JOB
Under general direction, the Information Security Officer is responsible for the leadership, oversight, and execution of the Court’s information security, cybersecurity, privacy, and risk management programs. The Information Security Officer establishes and enforces security governance, policies, and controls to protect the confidentiality, integrity, and availability of Court information systems and data. This position provides strategic security leadership, oversees security operations and incident response, ensures regulatory and Judicial Council of California compliance, manages security risk across enterprise and Software-as-a-Service (SaaS) environments, and advises judicial officers and executive leadership on information security matters.
EXAMPLE OF DUTIES Duties may include, but are not limited to the following:
-
Provides enterprise-wide leadership for cybersecurity, information security, and privacy programs.
-
Develops, implements, and maintains the Court’s information security governance framework, including policies, standards, procedures, and controls.
-
Establishes and oversees security programs covering network security, application security, cloud and SaaS security, endpoint protection, identity and access management, and data protection.
-
Develops and maintains the Court’s short and long-term information security strategy and roadmap, aligned with Court objectives and enterprise architecture.
-
Conducts and oversees security risk assessments, threat modeling, and vulnerability management across on-premises, cloud, and SaaS environments.
-
Ensures security requirements and controls are embedded into system design, procurement, and enterprise architecture decisions.
-
Develops, manages, and monitors the information security budget; oversees procurement and lifecycle management of security tools, services, and SaaS solutions.
-
Conducts vendor security due diligence, including risk assessments, contract security terms, and compliance reviews; ensures third-party vendors and service providers meet Court security, privacy, and data protection requirements.
-
Oversees the Court’s security incident response program, including detection, investigation, containment, remediation, and post-incident review.
-
Ensures compliance with Federal Bureau of Investigations (FBI) Criminal Justice Information Systems (CJIS) Security Policy, Internal Revenue Service (IRS) Publication 1075, Judicial Council of California policies, and applicable state and federal data protection requirements.
-
Supports internal and external audits, assessments, and compliance reviews; tracks and remediates findings.
-
Oversees disaster recovery, business continuity, and cyber resilience planning and testing.
-
Advises judicial officers, executive leadership, and management on security posture, risks, incidents, and mitigation strategies.
-
Plans, prioritizes, schedules, assigns, and evaluates work of assigned personnel; assists with interviews and selection; trains and motivates staff; monitors and evaluates staff performance.
-
Coordinates with statewide judicial branch security initiatives, external agencies, and partner courts.
-
Promotes a culture of security awareness, accountability, and compliance across the Court.
SUPPLEMENTAL INFORMATION Must be able to pass a criminal history background check.
Possession of a valid California driver’s license or the ability to utilize an alternative method of transportation when needed to carry out job-related essential functions.