Information Security Officer

Salary : $152,401.60 - $178,963.20 Annually

Location : Within the boundaries of the Long Beach Unified School District, CA

Job Type : Full-Time, 12 months

Job Number : 25-0147-5339

Department : Information Services

Opening Date : 01 / 09 / 2025

Closing Date : 2 / 3 / 2025 4 : 30 PM Pacific

Job Summary

To be considered for this position you will need to submit all of the following :

Application including work experience listed

Supplemental Application

Resume

Under administrative direction, plan, organize, control and direct the District's cybersecurity and data privacy programs and operations; assure information assets, applications, systems, infrastructure, and processes are protected in the digital ecosystem in which the District operates and cybersecurity measures comply with statutory and regulatory requirements regarding information confidentiality, integrity, and availability; perform related duties as assigned.

Examples of Duties

The classification specification does not describe all duties performed by all incumbents within the class. This summary provides examples of typical tasks performed in this classification.

• Plan, organize, control and direct the District's cybersecurity and data privacy programs and operations; assure compliance with applicable laws, codes, rules, and regulations. E
• Facilitate an information security governance structure in alignment with existing District technology governance programs, including the formation of an information security steering committee or advisory board. E
• Develop, socialize and coordinate approval and implementation of cybersecurity policies. E
• Provide regular reporting on the status of the information cybersecurity program to the Chief Technology Officer, Superintendent of Schools, and the Board of Education in support of student outcomes. E
• Work with procurement and legal representatives to assure information security and privacy requirements are included in contracts and third-party data sharing is compliant with applicable laws and regulations. E
• Establish an information security awareness training program for employees, contractors, and other approved system users; establish metrics to measure the effectiveness of security training programs for the different audiences. E
• Continually assess the District's cybersecurity maturity model and cyber risk posture and develop continuous improvement plans. E
• Develop an information security vision and strategy aligned to organizational priorities and enable and facilitate the District's business objectives; assure senior stakeholder buy-in and mandate. E
• Direct the information security function across the District to assure consistent and high-quality information security management in support of the business goals. E
• Direct the work of staff and contractors, including the work of project teams engaged in designing, configuring, implementing, and monitoring the District's cybersecurity controls systems. E
• Design the District's cybersecurity controls systems in accordance with applicable frameworks such as National Institute of Standards and Technology (NIST) 800-53, Center for Internet Security (CIS) and Internal Standardization Organization (ISO) 27001. E
• Oversee the development and implementation of cybersecurity controls to assure the confidentiality, integrity, and availability of confidential data that is stored and retrieved online including student data, employee data, health information, and payment information. E
• Supervise and evaluate the performance of assigned staff; interview and select employees and recommend transfers, reassignment, termination, and disciplinary actions. E
• Test, evaluate and recommend new and emerging technologies for consideration and adoption into District technology systems; direct the implementation of innovative technologies and procedures for technology systems. E
• Conduct cybersecurity reviews of new and existing information systems, data products, and instructional applications; recommend fitness for use and / or develop risk acceptance criteria. E
• Provides clear risk mitigating directives for information systems owners, including the application of controls. E
• Oversee and review system specifications, bids, and Requests for Proposals to assure technical requirements and standards are met; make presentations and provide recommendations to the Chief Technology Officer regarding the purchase of cybersecurity services and tools. E
• Communicate with business leaders, legal, auditors, contractors, technology service providers, staff and other outside organizations to coordinate program activities, conduct investigations, incident response, resolve issues and exchange information. E
• Develop and prepare preliminary budgets for assigned functions; analyze and review budgetary and financial data; authorize and control expenditures in accordance with established limitations. E
• Prepare or direct the preparation and maintenance of a variety of records and files and prepare reports related to assigned activities; prepare data for a variety of reports. E
• Participate in and attend a variety of meetings, workshops, conferences, and training to maintain current knowledge of emerging cybersecurity trends; make presentations regarding cybersecurity program objectives, plans, and achievements. E
• Operate a variety of office equipment including a computer and assigned software; drive a vehicle to conduct work and visit sites. E
• Perform related duties as assigned.

Note : At the end of some of the duty statements there is an italicized " E ". This is strictly for use in compliance with the Americans with Disabilities Act.

Employment Standards

Knowledge of :

Information security principles, practices, and procedures.

NIST and CIS cyber security controls frameworks.

California Privacy Rights Act (CPRA), Family Educational Right and Privacy Acts (FERPA), Health Insurance Portability and Accountability Act (HIPAA), Children's Internet Protection Act (CIPA), Payment Card Industry Data Security Standards (PCI-DSS), and other relevant privacy and information security laws and regulations.

Cybersecurity risk assessment techniques.

Cybersecurity software and tools including next generation firewall (NGFW), web application firewall (WAF), security incident and event management (SIEM), endpoint detection and response (EDR), data loss prevention (DLP), and virtual private network (VPN).

Identity management and user access controls, including authentication, authorization, and encryption technologies.

Vulnerability management.

Digital forensics techniques for investigating cybersecurity incidents.

Contract and vendor management.

Principles of administration, employee supervision, and training.

General principles and practices of government purchasing and contract administration.

Strategic planning and project management techniques.

Records management and e-discovery techniques.

Report preparation techniques.

Oral and written communication skills.

Interpersonal skills using empathy, self-awareness, and positivity.

Ability to :

Plan, organize, control and direct the District's cybersecurity and data privacy programs and operations.

Prepare and present oral and written reports and recommendations clearly, concisely and logically to a variety of audiences.

Maintain current knowledge of industry trends and technological advances in the field.

Prepare detailed project plans and documentation.

Analyze and interpret data.

Analytically and logically evaluate information, propositions, and claims.

Make decisions and choose optimal courses of action in a timely fashion.

Understand, interpret, and assure compliance with applicable laws and regulations.

Respond positively to change and modify behaviors as situations require.

Focus on details of work content, processes, and products.

Conduct work with integrity and ethics.

Develop and maintain trust through honesty and personal accountability.

Design and manage processes and procedures that can be executed by and through others.

Work collaboratively with others to achieve shared goals.

Engage effectively in dialogue with a variety of stakeholders.

Communicate effectively both orally and in writing.

Establish and maintain cooperative and effective working relationships with others.

Maintain composure to identify and resolve conflicts.

Train, supervise and evaluate assigned personnel.

Education and Training :

Bachelor's degree in cybersecurity, computer science, engineering, information systems management, software engineering or a related field. A Master's degree is preferred.

Valid Certified Information Systems Security Professional (CISSP) certification.

Experience :

Five years of cybersecurity management-level experience in a large user environment, including two years of experience providing cybersecurity services in a regulated industry with one or more of the following information security compliance objectives (FERPA, HIPAA, PCI-DSS, CJIS, CPPA).

Experience in a public K-12 educational environment is preferred.

Two years of additional experience may be substituted for two years of the required education.

Any other combination of education, training and experience, which demonstrates that the applicant is likely to possess the required skills, knowledge or abilities, may be considered.

Special Requirements

The following certifications are desirable :

Certified Information Security Manager (CISM).

GIAC Information Security Officer (GISO)

GIAC Security Leadership Certification (GSLC)

Positions in this class require the use of a personal automobile and possession of a valid California class C driver's license.

If you have questions regarding your applications or the recruitment process you may contact : or 562-435-5708.

Nondiscrimination Statement : The Long Beach Unified School District prohibits unlawful discrimination, harassment (including sexual harassment), intimidation, or bullying, targeted at any student or employee by anyone, based on the student or employees actual or perceived race, color, ancestry, nationality, national origin, immigration status, ethnic group identification, ethnicity, age, religion, marital status, pregnancy and related conditions, parental status, physical or mental disability, medical condition, sex, sexual orientation, gender, gender identity, gender expression, or genetic information, or association with a person or group with one or more of these actual or perceived characteristics.

For questions or complaints, contact Equity Compliance Officer : Steve Rockenbach, Director of Employee Relations,1515 Hughes Way, Long Beach, CA 90815, 562-997-8220, and Title IX Coordinator : Kimberly Dalton, Director of Human Resource Services, 1515 Hughes Way, Long Beach, CA 90815, 562-997-8108, and 504 Coordinator : Jenny R. Acosta, Program Administrator, 2221 Argonne Ave, LB 90815, 562-986-6870, .

If you have questions regarding your applications or the recruitment process you may contact : or 562-435-5708.

SELECTION PROCEDURE :

The examination process for this recruitment may be comprised of one or any combination of the following : screening of the applicant's training, background, and experience; evaluation of responses on a supplemental application; written examination(s); qualifications appraisal oral examination; performance examination; or technical oral examination, scored on a job-related basis. Only the most highly qualified candidates will be invited to continue in the examination process. Successful candidates who pass all parts of the examination process will be placed on the eligibility list in order of their relative merit as determined by these competitive examinations. The eligibility list for this classification will remain in effect for a period of 6 months.

The District provides excellent medical, dental, vision and life insurance benefits as well as an income protection plan for eligible Classified employees.

For more information regarding health benefits please visit :

12 month Classified Management employees earn vacation at the rate of 21 days per year (.081 hour for each hour worked).

12 month Classified Management employees earn 13 working days of sick leave each year which are accumulated indefinitely. Employees of other California school districts who have accrued sick leave may transfer it to LBUSD in accordance with the California Education Code.

12 month Classified Management employees receive 14 paid holidays per year.

Completion of the following supplemental questions is required of all applicants. This is considered a test component in the examination process. An evaluation of candidates' responses will be made by a screening panel following the application deadline. A limited number of candidates who best meet the needs of the District will be invited to continue in the examination process. It is important that your responses are clear and concise. Responses that are incomplete or unclear will not receive credit. Your Work Experience in the application must also include all of your recent and relevant experience in order for your application and supplemental to be considered. For those questions to which you have no response, please indicate "no response".In lieu of completing the application or supplemental application, DO NOT refer the reader to your resume. A resume will not be accepted in lieu of completion of the required application or supplemental materials. Please answer by selecting "Yes" as confirmation that you read these instructions.

This position requires Bachelor's degree in cybersecurity, computer science, engineering, information systemsmanagement, software engineering or a related field. A Master's degree is preferred.Please select the experience that most closely matches the experience you possess.

This position requires Valid Certified Information Systems Security Professional (CISSP) certification. Please submit a copy or proof you hold CISSP certification.

This position requires five years of cybersecurity management-level experience in a large user environment,including two years of experience providing cybersecurity services in a regulated industrywith one or more of the following information security compliance objectives (FERPA,HIPAA, PCI-DSS, CJIS, CPPA).

This position requires five years of cybersecurity management-level experience in a large user environment,including two years of experience providing cybersecurity services in a regulated industrywith one or more of the following information security compliance objectives (FERPA,HIPAA, PCI-DSS, CJIS, CPPA).

The following certifications are desirable : Certified Information Security Manager (CISM)GIAC Information Security Officer (GISO)GIAC Security Leadership Certification (GSLC)Please select all the certification you possess. If you possess certifications that are not listed, please include them in your resume.

Positions in the class require the use of a personal automobile and possession of a valid California driver's license. Are you willing and able to meet this requirement?

For this position, candidates are required to submit a resume with their application. Failure to include the resume at the time of application will result in the disqualification of your application. If you have questions about these items, please contact the Personnel Commission at 562-435-5708.

I understand that exam segments may be conducted online and may require access to a computer with an internet connection and Google Chrome or Firefox browsers. The exam components may also require access to a computer, smart phone, or tablet with internet connection and a video recording device. I understand that it is my responsibility to contact Personnel Commission immediately proceeding the exam invitation requiring such devices if I do not have access to the required technology.

PLEASE NOTE : All notifications will be sent via email.Applicants must check their emails on a regular basis to find out their status on an application. Emails we send may be caught by spam filters and it is the responsibility of the applicant to check their spam / junk folder.

Required Question

Salary : $152,402 - $178,963