CHIEF INFORMATION SECURITY OFFICER

TYPE OF APPOINTMENT

This position is to be filled on an emergency appointment basis. An emergency appointment is a temporary appointment and is contingent upon approval by the City of Los Angeles' Personnel Department. A permanent appointment will be made upon the completion of the civil service examination process for the Chief Information Security Officer. The successful incumbent for the emergency appointment position will be required to take the examination when it is offered and obtain a high enough score on the eligibility list to be selected for the permanent appointment.

DUTIES AND RESPONSIBILITIES

The Chief Information Security Officer (CISO) is the head of the Office of IT Information Security and will be responsible for establishing and maintaining a robust cyber/information security strategy to protect LAWA’s sensitive data, customer information, and critical systems. The primary objective of this position is to ensure the confidentiality, integrity, and availability of all information assets while complying with relevant regulations and industry best practices.

This role will work closely with various business units, IT teams, and senior management to develop and implement comprehensive security strategies, policies, and procedures that align with LAWA’s risk appetite and business objectives and lead the Cyber Security program. As a senior technology leadership team member reporting to the Chief Information Officer, the role will engage with each business to establish acceptable levels of cyber and information security risk across the organization, unique to each business unit. This individual will proactively work with business units to implement practices that meet established policies and standards and will lead efforts to champion and communicate the impact of applying cyber and information protections to the senior stakeholders. The CISO will operate as a business leader and should have a track record of competency in the fields of cyber/information security and/or risk management.

This individual must be knowledgeable of both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory, and contractual obligations. They will serve as the process owner of functions related to confidentiality, integrity, and availability but will also advocate for the safety, privacy, and recovery of information owned or processed by the business in compliance with regulatory requirements.

Cyber threats are relentless, and a single breach can bring devastating consequences to the City and LAWA, including financial loss, operational disruption, reputational damage, and legal repercussions. The Chief Information Security Officer (CISO) is a mission-critical defense post responsible for safeguarding the organization's most valuable digital assets. Without a strong, proactive cybersecurity leader, the business is vulnerable to attack.

KEY RESPONSIBILITIES

• Develop, implement, and enforce a comprehensive organizational cybersecurity strategy and vision that aligns with LAWA’s priorities around defending the infrastructure, data, and operations. Enable and facilitate the organization's business objectives, ensuring senior stakeholder buy-in and mandate.
• Direct and empower a security team responsible for continuous monitoring, vulnerability management, and risk mitigation across all systems. Coordinate the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support, and in-house consulting in these areas. Build a best-in-class security program including the maintenance of an appropriately sized team of highly talented cybersecurity professionals.
• Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Collaborate with LAWA’s Deputy Executive Director for Safety and Security and represent LAWA on cybersecurity matters to airport stakeholders. Advise senior leadership on emerging cybersecurity risks, investment priorities, and the evolving global threat landscape.
• Develop, implement, and monitor a strategic cyber/information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled, or processed by LAWA. This includes developing an information security vision and strategy aligned with LAWA’s priorities and business objectives, ensuring senior stakeholder buy-in and mandate. Implement and enforce a comprehensive cybersecurity strategy that protects the organization’s infrastructure, data, and operations.
• Facilitate an information security governance structure through the support and oversight of the security program, including the facilitation of security steering committees and participation in LAWA risk committees or advisory boards. Establish and maintain strict security governance, ensuring compliance with industry regulations (e.g., NIST, ISO 27001, SOC 2) and aligning federal, state, and local cybersecurity policies and regulations (e.g., CJIS, TSA, City of LA). Work with compliance staff to ensure that all information owned, collected, or controlled by or on behalf of LAWA is processed and stored in accordance with applicable laws and other regulatory requirements, such as data privacy.
• Implement and manage advanced security technologies, threat intelligence, and access control measures to proactively prevent cyber intrusions.
• Oversee regular cybersecurity risk assessments and audits and remediate findings.
• Lead cross-functional collaboration with IT, legal, compliance, and risk management teams to embed cybersecurity into every aspect of the business.
• Provide intelligence on key cybersecurity trends and incidents to business leaders, ensuring clear communication between security personnel and key stakeholders. Foster a security-first culture, ensuring employees at all levels understand their role in protecting the organization from cyber threats.

REQUIREMENTS

Candidates for this position must meet the following minimum requirements:

1. The CISO must possess a bachelor’s degree from an accredited college or university in cybersecurity, computer science, information technology, or an equivalent.

2. The CISO will operate as a business leader and must have track record of minimum of seven (7) years of competence in the field of information security and/or risk management (combined or in each field).

3. The candidate must hold a CISSP (Certified Information Systems Security Professional) certification. A CISM (Certified Information Security Manager) certification is desired.

4. The candidate must have a minimum of seven (7) years of full-time paid experience in IT security roles, managing security teams and implementing security programs.

5. A master’s degree, such as an MBA or a master’s degree in cybersecurity, is desired.