Job Description

Job Description and Duties

The California Student Aid Commission (CSAC) is seeking a Chief Information Security Officer  who is a visionary technology leader passionate about advancing California’s mission to  protect student information. CSAC invites dynamic, forward-thinking professionals to apply for  the role of Chief Information Security Officer who will direct and lead the Information Security  Office. In this role, you will be hands-on and be responsible for the direction, oversight, and  operation of the Commission’s information security services. You will directly and through  subordinate resources, provide expert consultation on complex information security practices  and provide leadership and direction to a diverse group of information security professionals  and contract staff with different skill sets.

This advertisement will remain open until the position has been filled.  Applications will be reviewed every 2 weeks, with the  first cutoff date being November 24, 2025.

You will find additional information about the job in the .

Working Conditions

• Exposure to computer screens and other basic office equipment.
• Work in a climate-controlled office environment, open office space with artifical lighting.
• Attend meetings in designated conference rooms and be willing to travel to off-site locations.

• Current residency in the State of California is required. This position is location is designated in Rancho Cordova, California and may be eligible for hybrid teleworking. The amount of telework is at the discretion of the Department and based on CSAC’s current telework policy. While CSAC supports telework, regular in-person attendance will be required at CSAC’s Rancho Cordova location based on operational needs. Teleworking from outside the State of California is strictly prohibited.

Special Requirements

Candidates are required to submit a Statement of Qualifications (SOQ). The SOQ is a narrative  discussion of how the candidates’ education, training, experience, and/or skills qualify them for  the position. The SOQ serves as documentation of each candidate’s ability to present  information clearly and concisely in writing. Resumes and/or cover letters do not take the place  of the SOQ.

Instructions: The SOQ must be typed in 12-point Arial font, single spaced with one-inch margins and must be a minimum of one (1) page, not to exceed two (2) pages in length, and clearly titled "Statement of Qualifications". Responses must be answered and numbered in the same order as the following questions:

1. Describe a time when you led a response to an information security incident. What did the investigation reveal? What remediation was required? What was implemented to prevent future occurrences?

2. Describe your experience leading enterprise information security programs. How have you aligned cybersecurity strategies with organizational goals, and what measurable outcomes resulted from your leadership?

3. Describe examples of how you’ve proactively addressed emerging cybersecurity threats or adopted innovative technologies to strengthen organizational resilience. What strategies did you use to gain stakeholder buy-in?

Applications received without a SOQ, following these instructions, will be rejected and disqualified from the hiring process.

Desirable Qualifications

In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:

• Possess in depth knowledge of data governance frameworks and best practices for protecting confidentiality, integrity, and availability of sensitive information in a public sector environment.
• Possess expertise in Data Governance and Security.
• Demonstrate ability to develop and implement long-term strategic plans and policies that align technology security services with organizational mission, vision, and goals.
• Possess a track record of Ethical Leadership and Integrity.
• Familiar with State and Federal requirements like NIST 800-53, SIMM and SAM.
• Have security related certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
• Have working knowledge of the following IT domains; business technology  management (i.e., policy and program development, IT procurement, etc.), client services, and information security.
• Approach IT solutions from a security first perspective.
• Demonstrated experience leading a team of IT professionals.
• Enjoy developing and mentoring staff and highly functional teams.
• Exceptional communication engagement skills.
• Have high ethical standards, sound judgement, and integrity in all professional actions; proven ability to handle confidential and sensitive matters with discretion, and to model ethical conduct for others.
• Experience with Cloud Services, Office365, GitHub, SharePoint and  ManageEngine Service Desk Pro.
• Strong understanding and experience with information security policies, procedures, processes and solutions.
• Proactively identify challenges and opportunities, develop innovative solutions, and build coalitions across departments to achieve shared goals and best practices.
• Experience with security incident management and investigations.
• Knowledge of continuity planning.
• Experience with risk management and mitigation.
• Experience in security assessments, audits, and litigation.
• Knowledge and experience in data privacy and classification.
• Have a basic understanding and experience with project management.

Benefits

Benefit information can be found on the CalHR website and the CalPERS website.

Additional Application Instructions

A completed application package must include the following:

• On the Examination/Employment Application (STD. 678) enter the Position Number, Position Title, and Job Control Number in the "Examination(s) or Job Title(s) For Which You Are Applying" section.
• "To" and "From" dates (Month/Day/Year) and total hours worked per week for all employment history listed on the STD. 678.
• Name, address, and phone numbers of current and former employers and supervisors.
• "To" and "From" dates (Month/Day/Year) on the resume (if applicable).
• State employees must list the specific departments for which they worked and indicate the specific civil service classification held (not working titles).
• All required documents listed in the "Required Application Documents" section.
• If you are meeting minimum qualifications with education, you must include a copy of your official/informal transcripts for verification. These transcripts must include your name and the name of the school. Official transcripts may be required upon appointment.
• If you have a degree from outside of the United States, you must also submit an evaluation of this degree to determine its US equivalency. If you need an evaluation, you can visit this website to find organizations that provide these services.

All Experience and Education relating to the Minimum Qualifications listed on the Classification Specification must be included in your completed Application Package to demonstrate how you meet the Minimum Qualifications for the position.

Failure to provide the information listed above may disqualify you from consideration for this recruitment.

Resumes, Cover Letters, etc. DO NOT replace the required, completed Examination/Employment Application (STD. 678).

Personally Identifiable Information:
Please do not include your Social Security Number, date of birth, veteran status, personal photos, LEAP information, or any other personally identifying information on any of your documents in your application package.

Required Application Package Documents

The following items are required to be submitted with your application. Applicants who do not submit the required items timely may not be considered for this job:

• Current version of the State Examination/Employment Application STD Form 678 (when not applying electronically), or the Electronic State Employment Application through your Applicant Account at All Experience and Education relating to the Minimum Qualifications listed on the Classification Specification should be included to demonstrate how you meet the Minimum Qualifications for the position.
• Resume is optional. It may be included, but is not required.
• Statement of Qualifications - A Statement of Qualifications (SOQ) is required and must be submitted with your application to be considered for this position. Applications received without the SOQ will be rejected and not considered. Please refer to the Special Requirements section of this job posting for the SOQ instructions.

Job Tags

Permanent employment, Full time, Contract work, Work at office, Remote work,

Similar Jobs