Assessments, and managing risk mitigations including management of Plan of Actions & Milestones (POAM’s).
  • Experience and ability to effectively demonstrate exceptional communication skills; experience developing and presenting Executive-level reports, presentations and general communications.
  • Demonstrated interest in and desire to stay up-to-date in a rapidly changing cybersecurity domain.
Position Details
Job Code #: JC-220037
Position #(s): 801-130-1406-005
Working Title: Chief Information Security Officer