Information Security Compliance & Audit Manager (Technology Services Manager) Salary may be negotiable within the applicable range of the classification and successful candidate's qualifications, subject to appropriate authorization. OPEN TO THE PUBLIC This recruitment will establish an open eligible list that will be used to fill current and future Technology Services Manager positions. The eligible list established may also be used to fill positions in similar and/or lower classifications throughout the County of Orange. DEADLINE TO APPLY This recruitment will be open for a minimum of five (5) business days and will close on Sunday May 17, 2026 at 11:59pm (PST). ORANGE COUNTY INFORMATION TECHNOLOGY The mission ofOrange County Information Technology(OCIT) is to provide innovative, reliable, and secure technology solutions that support County departments in the delivery of quality public services. OCIT provides IT solutions across County departments for voice communications, network services, application support, service desk, desktop support, as well as data center services.
Clickherefor more information on OCIT. Clickherefor more information on the County of Orange.
THE OPPORTUNITY The Orange County Information Technology (OCIT) Countywide Services is seeking an experienced and dynamic manager who will provide audit support, vendor security risk assessment, and PCI (Payment Card Industry) compliance management. The Information Security Compliance & Audit Manager (Technology Services Manager) serves as the enterprise owner of OCIT's centralized audit coordination services and is the County's primary liaison for IT audits, security assessment, external auditors, vendors, and internal stakeholders. This position requires strong analytical and comprehension skills with written and communication experience.
The Information Security Compliance & Audit Manager's duties and responsibilities include the following:
Working in a multidisciplinary IT environment, including IT teams and coordinating efforts to meet audit requirements.
Serving as the primary audit liaison and advocate between internal stakeholders and OCIT, fostering strong partnerships and ensuring effective communication across organizations.
Leading audit planning and execution, communications and escalation paths.
Providing guidance and recommendations to County departments with PCI audit scoping, executing recurring vulnerability site scans and evaluating new device purchases.
Explaining and presenting executive-level audit status reporting, trend analysis, and lessons learned to drive continuous improvement.
Ensuring all new technologies and service providers align with County Information security, privacy, and procurement requirements.
Facilitating the Countywide Security Review & Approval (SRA) process for new technologies, cloud services, SaaS platforms, and third-party vendors.
Conducting security and privacy evaluations of vendor solutions to meet County security compliance.
Leading the development of training materials and facilitating training sessions and workshops.
Maintaining a centralized vendor risk inventory within the GRC (Governance, Risk and Compliance) platform, Optro.
Utilizing project organization management including scheduling, milestones, deliverables to achieve successful outcomes.
Making policy and business decisions using sound judgement and risk management.
Traveling throughout Orange County and attending staff meetings as needed, along with performing related duties as assigned.
DESIRABLE QUALIFICATIONS AND CORE COMPETENCIES In addition to the minimum qualifications, the ideal candidate will possess at least three (3) years of work experience performing audit support, IT audits, IT compliance, PCI DSS (Payment Card Industry Data Security Standard), or a combination of the above.
A certification in one of the following is preferred but not required:
CISA: Certified Information System Auditor
CISSP: Certified Information Systems Security Professional
CRISC: Certified in Risk and Information Systems Control
PCI ISA: Internal Security Assessor or equivalent
The ideal candidate will have experience in the following competencies:
Technical Knowledge | Technical Experience
Analyzing, administering, and maintaining information security architecture, information security technologies, tools, appliances, practices and controls
Understanding Information Technology and applying advanced methodologies, principles, and concepts to coordinate major projects
Understanding of audit coordination, audit readiness, and audit remediation management
Understanding of PCI (Payment Card Industry Data Security Standard) 4.0.1 requirements, assessment methodologies, and validation processes
Utilizing risk management and internal control frameworks applicable to public-sector and regulated environments
Evaluating and monitoring Information Security Risk strategies to maintain efficiency, accuracy, and compliance
Utilizing GRC (Governance, Risk and Compliance) and service management platforms (i.e. Optro, ServiceNow), evidence repositories (i.e. SharePoint), and security tooling outputs (i.e. vulnerability management, SIEM)
Understanding payment technologies, cardholder data environments, and secure system architectures
Working knowledge and familiarity with HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), CJIS Security Policy (Criminal Justice Information Services), NIST Cybersecurity Framework & NIST SP-800 Series
Leadership Skills
Acting as a department liaison for Information Security Risk management best practices and security awareness
Working collaboratively and establishing rapport with staff, managers, and people across County departments
Acting as the department liaison and providing accurate information related to IT audits, IT security compliance, operations, and programs
Leading training sessions and workshops to non-IT business users
Building and maintaining positive forward focused customer-oriented work environments
Oral | Written Communication Skills
Preparing and orally presenting program training and support information to various groups
Communicating, coordinating, and collaborating with County agencies to ensure effective service delivery
Translating and developing technical findings into clear, actionable reports and documentation for non-technical stakeholders
LICENSE REQUIREMENT Possession of a California Class C Driver License is Required.
MINIMUM QUALIFICATIONS Please click herefor details on this classification, including the physical, mental, environmental and working conditions.
SPECIAL REQUIREMENT | BACKGROUND INVESTIGATION Part of the selection process for positions within Orange County Information Technology (OCIT) requires that all candidates undergo an extensive background investigation process, to the satisfaction of the Department. Candidates must successfully clear prior to the start of their employment. All employment offers are contingent upon successful completion of a background investigation.
RECRUITMENT PROCESS Human Resource Services (HRS) will screen all application materials to identify qualified applicants. After screening, qualified applicants will be referred to the next step and notified of all further procedures applicable to their status in the competition.
Application Screening (Refer/Non-Refer) Applications and supplemental responses will be screened for qualifications that are highly desirable and most needed to successfully perform the duties of this job. Only those applicants that meet the qualifications as listed in the job bulletin will be referred to the next step. Structured Oral Interview | SOI (Weighted 100%) Applicants will be interviewed and rated by an oral interview panel of job knowledge experts. Each applicant's rating will be based on responses to a series of structured questions designed to elicit the applicant's qualifications for the job. Only the most successful candidates will be placed on the eligible list. Eligible List Once the assessment has been completed, HRS will establish an eligible list of candidates. Candidates placed on the eligible list may be referred to a selection interview to be considered for present and future vacancies.
Based on the Department's needs, the selection procedure listed above may be modified. All candidates will be notified of any changes in the selection procedure.
Veterans Employment Preference The County is committed to providing a mechanism to give preferential consideration in the employment process to veterans and their eligible spouses and will provide eligible participants the opportunity to receive interviews in the selection process for employment and paid internship openings. Please clickhere to review the policy. EMAIL NOTIFICATION Email is the primary form of notification during the recruitment process. Please ensure your correct email address is included in our application and use only one email account.
NOTE: User accounts are established for one person only and should not be shared with another person. Multiple applications with multiple users may jeopardize your status in the recruitment process for any positions for which you apply.
Candidates will be notified regarding their status as the recruitment proceeds via email through the GovernmentJobs.com site. Please check your email folders, including spam/junk folders, and/or accept emails ending with "governmentjobs.com" and "ocgov.com." If your email address should change, please update your profile atwww.governmentjobs.com. FREQUENTLY ASKED QUESTIONS
For specific information pertaining to this recruitment, contact Joanna Xue at joanna.xue@ceo.oc.gov or (714)-834-7338.Orange County, as an equal employment opportunity employer, encourages applicants from diverse backgrounds to apply.
