Health & Human Services Comm
Chief Information Security Officer
Health & Human Services Comm, Austin, Texas, us, 78716
The Chief Information Security Officer (CISO) is selected by and reports to the Chief Information Officer, working under minimal supervision, with extensive latitude for the use of initiative and independent judgment.
The CISO is responsible for coordinating information technology security activities and creating and communicating a broad-based IT security conscious culture across the organization. The CISO performs highly advanced managerial work providing direction and guidance in strategic IT operations and planning. The CISO oversees the development of enterprise level security policies, coordinates and leads information technology physical and logical security activities, is responsible for performing IT risk management activities, IT security awareness, IT security architecture, and IT security incident management.
The CISO plans, assigns and supervises the work of others in functional areas of the delivery of the enterprise security program.
Essential Job Functions:
Oversees the development and monitoring of information technology security practices to ensure HHS information and technology infrastructure is appropriately available and secure from unauthorized access, inappropriate alteration or destruction. Oversees internal and external resources that safeguard HHS IT assets and systems. Ensures systems/application comply with IT security policies, industry and state regulations, and best practices. Oversees investigations into security violations and breaches and reports such violations when needed. Responsible for the development and maintenance of IT risk assessment, system security planning, contingency planning and support for the various audits and examinations. Evaluates information security controls and suggests improvements include modification of existing controls and the addition of new, more effective controls. (30%)
Oversees the management of the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security and compliance with Chapter 202 of Title 1 of the Texas Administrative Code (1 TAC 202), Information Security Standards, and Internal Revenue Code, Title 26 of the U.S. Code (26 USC) 6103(l)(7). Continually refines the IT Security & Risk Strategy, ensuring critical data, assets and infrastructure are secure by working to keep cyber defenses, operations and the overall organization prepared for current and ongoing threats. (30%)
Defines the HHS Information Security Roadmap and manages the budget associated with the delivery of security functions across the HHS Enterprise. Identifies and implements information security goals, objectives and metrics consistent with HHS risk tolerance, organizational mission and IT strategic plans. (15%)
Oversees the coordination of collaboration of information security across the HHS enterprise. Oversees the development and delivery of security services to agencies within the HHS enterprise. Works closely with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Collaborates with other information systems team members, staff and vendors to design, implement, maintain and monitor secure systems and processes supporting a high level of confidentiality, integrity and availability. Educates users about Information Security Requirements, Policies, and Procedures and consults on security issues as it relates to strategic initiatives for the organization. Partner closely with other Information Technology divisions (Infrastructure and Applications team) to ensure that all applications are developed with security in mind. (15%)
Represents the HHS Enterprise both internally and externally on information security matters. Leads committees and participates in statewide security initiatives. Works with outside consultants as appropriate for independent security audits. (10%)
Knowledge Skills Abilities:
Extensive working knowledge of federal, state, and local information security compliance requirements.
Extensive working knowledge of information security auditing and risk management.
Working knowledge of business continuity planning.
Working knowledge of and the ability to negotiate and monitor complex contracts, service level agreements, and performance metrics.
Excellent skill in performing complex security analyses and operationalizing security changes.
Ability to identify problems, evaluate alternatives, and implement effective solutions.
Excellent skills in communication, both verbal and written with skills in presenting information to executive level management, public, and legislative audiences.
Superior mentoring and leadership skills.
Skill in building and promoting effective working relationships with user and stakeholder communities operating in a large enterprise environment.
Demonstrated leadership and management skills required for a large, complex and sophisticated technical and professional workforce.
Ability to manage multiple large scale projects.
Registration or Licensure Requirements:
Initial Selection Criteria: College degree in computer science, management information systems, engineering, or a related STEM field. Master’s degree in a computer science, cybersecurity, or management information systems preferred. 10 years of prior experience leading large technical or security teams preferred. Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) and/or Cisco Certified Internetwork Expert (CCIE) Security certifications are preferred.
Additional Information: Job requires many presentations and publicly speaking engagements, including testifying.
MOS Code: Note: There may be no military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position. All active duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information, see the Texas State Auditor’s Military Crosswalk at Military Crosswalk Guide - Prepared by the State Auditor's Office (texas.gov)
HHS agencies use E-Verify. You must bring your I-9 documentation with you on your first day of work.
In compliance with the Americans with Disabilities Act (ADA), HHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
#J-18808-Ljbffr
The CISO is responsible for coordinating information technology security activities and creating and communicating a broad-based IT security conscious culture across the organization. The CISO performs highly advanced managerial work providing direction and guidance in strategic IT operations and planning. The CISO oversees the development of enterprise level security policies, coordinates and leads information technology physical and logical security activities, is responsible for performing IT risk management activities, IT security awareness, IT security architecture, and IT security incident management.
The CISO plans, assigns and supervises the work of others in functional areas of the delivery of the enterprise security program.
Essential Job Functions:
Oversees the development and monitoring of information technology security practices to ensure HHS information and technology infrastructure is appropriately available and secure from unauthorized access, inappropriate alteration or destruction. Oversees internal and external resources that safeguard HHS IT assets and systems. Ensures systems/application comply with IT security policies, industry and state regulations, and best practices. Oversees investigations into security violations and breaches and reports such violations when needed. Responsible for the development and maintenance of IT risk assessment, system security planning, contingency planning and support for the various audits and examinations. Evaluates information security controls and suggests improvements include modification of existing controls and the addition of new, more effective controls. (30%)
Oversees the management of the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security and compliance with Chapter 202 of Title 1 of the Texas Administrative Code (1 TAC 202), Information Security Standards, and Internal Revenue Code, Title 26 of the U.S. Code (26 USC) 6103(l)(7). Continually refines the IT Security & Risk Strategy, ensuring critical data, assets and infrastructure are secure by working to keep cyber defenses, operations and the overall organization prepared for current and ongoing threats. (30%)
Defines the HHS Information Security Roadmap and manages the budget associated with the delivery of security functions across the HHS Enterprise. Identifies and implements information security goals, objectives and metrics consistent with HHS risk tolerance, organizational mission and IT strategic plans. (15%)
Oversees the coordination of collaboration of information security across the HHS enterprise. Oversees the development and delivery of security services to agencies within the HHS enterprise. Works closely with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Collaborates with other information systems team members, staff and vendors to design, implement, maintain and monitor secure systems and processes supporting a high level of confidentiality, integrity and availability. Educates users about Information Security Requirements, Policies, and Procedures and consults on security issues as it relates to strategic initiatives for the organization. Partner closely with other Information Technology divisions (Infrastructure and Applications team) to ensure that all applications are developed with security in mind. (15%)
Represents the HHS Enterprise both internally and externally on information security matters. Leads committees and participates in statewide security initiatives. Works with outside consultants as appropriate for independent security audits. (10%)
Knowledge Skills Abilities:
Extensive working knowledge of federal, state, and local information security compliance requirements.
Extensive working knowledge of information security auditing and risk management.
Working knowledge of business continuity planning.
Working knowledge of and the ability to negotiate and monitor complex contracts, service level agreements, and performance metrics.
Excellent skill in performing complex security analyses and operationalizing security changes.
Ability to identify problems, evaluate alternatives, and implement effective solutions.
Excellent skills in communication, both verbal and written with skills in presenting information to executive level management, public, and legislative audiences.
Superior mentoring and leadership skills.
Skill in building and promoting effective working relationships with user and stakeholder communities operating in a large enterprise environment.
Demonstrated leadership and management skills required for a large, complex and sophisticated technical and professional workforce.
Ability to manage multiple large scale projects.
Registration or Licensure Requirements:
Initial Selection Criteria: College degree in computer science, management information systems, engineering, or a related STEM field. Master’s degree in a computer science, cybersecurity, or management information systems preferred. 10 years of prior experience leading large technical or security teams preferred. Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) and/or Cisco Certified Internetwork Expert (CCIE) Security certifications are preferred.
Additional Information: Job requires many presentations and publicly speaking engagements, including testifying.
MOS Code: Note: There may be no military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position. All active duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information, see the Texas State Auditor’s Military Crosswalk at Military Crosswalk Guide - Prepared by the State Auditor's Office (texas.gov)
HHS agencies use E-Verify. You must bring your I-9 documentation with you on your first day of work.
In compliance with the Americans with Disabilities Act (ADA), HHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
#J-18808-Ljbffr