ASSISTANT DIRECTOR OF INFORMATION TECHNOLOGY - INFORMATION SECURITY OFFICER - 40009103

Join Durham County GovernmentDurham County Government is home to over 2,000 dedicated professionals working together to deliver essential services that strengthen and support our vibrant, diverse community. As the heart of a fast-growing region, we offer meaningful careers across a wide range of fields—giving you the opportunity to make a real impact where you live, work, grow, and play. Learn more at www.dconc.gov.

DEPARTMENT

Information Services & Technology

DATE POSTED

April 22, 2026

CLOSING DATE:

May 22, 2026

HIRING RANGE:

$109,621 - $165,000

POSITION NUMBER:

40009103

JOB TYPE:

Full-Time, 37.5 hrs/week, Exempt

GENERAL DESCRIPTION

This position oversees the County's information, cyber, and technology security. The position is responsible for developing, executing, and maintaining the County's cybersecurity strategic plan, ensuring alignment with business objectives and regulatory requirements. The role works closely with the Director/Chief Information Officer (CIO) to establish and maintain the enterprise strategy and architecture with a multi-year roadmap to safeguard the County's digital assets. The role directs countywide information security and privacy efforts, ensuring compliance with HIPAA (Health Insurance Portability and Accountability Act) and other regulatory frameworks while fostering a culture of cybersecurity awareness. The position requires strong leadership to drive interdepartmental compliance, integrate security best practices, and manage a high-performing security team.

DUTIES AND RESPONSIBILITIES

Develops and maintains an enterprise-wide information security program, including policies, procedures, and controls to protect critical data, infrastructure, and information assets. Works with the Director/CIO to establish and execute a multiyear cybersecurity strategy and roadmap. Ensures alignment of security goals with the department's business plan, overseeing the development, execution, and updates of the cybersecurity strategic plan. Directs countywide information security efforts through departmental security professionals. Oversees Information Technology (IT) security policies, including disaster recovery, vulnerability management, and regulatory compliance. Coordinates and ensures compliance with HIPAA security requirements across County departments. Establishes continuous monitoring, auditing, and compliance reviews to safeguard County systems. Identifies and reports key performance metrics to measure the effectiveness of security programs. Leads IT security audits, including internal assessments and external compliance testing. Works with IT teams to implement security automation, vulnerability assessments, and risk management initiatives. Collaborates with the Training Officer to develop and deliver cybersecurity awareness programs. Other duties as required.

KNOWLEDGE, SKILLS AND ABILITIES

The Assistant Director of Information Security must have extensive expertise in cybersecurity frameworks National Institute of Standards Technology (NIST), ISO 27001, Computer Information Systems (CIS), Control Objectives for Information and Related Technologies (COBIT) and regulatory compliance (HIPAA, General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley Act (SOX). A deep understanding of security technologies (Security Information and Event Management (SIEM), Identity and Access Management (IAM), Endpoint Detection and Response (EDR), firewalls, Zero Trust, and cloud security) best practices, and risk management strategies are essential.

This position requires:

Strong leadership and collaboration skills to engage IT, legal, and compliance teams effectively. The ability to align cybersecurity strategies with business objectives and articulate risks to executives. Proficiency in security policy development, incident response, and vendor security evaluations. Exceptional organizational and interpersonal skills to collaborate with internal and external stakeholders.

MINIMUM EDUCATION AND EXPERIENCE REQUIREMENTS

Bachelor's degree in Information Technology, Cybersecurity, or a related field. Seven to ten years of progressively responsible IT experience, including enterprise-level support and information security field (or equivalent combination of education and experience). Proven experience leading cybersecurity teams and managing IT security initiatives.

PREFERRED

Advanced degree in Information Technology, Cybersecurity, or a related field. Relevant information security certifications such as (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Privacy Manager (CIPM). Experience with public sector IT management. Familiarity with additional compliance programs such as Gramm-Leach-Billey Act (GLBA) and Family Educational Rights and Privacy Act (FERPA).

AMERICANS WITH DISABILITIES ACT COMPLIANCE

Durham County is an Equal Opportunity Employer. ADA requires Durham County to provide reasonable accommodations to qualified persons with disabilities. Prospective and current employees are encouraged to discuss ADA accommodations with management.

BACKGROUND CHECK STATEMENT

This position may be subject to a background check, which could include, but is not limited to, criminal history (employment-related and/or SBI fingerprint-based), credit history, motor vehicle records, educational verification, and checks of the sexual offender registry, depending on the specific requirements of the role. A conviction record does not automatically disqualify an applicant from employment consideration, unless otherwise required by applicable state law.