The URL can be used to link to this page

Home My Public Portal About24-005 - AMENDING THE CLASSIFICATION PLA, RESOLUTION NO. 77-111, BY ADOPTING A NEW JOB CLASSIFICATION SPECIFICATION AND SALARY FOR INFORMATION TECHNOLOGY SECURITY OFFICER AND ELIMINATING THE CLASSIFICATION SPECIFICATION AND SALARY OF I.T. SECURITY ADMINRESOLUTION NO. 24-005 A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF CARSON, CALIFORNIA, AMENDING THE CLASSIFICATION PLAN, RESOLUTION NO. 77-111, BY ADOPTING A NEW JOB CLASSIFICATION SPECIFICATION AND SALARY FOR INFORMATION TECHNOLOGY SECURITY OFFICER AND ELIMINATING THE CLASSIFICATION SPECIFICATION AND SALARY OF INFORMATION TECHNOLOGY SECURITY ADMINSTRATIOR WHEREAS, Section 503 of the City’s Charter provides that the City Council shall determine, by ordinance or resolution, the amount and type of compensation to be paid to all City officers, department heads and employees; and WHEREAS, The Director of Human Resources is authorized and directed under provisions of Sections 2797.1 of the Carson Municipal Code and Section Il, Rule II of the City Personnel Rules to prepare and recommend position classification and compensation plans, after consultation with the affected Directors, which becomes effective upon approval by the City Council; and WHEREAS, Rule Ill of the City of Carson Personnel Rules provides that modification to the classification plan, embodied in Resolution No. 77-111, shall be made only after the authorized Human Resources staff members consults with the affected Directors and affected recognized employee organizations; and WHEREAS, The City has reviewed the needs and services of the Information Technology Department and determined that, to improve its services to the City of Carson and efficiency of the Information Technology Department, the City of Carson desires to eliminate the classification specification of INFORMATION TECHNOLOGY SECURITY ADMINSTRATOR and adopt the classification specification of INFORMATION TECHNOLOGY SECURITY OFFICER to ensure the service and efficiencies.; and WHEREAS, The Human Resources manager has consulted with the affected parties and has met and conferred with the representatives of the affected recognized employee organizations pursuant to its obligations under the MMBA, concerning the classification specification for the INFORMATION TECHNOLOGY SECURITY OFFICER. NOW, THEREFORE, THE CITY COUNCIL OF THE CITY OF CARSON, CALIFORNIA, DOES HEREBY RESOLVE, DECLARE, DETERMINE AND ORDER AS FOLLOWS: SECTION 1. The foregoing recitals are true and correct and are incorporated herein by reference. SECTION 2. The classification specification for INFORMATION TECHNOLOGY SECURITY ADMINSTRATOR, at Salary Range 909, ($9,259 - $11,818) assigned to the SEIU 721 — CPSA, is hereby eliminated. SECTION 3. The classification specification for INFORMATION TECHNOLOGY SECURITY OFFICER, at Salary Range 507, ($12,140 - $15,494) is herein attached and assigned to the Association of Management Employees (AME), is hereby adopted. RESOLUTION NO. 24-005 Page 1 of 2 SECTION 3. The City will fund one full-time position for the newly adopted classification of INFORMATION TECHNOLOGY SECURITY OFFICER, through funds already allocated for the Division/Department. SECTION 4. In the event of any conflict between this Resolution and any prior City resolution relating to the subject matter hereof, this Resolution shall supersede and prevail over the prior resolution to the extent of the conflict SECTION 5. The City Clerk shall certify to the adoption of this resolution and deem it effective as of January 9" of 2024 the same shall be in force and effect. PASSED, APPROVED, AND ADOPTED this 9" day of January 2024. APPROVED AS TO FORM: CITY OF CARSON: coal al avin Mh Sunny K. Soltani, City Attorney pula Davis-Holmes, Mayor ATTEST: ak Dr. Khaleah K. Bradshaw, City Clerk STATE OF CALIFORNIA ) COUNTY OF LOS ANGELES ) ss. CITY OF CARSON ) |, Dr. Khaleah K. Bradshaw, City Clerk of the City of Carson, California, hereby attest to and certify that the foregoing resolution, being Resolution No. 24-005 adopted by the City of Carson City Council at its meeting held on January 9, 2024, by the following vote: AYES: COUNCIL MEMBERS: Davis-Holmes, Hilton, Dear, Hicks, Rojas NOES: COUNCIL MEMBERS: None ABSTAIN: COUNCIL MEMBERS: None ABSENT: COUNCILMEMBERS: None Dr. Khaleah K. Bradshaw, City Clerk RESOLUTION NO. 24-005 Page 2 of 2 CITY OF CARSON City Council Reso. No: 24-005 Class Specification Bargaining Unit: AME FLSA: Exempt INFORMATION TECHNOLOGY SECURITY OFFICER Job Summary: The purpose of this classification is to ensure the security operation of the City’s data, computer systems, servers, and network connections. Employees in this classification are responsible for developing, planning, organizing, managing, implementing, maintaining, and performing cybersecurity risk analysis of systems; scrutinizing network traffic; establishing vulnerability scans; checking server and firewall logs; conducting user activity audits, and troubleshooting, as well as also analyzing and resolving security breaches and vulnerability issues in a timely and efficient manner This position will assist with developing IT security policies. Work is performed under general direction of the Director of Information and Technology with considerable latitude for the use of initiative and independent judgment. Essential Duties and Responsibilities: (These functions are representative and may not be present in all positions in the class. Management reserves the right to add, modify, change or rescind related duties and work assignments.) e Plans, organizes, manages, and participates in the development, implementation, and monitoring of the City’s information security programs, information technology risk management programs, and information security policies; supervises and reviews the work of professionals and serves as a subject matter expert in information security. e Develops and executes a cyber security strategy that is aligned with internal stakeholders, organizational priorities, facilitates city operations, and meets industry standards. e Directs and participates in the identification of security risks, development and implementation of security management practices, and the measurement and monitoring of security protection measures. e Ensures compliance with regulatory requirements such as Criminal Justice Information Services (CJIS), Payment Card Industry Data Security Standards (PCI), Health Insurance Portability and Accountability Act (HIPAA), California Privacy Protection Agency, and federal, state, and local laws. e Monitors agency infrastructure, devices, and information systems for security integrity; provides planning and guidance to information technology staff on vulnerability management and security incident response procedures. e Oversees portfolio of cyber risk and security applications and procedures, implements new security processes and related technologies to ensure a continuous improvement of the City’s cyber security posture. e Oversees assigned staff in performing their responsibilities and provides guidance as necessary. e Analyzes information, situations, problems, policies, and procedures to identify, recommend, and implement solutions systemically. e Formulates, recommends, and executes enterprise-wide policies and procedures for detecting, deterring, and mitigating information security threats. e Serves as a subject matter expert and internal consultant on data security implications for proposed information technology projects and programs and makes recommendations to align new technologies to security standards. e Prepares oral and written reports for executive leadership, the City Manager's Office, and City Council. CITY OF CARSON City Council Reso. No: 24-005 Class Specification Bargaining Unit: AME FLSA: Exempt e Develops cyber security, cyber risk, and security awareness training programs for City staff; monitors training effectiveness by documenting and reporting data point trends on user awareness and vulnerability assessments. e Builds and maintains positive relationships with City stakeholders. e Attends City/Industry-related functions. e Performs other duties as required Qualification Guidelines: A typical way to obtain the requisite qualifications to perform the duties of this class is as follows: Education and/or Experience: Option A: Bachelor's degree in Business Administration, Computer Information Systems, Information Technology or closely related field from an accredited college or university and five (5) years of paid experience performing IT security management; and at least two (2) years in an administrative or management capacity responsible for cyber security risk assessment, implementation of security management practices, monitoring of security protection measures, managing SIEM, vulnerability management, and other security tools in an enterprise environment. Option B Master's degree in Computer Science or closely related field is highly desirable from an accredited college or university and four (4) years of paid experience performing IT security management; and at least two (2) years in an administrative or management capacity responsible for cyber security risk assessment, implementation of security management practices, monitoring of security protection measures, managing SIEM, vulnerability management, and other security tools in an enterprise environment. Knowledge of: e Computers and Electronics: Electric circuit boards, processors, chips, and computer hardware and software e Principles, methods, and practices of systems/network administration and maintenance. e Agency policies and procedures and practices regarding data security. e Network security design principles, practices, and related tools and software. Skills and/or Ability to: e Ability to objectively assess situations or circumstances using all the relevant information, apply experience, evaluate the problem objectively, calculate risks, and make an ethical and informed decision. e Manage the performance of staff by coaching for performance. e Motivating, developing, and directing people as they work. e Acknowledge, value and support diversity of thought, opinion and approach with customers and colleagues regardless of background, culture and organizational level. e Execute work that adheres to the City’s stated principles of Diversity, Equity, and Inclusion including, but not limited to, your “duty to act” to ensure fair and equitable treatment of all persons and historically underrepresented groups. e Fostering an inclusive and supportive environment in which everyone in the City has an Opportunity to thrive. CITY OF CARSON City Council Reso. No: 24-005 Class Specification Bargaining Unit: AME FLSA: Exempt e Incorporating an equity perspective to day-to-day work in all responsibilities, decisions and actions of providing public service. e Effectively communicating information and ideas in writing, as well as through speech, so others will understand. Persuasion: Convincing others to approach things differently. Working independently and with minimal supervision. Speech recognition: Identifying and understanding the speech of another person. Project analysis; weighing the costs/benefits of a potential action. License and/or Certificate: Possession of a valid California Class C driver's license. Employees in this classification will be enrolled in the Department of Motor Vehicles (DMV) Government Employer Pull Notice Program which confirms possession of a valid driver's license and reflects driving record. Possession of at least one of the following certifications is required: Certification as a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Global Information Assurance Certification (GIAC), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), or equivalent information security certification. Physical Requirements and Working Conditions: Employee accommodation(s) for physical or mental disabilities will be considered on a case-by- case basis. Positions in this class normally: e Require vision (which may be corrected) to read small print. e Require mobility of arms to reach and dexterity of hands to grasp and manipulate small objects. e Perform work which is primarily sedentary. e ls subject to the internal environmental conditions of modern and aged public buildings, facilities and physical structures and HVAC systems. e May be required to work at a computer terminal for prolonged periods. e May be required to work evenings and/or weekends.