Information Security Manager-Public Safety

Job Description

The City of Philadelphia is seeking a highly motivated and experienced Information Security Manager - Public Safety to join our team in support of the Chief Information Security Officer (CISO) and the Deputy CIO – Public Safety (DCIO Public Safety). This critical role will be responsible for ensuring the confidentiality, integrity, and availability of our information systems, with a strong focus on compliance with the Criminal Justice Information (CJI) Security Policy and the NIST Cybersecurity Framework. The ideal candidate possesses a deep understanding of security best practices, regulatory requirements, and technical expertise in implementing and maintaining security controls within a public safety context.

Essential Functions: 

• Assists the CISO and DCIO - Public Safety on cybersecurity issues, policies and practices within the OIT 911 and Public Safety functions.
• Assists the CISO and DCIO - Public Safety in directing and approving security system designs within the OIT 911 and Public Safety functions.
• Maintains relationships with other localities, state and federal law enforcement and other related government agencies including the Pennsylvania Emergency Management Agency and PEMA 911 advisory board.
• Schedules periodic security audits and works with outside consultants as appropriate for independent security audits. 
• Implement and maintain security controls in accordance with CJIS Security Policy and the NIST CSF framework, specifically tailored for public safety environments.
• Conduct regular security assessments, vulnerability scans, and penetration testing to identify and mitigate risks.
• Develop and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&Ms).  
• Respond to security incidents and implement corrective actions.
• Monitor security logs and alerts to identify suspicious activity and potential threats.
• Collaborate with IT teams and public safety personnel to ensure secure system configurations and deployments.
• Provide security awareness training to employees, with a focus on public safety specific threats and vulnerabilities.
• Participate in security audits and compliance reviews.
• Perform risk assessments and identify mitigation strategies.
• Evaluate and recommend security tools and technologies suitable for public safety environments.

Qualifications

• Completion of a bachelor’s degree program at an accredited college or university, which has included major course work in computer science, information science, system analysis, software engineering, or a closely related field.
• Minimum of eight years of work experience, which must include at least three years of direct IT security-related experience, including exposure to the NIST Framework.
• Experience performing information security risk assessments including identifying threats, vulnerabilities, and risk.
• Experience with Vulnerability Management programs.
• Experience working with common information security tools including Endpoint Detection and Response, network filtering technologies (Web, DNS), Identity and Access Management solutions, and SIEM technologies required.
• Experience managing a team of professionals and demonstrated project management skills.
• Knowledge and familiarity with CJIS Security Policy and NIST 800-53 rev. 5 framework.
• Valid Certified Information Systems Security Professional(CISSP) credential, such as CISSP-ISSAP, CISSP-ISSEP or CISSP-ISSMP, is preferred but not required.
• Should have experience with planning, auditing, and risk management, as well as contract and vendor negotiation.
• Ability to develop requests for and evaluate proposals in reference to leading-edge information services technology.