Description
The Vision
Multnomah County is seeking a visionary Chief Information Security Officer (CISO) who understands that security is a human endeavor powered and protected by cutting-edge technology.
In this role, you will serve as the strategic link between technical security frameworks and human-centric engagement. You will champion a culture where robust security is built on a foundation of empathy and proactive education. As a key advocate for our community, you will confidently represent security interests to both technical teams and executive leadership. You will oversee the availability, integrity, and confidentiality of information systems, ensuring that security protocols serve as a catalyst for innovation across the County.
Your Core Mission
Human-Centered Leadership: Build a culture where security is a shared responsibility. You will cultivate deep relationships across departments and use emotional empathy to foster trust and layered security.
Proactive Threat Hunting: Move beyond passive defense. You will oversee sophisticated threat-hunting operations to neutralize adversaries before they reach the perimeter.
The Voice of Security: Act as a high-profile advocate. Whether it’s a community meeting or a sensitive board briefing, you possess the public speaking prowess to make complex risks relatable to non-technical stakeholders.
AI & Automation Orchestration: Lead the charge in integrating AI-driven security tools. You’ll leverage automation to eliminate alert fatigue and use machine learning to predict emerging patterns.
Sensitive Response & Operations: Direct high-stakes incident response with calm, clinical precision. You will manage the technical, legal, and reputational fallout of breaches while maintaining the trust of County employees and the community.
Dynamic Training Programs: You will spearhead immersive, behavioral-based training programs that empower employees to be our strongest line of defense.
What We’re Looking For:
Communication: Act as a trusted liaison between the technical security and engineering teams, Senior Executives, and Elected Officials/Board of Commissioners. This requires an exceptional ability to translate complex technical language into clear, understandable business value.
Compliance Expertise: Deep mastery of HIPAA, CJIS, PII, and PCI frameworks.
Cyber Insurance Management: Responsible for negotiating and maintaining cyber insurance policies.
Supply Chain Integrity: Develop and oversee robust Third-Party Risk Management (TPRM) initiatives to ensure all technology vendors meet the County's rigorous security and privacy standards by design
Tech Stack: Expertise in cloud architecture, AI-assisted Endpoint Detection and Response (EDR)/ Extended Detection and Response (XDR), and Security Orchestration, Automation, and Response (SOAR) platforms to stop attacks.
Crisis Management: Maintains composure under pressure with deep experience leading digital forensics.
Strategic Mindset: Ability to align security with County goals and technology strategic plans
Why Join Us?
Autonomy: You have the mandate to lead our security architecture, IAM initiatives, and develop strategic cyber defense-in-depth frameworks.
Innovation: Applying existing tools, AI and automation to protect County infrastructure, data and Community data.
Influence: A seat at the table in the Office of the CIO where your voice directly impacts the County’s strategic direction.
Purpose: Cybersecurity is not just a product, but is a combination of relationships and processes that strengthen our community and employees, and enables the safe use of innovative technology.
Informational Session: Fireside Chat
Virtual Q&A Sessions for Candidates: We are hosting an informational session for potential candidates to learn more about Multnomah County, our department, this position, and the application process.
We welcome you to join us via the Google Meet link below to hear more details and ask any questions you may have. You can access the meeting directly through the link, but if you would prefer to receive a specific calendar invitation, please email allison.conkling@multco.us.
Date: Wednesday, February 11, 2026
Time: 12:00pm - 1:00pm Pacific Daylight Time (PDT)
Link: meet.google.com/rnm-uxan-dgff
Dial-In: (US)+1 216-930-0592 PIN: 601 048 523#; Link to More phone numbers
Requirements
To Qualify
We value the unique paths people take to gain expertise. We will consider any combination of relevant work experience, volunteering, education, and transferable skills.
Minimum Qualifications:
Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Public Administration, or a related field (qualifying professional-level experience may substitute for the required education on a year-for-year basis.)
AND
Six (6) years focused on managing information security in a complex, matrixed environment
Advanced experience in building, executing, and overseeing enterprise-level information security programs, including budgetary planning and large-scale programmatic oversight.
Experience managing and professional development of an experienced team of direct reports (5)
Experience with Federal and State security legislation (e.g., HIPAA, CJIS, PII, PCI) and the implementation of strategic frameworks (e.g., NIST Cybersecurity Framework, ISO/IEC 27001, or CIS Controls).
Expert-level understanding of secure software development lifecycles (DevSecOps), artificial intelligence, data governance, and enterprise application integrity.
Experience implementing IAM or Zero Trust Architecture in complex government and regulatory environments.
Certified Information Systems Security Professional (CISSP)
Criminal Justice Information Systems (CJIS) authorization is required prior to the start of this position, which includes a records check and fingerprinting upon acceptance of the employment offer.
Required cover letter describing how you meet the requirements.
Preferred Qualifications (Transferable Skills):
Experience working in the public sector or another highly regulated industry, such as healthcare or finance.
Active involvement in MS-ISAC or other national information security organizations.
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Cloud platform specific professional certifications, e.g. Google Cloud, Microsoft Azure, AWS etc.
