To: Board of Supervisors
From: Human Resources
Agenda Section: Consent
Vote Requirement: 4/5th
SUBJECT:
title
Amended Classification Specifications and Salary Ranges for the County Administrative Office - Information Technology Division (4/5 Vote Required)
end
RECOMMENDATION(S):
Recommendation
That the Board of Supervisors:
1. Adopt the amended and retitled classification specification (Attachment 1) for Chief Information Security Officer (classification # 0290) into the classification system effective the pay period following Board approval; and
2. Approve the revised salary range for the Chief Information Security Officer classification (classification # 0290) from salary range 529 to salary range 562 effective the pay period following Board approval; and
3. Adopt the amended classification specification (Attachment 2) for IT Security Analyst I/II (classification # 0289A/B) into the classification system effective the pay period following Board approval; and
4. Approve the revised salary range for the IT Division Director classification (classification # 0131) from salary range 562 to 582 effective the pay period following Board approval
5. Adopt the compensation schedule effective Oct. 12, 2025 (Attachment 3) effective the pay period following Board approval; and
6. Authorize a temporary increase for employees Patrick Ory, Robert Beier, and Matthew Reinke as if they were promoted to the classification of IT Security Analyst I (classification # 0289A) pursuant to the Humboldt County Salary Resolution Section 7 effective the pay period following Board approval (4/5 Vote Required); and
7. Adopt the Resolution (Attachment 4) approving the amendment of the 2022-2024 Compensation Plan for Designated Management and Confidential Employees.
Body
STRATEGIC PLAN:
This action supports the following areas of your Board’s Strategic Plan.
Area of Focus: Workforce & Operational Excellence
Strategic Plan Category: 3001 - Support a well-trained workforce
DISCUSSION:
On June 3, 2024, your Board was presented with options relating to the reorganization and process improvement of county operations. After being presented with the options, your board directed staff to look into options for combining the information technology security function within the county.
The county engaged the services of Municipal Resource Group, LLC (MRG) to conduct a study to develop a plan for the consolidation of the information security units of the county’s Information Technology (IT) Division and the Department of Health and Human Services’ (DHHS) Information Services (IS) Division.
MRG reviewed a large amount of information, including organizational charts, reports, budgets, salaries, Position Description Questionnaires (PDQs), and class specifications, and met with relevant county management and staff. Based on their analysis of the information, MRG recommended the following actions:
1. New CISO Classification and Recruitment: Establish a new Chief Information Security Officer (CISO) classification at salary range 562.
a. Executive Recruiter: A recruitment should be opened as soon as possible, preferably with the assistance of an executive recruiter.
b. Consultant CISO: Consider contracting with a consultant CISO to guide the county through implementation, policy revisions, communication with County employees and executive management, and hiring the permanent CISO.
c. Increase the IT Division Director Salary Range: To improve internal and external equity, and to avoid compaction with the CISO, the county should increase the IT Division Director salary range to 582 from salary range 562, which is 10% above the proposed range for CISO. The county may also want to consider establishing IT as a stand-alone department.
2. Formal Trial Program: Develop a formal trial program for a County Information Security Division.
a. Information Security Committee: Establish a committee to monitor, assess, and report to county executives and stakeholders about the trial consolidation, and to help guide and plan the communication strategy to share information about the changes with the county departments and staff.
b. Move Information Security Employees: During the trial period, move the security employees to a DHHS office space. The IT Division Director and HHS - Deputy Director - Information Services will continue to provide day-to-day supervision of the employees until a permanent CISO is hired.
c. Define Duties of Information Security Employees: During the trial period, the three DHHS Departmental Information Systems Analysts should be given out-of-class pay as IT Security Analysts. For the first several months to a year, the IT Division and DHHS security employees should continue to perform their current duties to ensure that DHHS’s needs are met. The employees will gradually expand their knowledge and skills, and management will determine the best way to distribute the duties.
3. Permanent County Information Security Division: If the trial period is successful, formalize the permanent county Information Security Division, which will involve the following:
a. Information Security Committee: The committee will continue to monitor the permanent implementation and will preferably evolve to oversee the county’s information security projects, programs, purchases, issues, etc.
b. Policy and Procedure Revisions: The division will continue to work with County IT and relevant departments to officially revise policies, procedures, codes, and charters.
c. Internal Service Fund and Office Space: Management will select and formalize the division’s office space and establish an internal service fund (ISF) to receive funding for operations, equipment, staff, and training.
d. Class Specification Revisions and Position Reclassifications: If the division is formally established, revise the IT Security Analyst classification specification based on the work performed in the permanent County Information Security Division, and consider establishing a Senior Information Security Analyst classification to serve as a team lead. Reclassify the employees to the appropriate classifications.
The Human Resources Department (HR), County Administrative Office (CAO), and the Department of Health & Human Services (DHHS) wish to implement some of the recommendations from MRG, beginning with numbers 1 and 2 above. Therefore, HR developed the new classification specification for CISO (Attachment 1) and updated the classification specification for IT Security Analyst I/II (Attachment 2) with the assistance of MRG and the CAO for your Board’s approval. HR, in collaboration with the CAO, will determine the appropriate timing for a recruitment for the CISO position.
In accordance with the recommendations of MRG, the CAO and DHHS will initiate the Formal Trial Program as described above. For the Formal Trial Program to take place, the DHHS staff will need to receive pay as if they were promoted to the IT Security Analyst I classification. This increase in pay is justified as the DHHS staff will be performing the principal duties of the IT Security Analyst series. However, the staff cannot receive out of class pay as described in the AFSCME MOU because there are no vacant IT Security Analyst positions in DHHS. Therefore, HR requests that your Board approve this pay under the authority of the Salary Resolution Section 7.
If your Board approves the salary increase recommendation described above, the Formal Trial Program will begin and will last one year. During the trial, the CAO and DHHS will evaluate the effectiveness of a combined Information Security function. After the trial program is complete, the departments will come back to your Board with further considerations.
SOURCE OF FUNDING:
Information Technology (IT) Internal Service Fund (ISF) - (3550-118) 3550 and DHHS Funds (1160-516)
FINANCIAL IMPACT:
|
Expenditures (various) |
FY25-26 |
FY26-27 Projected* |
FY27-28 Projected* |
|
Budgeted Expenses |
$37,808 |
$70,393 |
$76,318 |
|
Additional Appropriation Requested |
|
|
|
|
Total Expenditures |
$37,808 |
$70,393 |
$76,318 |
*Projected amounts are estimates and are subject to change.
|
Funding Sources (various) |
FY25-26 |
FY26-27 Projected* |
FY27-28 Projected* |
|
IT ISF (3550-118) |
$23,366 |
$42,060 |
$44,163 |
|
DHHS Funds (1160-516) |
$14,442 |
$28,333 |
$32,155 |
|
Total Funding Sources |
$37,808 |
$70,393 |
$76,318 |
*Projected amounts are estimates and are subject to change.
Narrative Explanation of Financial Impact:
The increase in compensation for the CISO from range 529 to range 562 is estimated to cost $22,512 annually. The increase in compensation for the IT Division Director from range 562 to range 582 is estimated to cost $17,545 annually. For the remaining months of FY 2025-26, these increases are anticipated to cost $23,366. However, the CISO is currently vacant and may take time to fill, which would delay these costs. The IT ISF fund 3550, budget unit 118 has sufficient appropriations in FY 2025-26 due to the vacancy of the CISO to fund these increases.
To reduce the initial costs to departments, should the IT ISF not have sufficient fund balance to fund the increases in FY 2026-27, staff recommend your Board make a General Fund Contribution to fund the increases. In FY 2027-28 and future years, these costs will be incorporated into the departments IT ISF charges.
The increases in compensation for 3.0 FTE DHHS staff that are assigned to IT Security will be funded by DHHS while these positions remain assigned to DHHS. These increases are anticipated to cost $24,759 annually. For the remaining months of FY 2025-26, this increase is estimated to cost $14,443. DHHS will fund this in their administrative budget unit which draws funding from each of the branches including Realignment, Mental Health Services Act and Social Services County Expense Claim Sources (CalWorks, CalFresh, etc.). Should this model be successful, these staff will be moved into the IT ISF in the future in which they will be funded by the IT ISF through charges to all county departments.
STAFFING IMPACT:
|
Position Title |
Position Control Number |
Monthly Salary Range (1A-E Step) |
Additions (Number) |
Deletions (Number) |
|
N/A |
N/A |
N/A |
N/A |
N/A |
Narrative Explanation of Staffing Impact:
This item’s recommendations would impact staff in the CAO - IT Division and the DHHS - IS Division. If this item is approved, the incumbent in the IT Division Director position will receive a salary increase of 10%. Additionally, the creation of the Chief Information Security Officer classification would create growth opportunities for IT and IS staff.
OTHER AGENCY INVOLVEMENT:
N/A
ALTERNATIVES TO STAFF RECOMMENDATIONS:
Your Board could choose not to adopt the recommendations in this item, however that is not recommended as the county is in need of a centralized information security function.
ATTACHMENTS:
1. Chief Information Security Officer classification specification
2. IT Security Analyst I/II classification specification
3. Oct. 12, 2025, Compensation Schedule
4. Resolution
PREVIOUS ACTION/REFERRAL:
Meeting of: 06/03/2024
File No.: 24-875