Apply online only, visit, www.srcity.org/jobs or https://www.governmentjobs.com/careers/srcity/jobs/4573588/it-cybersecurity-manager?pagetype=jobOpportunitiesJobs
The Position
The City of Santa Rosa is seeking an IT Cybersecurity Manager! This is an exciting opportunity for those seeking to apply their technical expertise in a dynamic career safeguarding of the City’s information systems, networks, and digital assets from cyber threats.
The City of Santa Rosa is committed to building a workforce reflective of our community and establishing a lasting culture of equity and belonging within our organization. Our collective talents and expertise contribute to high-quality public services that support a vibrant, resilient, inclusive City for our community and visitors. We celebrate a diverse workforce and welcome all qualified candidates to apply.
THE BENEFITS OF CITY EMPLOYMENT:
In addition to offering a challenging, rewarding work environment and excellent salary, the City of Santa Rosa provides a generous suite of benefits, including retirement through CalPERS, a competitive leave accrual package, your choice of health plans, a flexible spending program, employer contributions to a Retiree Health Savings plan, and top of the line employer paid vision and dental coverage. More information regarding benefits associated with this position can be found in the Unit 18 MOU and on our Miscellaneous Employee Benefits page.
ADDITIONAL BENEFITS INCLUDE:
Flexible schedule (9/80) available with management approval
12 paid holidays annually, plus 1 to 3 'floating holidays' per year depending on hire date and years of service.
4% Cost of living adjustment July 2025 and 4% July 2026
$500 annually for wellness
Hybrid remote work - after successful completion of probation
The City of Santa Rosa is a Public Service Loan Forgiveness employer!
ABOUT THE POSITION:
The IT Cybersecurity Manager will help safeguard the City's information systems, networks, and digital assets from unauthorized access, data breaches, and malicious activities perpetrated by cybercriminals. This position oversees cybersecurity programs and services across the Information Technology department and Citywide including short- and long-term planning as well as development and administration of functional policies, procedures, and services. This class provides assistance to the Chief Information Officer in a variety of administrative, coordinative, analytical, and liaison capacities. Responsibilities include coordinating cybersecurity activities with other departments and outside agencies and managing and overseeing the complex and varied function.
THE IDEAL CANDIDATE:
The ideal candidate for this position has ten or more years of Information Technology management and technical hands-on experience, with five years of experience planning, architecting, implementing, and supporting cybersecurity measures for a local government agency. The successful candidate will be a self-driven professional, with the ability to establish and strengthen a wide variety of work relationships. We are looking for excellent written and verbal communication skills, engaging presentation abilities, and experience in effectively leading and building effective teams.
The most qualified candidates have:
Experience carrying out an on-going, organization-wide cybersecurity strategy while working with management and non-management staff to inform and train users on processes and procedures to safeguard the organization from cybersecurity threats.
Experience with cybersecurity principles and best practices including fundamental concepts, frameworks, and methodologies such as risk management, access control, encryption, network security, and endpoint protection.
Proven technical and managerial experience with security incident response, business continuity, threat intelligence and detection, and vulnerability management.
Experience developing, documenting, implementing, and enforcing cybersecurity policies and procedures across an entire organization.
Experience with modern principles of IT telecommunications, network and server infrastructure, and enterprise software systems, preferably within a local government organization.
A proven track record of managing complex security projects, including network systems and design.
Experience working with a team of IT professionals to monitor for cybersecurity vulnerabilities, assess risks, and implement server updates, patches, and changes to address potential threats.
Experience with Information Technology strategic planning, including researching and designing potential technical solutions, assessing feasibility and costs, presenting recommendations, and leading the deployments and long-term support of improved solutions.
Experience managing cybersecurity training and awareness activities for staff and effectively communicating progress of cybersecurity projects/initiatives.
A proven track record of working collaboratively with technical and non-technical colleagues and customers to foster an environment of inclusiveness and creative solutions.
HOW TO APPLY:
Please complete a thoughtful, thorough Supplemental Questionnaire submission. As part of the selection process, your responses to these questions will be scored using criteria specific to this position. Incomplete responses, or responses such as "See Resume" can result in disqualification from the selection process. Applicants possessing the most desirable qualifications will be invited to continue in the selection process.
ADDITIONAL REQUIREMENTS:
Additional requirements, such as successful completion of a physical exam, drug screen, etc., may apply, depending on the duties and responsibilities of the position. If you receive a conditional job offer for the position, the requirements upon which the offer is contingent will be outlined in the conditional job letter.
THE SELECTION PROCESS:
The selection process will include a minimum qualifications assessment, an application and supplemental questionnaire review, and may also include an online test, followed by department selection interviews.
Examples of Duties and Responsibilities
Essential Duties:
The following duties are considered essential for this job classification. Management reserves the right to add, modify, change, or rescind the work assignments of different positions and to make reasonable accommodations so that qualified employees can perform the essential functions of the job.
Develops, recommends, and implement comprehensive cybersecurity strategies to protect digital assets, networks, systems, and data from threats and breaches.
Develops, recommends, oversees, and coordinates the implementation of goals, objectives, policies, procedures, and work standards for the cybersecurity for all tiers of IT infrastructure and applications; maintains a continuous process for implementing, reviewing, improving, and documenting security practices designed to protect the City’s information assets, data networks, systems, applications, and technologies from nefarious cyber threats.
Conducts or manages risk assessments and IT audits to identify vulnerabilities and recommends security measures for IT systems.
Develops cyber risk technology training programs for City employees.
Establishes and enforces security policies and procedures to ensure compliance; evaluates and reviews systems for acceptability and conformance with department standards, works with staff to correct deficiencies; responds to staff questions and concerns.
Works with IT staff to oversee security technologies including firewalls, intrusion detection systems, antivirus software, encryption tools, and authentication systems to protect against security threats.
Conducts comprehensive application vulnerability assessments and provides guidance and oversight on effective patch management processes to ensure robust security measures.
Manages cybersecurity incident response and disaster recovery, including plan development, coordination during incidents, and overseeing recovery.
Attends and participates in professional group meetings; stays abreast of new trends and innovations in the field of cybersecurity.
Collaborates with stakeholders to align security initiatives with business objectives and address concerns across the organization.
Monitors, reviews, and evaluates changes in City, State, and Federal laws or regulations that impact the delivery of IT services as it relates to cybersecurity; directs the implementation of changes to programs, services, and technology as appropriate to ensure best practices and legal compliance.
Works with the CIO and Deputy Director to develop and maintain annual operating budgets and provide fiscal direction with regards to cybersecurity.
Manages contracts and service delivery of third-party hardware, software, and service vendors as it relates to cybersecurity.
Applies strategic use of resources to achieve planned objectives and realize cost efficiencies where possible.
Oversees and manages potential grant programs relating to cybersecurity initiatives.
Conducts high priority and complex work assignments; drafts and presents clear, informative, and compelling reports and recommendations on cybersecurity matters.
Prepares oral and written reports for senior management, the City Manager’s Office, and elected officials.
Provides assistance in the design, development, and implementation of new or improved information systems, ensuring alignment with cybersecurity goals and technological advancements.
Ensures staff observe and comply with all City and mandated safety rules, regulations, and protocols.
Performs related duties as required.
Required Qualifications
Knowledge of:
Cybersecurity principles and best practices including fundamental concepts, frameworks, and methodologies such as risk management, access control, encryption, network security, and incident response.
Administrative principles and practices, including strategic plan development, goal setting, program development, implementation, and evaluation.
Applicable federal, state, and local laws, codes, and regulations as well as industry standards and best practices pertinent to cybersecurity such as ISO 27001, NIST Cybersecurity Framework, GDPR, HIPAA, and PCI DSS.
Procedures and techniques of incident handling and digital forensics to effectively respond to and investigate security incidents.
Modern principles, practices, and methods of Information Technology architecture, systems, and general administrative concepts.
Current technology and implementation techniques of local-area and wide-area computer networking including fiber optics for data communication.
Principles and techniques of managing telecommunications and remote connectivity.
Principles and practices of software and database architecture, troubleshooting, design, security, permissions, and implementation.
Current use of technology in the areas of desktop computer hardware, software and support.
state of the art developments and industry trends in the information systems and technology field.
General functions of City departments, including departmental needs and requirements.
Principles and techniques for working with groups and fostering effective team interaction to ensure teamwork is conducted smoothly.
Principles and practices of budget administration, contract negotiation and management.
General principles of risk management related to the functions of the assigned area.
Principles and methods to design, develop, and implement new or improved information systems.
Data privacy regulations and compliance requirements.
Methods and techniques of developing technical and administrative reports, and business correspondence.
City and mandated safety rules, regulations, and protocols.
Techniques for providing a high level of customer service, by effectively dealing with the public, vendors, contractors, and City staff.
The structure and content of the English language, including the meaning and spelling of words, rules of composition, and grammar.
Modern equipment and communication tools used for business functions and program, project, and task coordination, including computers and software programs relevant to work performed.
Ability to:
Develop and implement goals, objectives, practices, policies, procedures, and work standards.
Provide administrative and professional leadership for the department; lead and train others; ensure work is performed effectively and evaluate performance in an objective and positive manner.
Analyze current and future network and telecommunication security requirements and needs.
Analyze, evaluate, and prioritize organization-wide cybersecurity needs.
Conduct oral and written presentations to internal and external audiences.
Interpret, apply, explain, and ensure compliance with federal, state, and local policies, procedures, laws, and regulations.
Research, analyze, and evaluate new service delivery methods, procedures, and techniques.
Effectively administer special projects with contractual agreements and ensure compliance with contractual obligations.
Think strategically, analyze, troubleshoot, and solve problems to address complex technology challenges and identify opportunities for innovation; recommend appropriate revisions to policies, processes and procedures;
Leverage data analytics to inform decision-making and optimize City operations.
Evaluate emerging technologies and their practical applications for the City, including piloting and implementing innovative solutions.
Assess IT risks, develop risk mitigation strategies, and establish an IT risk management framework to protect City assets and data.
Understand, interpret, and apply all pertinent laws, codes, regulations, policies and procedures, and standards relevant to work performed.
Effectively facilitate and represent the department and the City in meetings with governmental agencies; community groups; various business, professional, and regulatory organizations; and in meetings with individuals.
Prepare clear and concise reports, correspondence, documentation, and other written materials.
Adopt the City’s vision, mission, and values to provide high-quality public service and cultivate a vibrant, resilient, and livable city.
Use tact, initiative, prudence, and independent judgment within general policy and procedural guidelines.
Independently organize work, set priorities, meet critical deadlines, and follow-up on assignments.
Communicate clearly and concisely, both orally and in writing, using appropriate English grammar and syntax; explain complicated and technical information in simple, non-technical language.
Establish, maintain, and foster positive and effective working relationships with those contacted in the course of work.
Effectively use computer systems, software applications relevant to work performed, and modern business equipment to perform a variety of work tasks.
Education and Experience:
Any combination of training and experience that would provide the required knowledge, skills, and abilities is qualifying. A typical way to obtain the required qualifications would be:
Experience: Five (5) years of increasingly responsible professional experience as a Cybersecurity Administrator, Network Administrator, Database Administrator, Systems Administrator, Programmer, Business Systems Analyst, Technical Project Manager or other IT subject area that includes an emphasis on IT security, business process improvement, and applicable data privacy practices and laws including two (2) years of lead role experience; and
Education: Equivalent to a bachelor’s degree from an accredited college or university in information technology, computer science, business administration or a related field.
License or Certificate:
Must possess a valid US driver’s license upon date of application. Must obtain California driver’s license following hire date per California DMV regulations.
Possession of cybersecurity certifications such as, but not limited to, (ISC)2 CISSP, ISACA CISM, CISA, CRISC, CompTIA Security+, GIAC Security Leadership Certification preferred.
Additional Information
PHYSICAL DEMANDS
Must possess mobility to work in a standard office setting and use standard office equipment, including a computer; to operate a motor vehicle and visit various City sites; vision to read printed materials and a computer screen; and hearing and speech to communicate in person and over the telephone. This is primarily a sedentary office classification although standing in work areas and walking between work areas may be required. Finger dexterity is needed to access, enter, and retrieve data using a computer keyboard or calculator and to operate standard office equipment. Positions in this classification occasionally bend, stoop, kneel, reach, push, and pull drawers open and closed to retrieve and file information. Employees must possess the ability to lift, carry, push, and pull materials and objects up to 10 pounds.
ENVIRONMENTAL CONDITIONS
Employees work in an office environment with moderate noise levels, controlled temperature conditions, and no direct exposure to hazardous physical substances. Employees may interact with upset staff and/or public and private representatives in interpreting and enforcing divisional policies and procedures.
WORKING CONDITIONS
City employees are expected to work overtime, weekends, evenings, and holidays as required to accommodate the City’s needs, in addition to responding as a Disaster Services Emergency Worker.
IT Cybersecurity Manager description image
SANTA ROSA - A WONDERFUL CITY TO CALL HOME:
The City of Santa Rosa is nestled in the center of famous Sonoma Wine Country, located just 55 miles north of San Francisco and 30 miles east of the Pacific Ocean with a population of approximately 180,000. Santa Rosa serves as the County seat and the center of trade, government, commerce, and medical facilities for the North Bay. The surrounding area is home to over a hundred wineries and vineyards and many beautiful parks and recreational facilities, including golf courses. Santa Rosa is in the center of a nationally recognized cycling area. We boast many attractions associated with large cities, including a symphony, performing arts center, theater productions and internationally recognized restaurants, yet still retain the warmth and small town feel of decades past. Santa Rosa has been named one of the 50 greenest cities in the United States with one of the top five mid-sized downtowns in California.
The City of Santa Rosa is proud to be an equal opportunity workplace.
The City does not discriminate on the basis of disability in employment. Requests for reasonable accommodations needed to participate in the recruitment process may be made by submitting a Request for Reasonable Accommodation Form within five (5) business days of being noticed that an event requiring accommodation is occurring. You may also contact the Human Resources Department at (707) 543-3060 or [email protected].