Information Security Compliance & Audit Manager

Information Security Compliance & Audit Manager Salary $127,878.40 - $177,132.80 Annually Location Santa Ana Job Type Full-Time Job Number 8357MA-0426-017 (O) Department County Executive Office Division/Service Area

CEO - OCIT

Countywide Services Opening Date 04/30/2026 Closing Date 5/17/2026 11:59 PM Pacific Description Benefits Questions

CAREER DESCRIPTION

Information Security Compliance & Audit Manager (Technology Services Manager) Salary may be negotiable within the applicable range of the classification and successful candidate's qualifications, subject to appropriate authorization.

OPEN TO THE PUBLIC

This recruitment will establish an open eligible list that will be used to fill current and future Technology Services Manager positions. The eligible list established may also be used to fill positions in similar and/or lower classifications throughout the County of Orange.

DEADLINE TO APPLY

This recruitment will be open for a minimum of five (5) business days and will close on Sunday May 17, 2026 at 11:59pm (PST).

ORANGE COUNTY INFORMATION TECHNOLOGY

The mission of Orange County Information Technology (OCIT) is to provide innovative, reliable, and secure technology solutions that support County departments in the delivery of quality public services. OCIT provides IT solutions across County departments for voice communications, network services, application support, service desk, desktop support, as well as data center services. Click here for more information on OCIT. Click here for more information on the County of Orange.

THE OPPORTUNITY

The Orange County Information Technology (OCIT) Countywide Services is seeking an experienced and dynamic manager who will provide audit support, vendor security risk assessment, and PCI (Payment Card Industry) compliance management. The Information Security Compliance & Audit Manager (Technology Services Manager) serves as the enterprise owner of OCIT's centralized audit coordination services and is the County's primary liaison for IT audits, security assessment, external auditors, vendors, and internal stakeholders. This position requires strong analytical and comprehension skills with written and communication experience. The Information Security Compliance & Audit Manager's duties and responsibilities include the following: Working in a multidisciplinary IT environment, including IT teams and coordinating efforts to meet audit requirements. Serving as the primary audit liaison and advocate between internal stakeholders and OCIT, fostering strong partnerships and ensuring effective communication across organizations. Leading audit planning and execution, communications and escalation paths. Providing guidance and recommendations to County departments with PCI audit scoping, executing recurring vulnerability site scans and evaluating new device purchases. Explaining and presenting executive-level audit status reporting, trend analysis, and lessons learned to drive continuous improvement. Coordinating cross-functional review involving OCIT Security, OCIT Functional Services Team (Server, Desktop, Cloud), OCIT Business Relationship Management Team, Privacy, Legal, Procurement departments Ensuring all new technologies and service providers align with County Information security, privacy, and procurement requirements. Facilitating the Countywide Security Review & Approval (SRA) process for new technologies, cloud services, SaaS platforms, and third-party vendors. Conducting security and privacy evaluations of vendor solutions to meet County security compliance. Leading the development of training materials and facilitating training sessions and workshops. Maintaining a centralized vendor risk inventory within the GRC (Governance, Risk and Compliance) platform, Optro. Utilizing project organization management including scheduling, milestones, deliverables to achieve successful outcomes. Making policy and business decisions using sound judgement and risk management. Traveling throughout Orange County and attending staff meetings as needed, along with performing related duties as assigned.

DESIRABLE QUALIFICATIONS AND CORE COMPETENCIES

In addition to the minimum qualifications, the ideal candidate will possess at least three (3) years of work experience performing audit support, IT audits, IT compliance, PCI DSS (Payment Card Industry Data Security Standard), or a combination of the above. A certification in one of the following is preferred but not required:

CISA:

Certified Information System Auditor CISSP:

Certified Information Systems Security Professional CRISC:

Certified in

Risk and Information Systems Control PCI ISA:

Internal Security Assessor or equivalent The ideal candidate will have experience in the following competencies: Technical Knowledge | Technical Experience Analyzing, administering, and maintaining information security architecture, information security technologies, tools, appliances, practices and controls Understanding Information Technology and applying advanced methodologies, principles, and concepts to coordinate major projects Understanding of audit coordination, audit readiness, and audit remediation management Understanding of PCI (Payment Card Industry Data Security Standard) 4.0.1 requirements, assessment methodologies, and validation processes Utilizing risk management and internal control frameworks applicable to public-sector and regulated environments Utilizing technical project management methodology Evaluating and monitoring Information Security Risk strategies to maintain efficiency, accuracy, and compliance Utilizing GRC (Governance, Risk and Compliance) and service management platforms (i.e. Optro, ServiceNow), evidence repositories (i.e. SharePoint), and security tooling outputs (i.e. vulnerability management, SIEM) Understanding payment technologies, cardholder data environments, and secure system architectures Working knowledge and familiarity with HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), CJIS Security Policy (Criminal Justice Information Services), NIST Cybersecurity Framework & NIST SP-800 Series Leadership Skills Acting as a department liaison for Information Security Risk management best practices and security awareness Working collaboratively and establishing rapport with staff, managers, and people across County departments Acting as the department liaison and providing accurate information related to IT audits, IT security compliance, operations, and programs Leading training sessions and workshops to non-IT business users Building and maintaining positive forward focused customer-oriented work environments Oral | Written Communication Skills Preparing and orally presenting program training and support information to various groups Communicating, coordinating, and collaborating with County agencies to ensure effective service delivery Translating and developing technical findings into clear, actionable reports and documentation for non-technical stakeholders

LICENSE REQUIREMENT

Possession of a California Class C Driver License is Required.

MINIMUM QUALIFICATIONS

Please click here for details on this classification, including the physical, mental, environmental and working conditions.

SPECIAL REQUIREMENT

|

BACKGROUND INVESTIGATION

Part of the selection process for positions within Orange County Information Technology (OCIT) requires that all candidates undergo an extensive background investigation process, to the satisfaction of the Department. Candidates must successfully clear prior to the start of their employment. All employment offers are contingent upon successful completion of a background investigation.

RECRUITMENT PROCESS

Human Resource Services (HRS) will screen all application materials to identify qualified applicants. After screening, qualified applicants will be referred to the next step and notified of all further procedures applicable to their status in the competition. Application Screening (Refer/Non-Refer) Applications and supplemental responses will be screened for qualifications that are highly desirable and most needed to successfully perform the duties of this job. Only those applicants that meet the qualifications as listed in the job bulletin will be referred to the next step. Structured Oral Interview | SOI (Weighted 100%) Applicants will be interviewed and rated by an oral interview panel of job knowledge experts. Each applicant's rating will be based on responses to a series of structured questions designed to elicit the applicant's qualifications for the job. Only the most successful candidates will be placed on the eligible list. Eligible List Once the assessment has been completed, HRS will establish an eligible list of candidates. Candidates placed on the eligible list may be referred to a selection interview to be considered for present and future vacancies. Based on the Department's needs, the selection procedure listed above may be modified. All candidates will be notified of any changes in the selection procedure. Veterans Employment Preference The County is committed to providing a mechanism to give preferential consideration in the employment process to veterans and their eligible spouses and will provide eligible participants the opportunity to receive interviews in the selection process for employment and paid internship openings. Please click here to review the policy.

ADDITIONAL INFORMATION EMAIL NOTIFICATION

Email is the primary form of notification during the recruitment process. Please ensure your correct email address is included in our application and use only one email account.

NOTE:

User accounts are established for one person only and should not be shared with another person. Multiple applications with multiple users may jeopardize your status in the recruitment process for any positions for which you apply. Candidates will be notified regarding their status as the recruitment proceeds via email through the GovernmentJobs.com site. Please check your email folders, including spam/junk folders, and/or accept emails ending with "governmentjobs.com" and "ocgov.com." If your email address should change, please update your profile at www.governmentjobs.com .

FREQUENTLY ASKED QUESTIONS

Click here for additional Frequently Asked Questions. For specific information pertaining to this recruitment, contact Joanna Xue at joanna.xue@ceo.oc.gov or (714)-834-7338.

EEO INFORMATION

Orange County, as an equal employment opportunity employer, encourages applicants from diverse backgrounds to apply. Administrative Management • In addition to the County's standard suite of benefits -- such as a variety of health plan options, sick and vacation time and paid holidays -- we also offer an excellent array of benefits such as:

Retirement:

Benefits are provided through the Orange County Employees' Retirement System (OCERS). Please go to the following link to find out more about Defined Benefit Pensions and OCERS Plan Types/Benefits.

http:

//www.ocers.org/active-member-information .

Paid Leave:

Twelve holidays per year plus sick and vacation time

Health & Dependent Care Reimbursement Accounts Dental Insurance:

County pays 100% of employee and dependent premiums

Paid Life Insurance:

$100,000 life insurance policy

Paid Accidental & Death and Dismemberment Insurance:

$100,000 AD&D insurance policy Paid Short & Long Term Disability insurance programs 457 Defined Contribution Program •Effective 07/01/20, management employees who are sworn Public Safety Managers receive health insurance benefits through the AOCDS Medical Benefit Plans. Click here for information about benefits offered to County of Orange employees. 01

INSTRUCTIONS:

The information you provide on this questionnaire will be evaluated and used to determine your level of expertise during the recruitment process. Be as specific as possible and include all information requested. If you do not have experience in an area, please answer "N/A". Statements such as "see application" or "see resume", will not be accepted in lieu of a response. All employers referenced on this questionnaire must be listed on your application. Do you understand these instructions? Yes 02 I understand that as part of the selection process for positions within OCIT, I will be required to undergo an extensive background investigation including but not limited to contacting my current and/or previous employers, reference checks, criminal searches, verification of credentials, review of credit history. Any falsification of information or failure to meet the standards listed above will result in my disqualification. I acknowledge that I have read and understand the information listed above 03 Please select the option that is most applicable to your experience as defined in the Technology Services Manager minimum qualifications.

NOTE:

If you are substituting education for experience to meet the minimum qualifications you will need to attach unofficial transcripts to your application. If you do not attach it to your application will be considered incomplete and will not be moving forward in the recruitment process. One (1) or more years as a Technology Services Administrator or its equivalent with the County of Orange Five (5) years of professional information technology programs and project operations experience related to assignment; must include one (1) year of lead/supervisory experience Four (4) years of professional information technology programs and project operations experience related to assignment; must include one (1) year of lead/supervisory experience AND possess a Bachelor's degree in computer science, information technology, or related field Three (3) years of professional information technology programs and project operations experience related to assignment; must include one (1) year of lead/supervisory experience AND possess a Master's degree or higher in computer science, information technology, or related field 04 Based on your response to question #3, if you are substituting relevant education for the required experience as defined in the Technology Services Manager minimum qualifications, you are acknowledging that you attached a copy of your unofficial transcripts to your application. Foreign degrees require an evaluation of U.S. equivalency by an agency that is a member of the National Association of Credential Services (N.A.C.E.S). Yes, I have attached a copy of my unofficial transcripts as I will substituting experience with relevant education and, if applicable, I have attached the

N.A.C.E.S.

equivalency evaluation for my degree Not applicable; I will not be substituting relevant education with experience 05 Please select the certifications you possess. CISA (Certified Information System Auditor) CISSP (Certified Information Systems Security Professional) CRISC (Certified in Risk and Information Systems Control) PIC ISA (Internal Security Assessor) Other None of the above 06 If you selected "Other" in question #5 please specify the certification you possess. 07 Please select from the following options which best describes your experience. Three (3) or more years of work experience performing audit support, IT audits, IT compliance, PCI DSS (Payment Card Industry Data Security Standard), or a combination of the above Less than three (3) years of work experience performing audit support, IT audits, IT compliance, PCI DSS (Payment Card Industry Data Security Standard), or a combination of the above No experience 08 Based on your answer to question #7, please elaborate on your work experience performing audit support, IT audits, IT compliance, PCI DSS (Payment Card Industry Data Security Standard), or a combination of the above. Please include in your response, your years of experience, the scope of your responsibilities, and the organization you obtained this experience from. If none, please type "N/A". 09 Please describe your lead/supervisory experience related to this assignment. Please include in your response, your years of experience, the scope of your responsibilities, and the organization you obtained this experience from. If none, please type "N/A". Required Question Employer County of Orange Address 400 W

CIVIC CENTER DRIVE

Santa Ana, California, 92701 Phone 714-834-2555 Website https://hrs.oc.gov