Report to Mayor and City Council
Tuesday, January 09, 2024
Consent
SUBJECT:
Title
CONSIDER RESOLUTION NO. 24-005 AMENDING THE CLASSIFICATION PLAN, RESOLUTION NO. 77-111, BY ADOPTING A NEW JOB CLASSIFICATION SPECIFICATION AND SALARY FOR INFORMATION TECHNOLOGY SECURITY OFFICER AND ELIMINATING THE CLASSIFICATION SPECIFICATION AND SALARY OF INFORMATION TECHNOLOGY SECURITY ADMINSTRATIOR (CITY COUNCIL)
Body
I. SUMMARY
Staff is presenting the new job classification of Information Technology Security Officer and elimination of the job classification of Information Technology Security Administrator to City Council for approval and adoption into the City’s Classification plan.
II. RECOMMENDATION
Recommendation
WAIVE further reading and ADOPT Resolution No. 24-005:
“A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF CARSON, CALIFORNIA, AMENDING THE CLASSIFICATION PLAN, RESOLUTION NO. 77-111, BY ADOPTING A NEW JOB CLASSIFICATION SPECIFICATION AND SALARY FOR INFORMATION TECHNOLOGY SECURITY OFFICER AND ELIMINATING THE CLASSIFICATION SPECIFICATION AND SALARY OF INFORMATION TECHNOLOGY SECURITY ADMINSTRATIOR.”
Body
III. ALTERNATIVES
TAKE another action that City Council deems appropriate.
IV. BACKGROUND
On March 7, 2023 and on April 18, 2023 the City Council adopted Resolution No. 23-048 amending the classification plan for the City of Carson by adding the position of Information Technology Security Administrator as part of the Phase II restructuring plan previously approved by City Council. Since then, Information Technology and Security Department (ITS) staff and the Human Resources Department have tried in earnest to recruit for the position but have had little success in securing qualified candidates.
As a result, the ITS Director reviewed the job description and edited recommendations. The recommendations are based upon the City’s cybersecurity vulnerability reports, resulting in updates to the department organizational structure to include updated position reporting aligned with a cybersecurity priority for infrastructure (Exhibit 3, ITS org charts). The proposed job specification upgrade of the existing job specification of IT Security Administrator to IT Security Officer (Exhibit 2) aligns with peer cities and best practices.
The ITS Director completed a comprehensive review of the City’s Defendify vulnerability reports and the audits from Vasquez & Company LLC, the City’s auditor. The Vasquez audit reported critical issues that required immediate action in the audit using data from Defendify Vulnerability reports dated 02/15/2023.
Per Vasquez’s audit reports and the City’s cybersecurity software reporting, there are significant vulnerabilities in terms of quantity and risk level that require remediation. While ITS department staff are aware of the vulnerabilities, per quarterly and semi-annual reporting from numerous independent agencies and reports, staff has not prioritized remediation. More importantly, the City is unable to meet existing and future vulnerabilities due to failure to follow best IT practices and the inability to complete the volume of security patching for remediation due to staffing levels. The IT Security job classification requires management responsibilities to supervise and oversee staff responsible for the core areas of cybersecurity infrastructure risk including network, servers, website, Office365 administrator duties, etc. and technician level support to prioritize patching while balancing other operational requirements.
Therefore, the appropriate job title of IT Security Officer and the recommended changes to the job specification and department organizational structure align with the City of Carson following best practices for cyber security, cybersecurity current state, current staffing levels, and peer city benchmarking.
Staff is presenting the job specifications modifications as follows:
|
From: Title: IT Security Administrator Range: 909 Salary: $56.09 - $71.59/hr |
To: Title: IT Security Officer Range: 507 Salary: $70.04 - $89.39/hr |
Staff has met and conferred with the Association of Management Employees (AME) bargaining unit board who have agreed with the addition/adjustment.
V. FISCAL IMPACT
There is no fiscal impact from the proposed adjustments to the City’s classification plan, as the original Administrator position was budgeted at Step 3 of its range, has remain unfilled, and there is sufficient salary savings within the ITS Department full time and part time budget to cover the anticipated increase resulting from adoption of the Officer position.
VI. EXHIBITS
1. Resolution No. 24-005 - (pgs. 4-5)
2. Information Technology and Security Office Job Specifications (pgs. 6-8)
3. Information Technology and Security Department Org Charts (pgs. 9-10)
Prepared by: Dr. Robert Lennox, Assistant City Manager/Interim Human Resources Director; Gary Carter, Information Technology and Security Director