PROJECT MANAGER (DoIT) [INFORMATION SECURITY COMPLIANCE]

JOB ANNOUNCEMENT

DEPARTMENT OF INNOVATION AND TECHNOLOGY

Security Architecture and Management Security Division

Number of Positions: 1

Under limited direction, leads and coordinates a range of technical and information technology projects, programs or initiatives within the Department of Innovation and Technology, and performs related duties as required

Functions as a key member of the Information Security Office, overseeing the City’s overall regulatory compliance requirements. This position takes the lead in the City’s data security and compliance. Responsible for defining a developing business processes that ensures data compliance with applicable laws and regulations. Ensures close alignment between data security, business objectives, secure technical design principals, and solutions. Uses industry regulations, industry security standards, models, and architectural frameworks to identify key relationships and gaps between business objectives, process, and technical systems. Develops roadmaps and strategies that enhance data controls, efficiency, and provide visionary guidance for oversight with regulatory compliance.

ESSENTIAL DUTIES

• Leads the day-to-day planning and coordination of the City’s regulatory compliance requirements
• Shapes the security policies based on industry best practice, industry standards, organizational risk, strategic business, and operating models
• Develops security policies based on enterprise principles, strategies, and frameworks
• Ensures enterprise compliance of regulatory policy, standards, and framework compliance across the business
• Responsible for oversight and coordination of the Governance, Risk, and Compliance program with IS Security
• Liaises with Internal Audit, Corporate Compliance, Office of General Counsel, and Risk Management to remediate new and outstanding issues
• Tracks security-related issues in the electronic GRC system
• Oversees City’s security policies, standards, guidelines, and baselines
• Ensures policies are reviewed and updated regularly to meet the changing landscape of the regulatory requirements
• Implements and integrates risk management procedures across the enterprise, ensuring key IT services are maintained to reduce loss and critical capability
• Develops and maintains information security policy framework, including the design and implementation of policies, standards, procedures and controls, compliance training and awareness, vendor risk management, and metrics/KPI’s
• Understands information security and the relationships between threats, vulnerability, and information value in the context of regulatory risk management
• Oversees and directs the planning, implementation, and maintenance of Security Office projects and initiatives (e.g., application development/selection, system upgrades and installation, technology initiatives)
• Develops full scale plans for IT projects/activities (e.g. formulation of project concepts, requirements and goals, establishment of timelines, schedules and milestones, and budgets)
• Makes certain the work of vendors, consultants, contractors, and/or employees assigned to projects (e.g., assembling project plans and teamwork assignments monitoring work efforts, identifying resource needs, and performing quality review) meets project expectations
• Determines priorities and coordinates efforts between all parties to affect implementation strategies that will ensure compliance with regulatory requirements
• Participates in policy development and provides technical assistance on the impact that new requirements will have on IT efforts with applicable laws
• Organizes meetings with internal and external parties to accomplish project plans, goals, and deadlines, and modifies work plans and timelines as required
• Develops communication and outreach materials to market project and program activities
• Prepares project, status, and ad hoc reports to keep management abreast of project progress, problems, and solutions
• Reviews project deliverables for accuracy, adherence with project scope, and quality standards
• Performs business analysis including requirements gathering and gap analysis, as required
• Assists senior staff in partnering to identify and prioritize opportunities for utilizing IT to achieve the goals of the enterprise

NOTE: The list of essential duties is not intended to be inclusive; there may be other duties that are essential to particular positions within the class.

Location:      DePaul Center

Address:       333 S State Street

Days:             Monday – Friday

Hours:           8:30am – 4:30pm

THIS POSITION IS EXEMPT FROM THE CAREER SERVICE

• Graduation from an accredited college or university with a Bachelor’s degree in Computer Science, Information Technology/Systems, Business Administration, or a directly related field plus three years of project management experience, or an equivalent combination of education, training, and experience

Disclaimer – “Accredited” means any nationally or regionally accredited college, university, or law school where the applicant is enrolled in or has completed an Associates, Bachelors, Masters, or Juris Doctorate degree program.

Education & Employment Verification – Please be advised that if you are selected to be hired you must provide, upon request, adequate information regarding your educational and employment history as it relates to the qualifications of the position for which you are applying. If you received your degree internationally, all international transcripts/diploma must be accompanied by a Foreign Credential Evaluation. If the City of Chicago cannot verify this information, any offer extended to you will be withdrawn and you will not be hired.

NOTE: You must provide your transcripts or diploma, professional license, or training certificates at time of processing, if applicable.

NOTE: To be considered for this position you must provide information about your educational background and your work experience. You must include job titles, dates of employment, and specific job duties. (If you are a current City employee, Acting Up cannot be considered). If you fail to provide this information at the time you submit your application, it will be incomplete and you will not be considered for this position. There are three ways to provide the information: 1) you may attach a resume; 2) you may paste a resume; or 3) you can complete the online resume fields.

SELECTION REQUIREMENTS

This position requires an applicant to successfully complete an interview which will include a written exercise as part of the interview. The interviewed candidate(s) possessing the qualifications best suited to fulfill the responsibilities of the position, based on the oral and written parts of the interview, will be selected.

Preference will be given to candidates possessing the following:

• Previous experience with compliance to PCI-DSS (Payment Card Industry-Data Security Standards)
• Previous experience with HIPAA (Health Insurance Portability and Accountability Act) compliance
• PMI (Project Management Institute) certification(s) and/or any other project management certification(s)
• Security+, CISSP (Certified Information Systems Security Professional), and/or ITIL certification(s)
• Previous experience with industry standard GRC (Governance, Risk, and Compliance) tools
• Previous experience with NIST (National Institute of Standards & Technology) ISO 2700 (IT Standards)

  Evaluation: Your initial evaluation will be based on information provided on the application form and documents submitted with the application. Applications must be submitted by the individual applicant. No second party applicants will be accepted.

   

  Residency Requirement: All employees of the City of Chicago must be actual residents of the City as outlined in 2-152-050 of the City of Chicago Municipal Code. Proof of residency will be required.

   

  If you would like to request a reasonable accommodation due to disability or pregnancy in order to participate in the application process, please contact the City of Chicago, Department of Human Resources, at (312) 744-4976 (voice) or (312) 744-5035 (TTY). Please be prepared to provide information in support of your reasonable accommodation request.

   

  ALL REFERENCES TO POLITICAL SPONSORSHIP OR RECOMMENDATION MUST BE OMITTED FROM ANY AND ALL APPLICATION MATERIALS SUBMITTED FOR CITY EMPLOYMENT.

   

  The City of Chicago is an Equal Employment Opportunity and Military Friendly Employer.

   

  City of Chicago                                                       Department of Human Resources

  Rahm Emanuel, Mayor                                            Soo Choi, Commissioner