Texas Health and Human Services Commission
Chief Information Security Officer
Texas Health and Human Services Commission, Austin, Texas, us, 78716
Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.
Functional Title:
Chief Information Security Officer
Job Title:
Director VI
Agency:
Health & Human Services Comm
Department:
CHIEF INFO SECURITY OFFICE
Posting Number:
1288 Closing Date:
02/08/2025 Posting Audience:
Internal and External Occupational Category:
Computer and Mathematical Salary Group:
TEXAS-B-31 Salary Range:
$10,271.00 - $17,370.75 Shift:
Day
Additional Shift:
Telework:
Travel:
Up to 10%
Regular/Temporary:
Regular
Full Time/Part Time:
Full time
FLSA Exempt/Non-Exempt:
Exempt
Facility Location:
Job Location City:
AUSTIN
Job Location Address:
4601 W GUADALUPE ST
Other Locations:
MOS Codes:
8003,8040,8041,8042,10C0,111X,112X,113X,114X,20C0,30C0,40C0,611X,612X,621X,631X,641X,648X,90G0,91C0
91W0,97,SEI15
Brief Job Description:
The Chief Information Security Officer (CISO) is selected by and reports to the Chief Information Officer, working under minimal supervision, with extensive latitude for the use of initiative and independent judgment.
The CISO is responsible for coordinating information technology security activities and creating and communicating a broad-based IT security conscious culture across the organization. The CISO performs highly advanced managerial work providing direction and guidance in strategic IT operations and planning. The CISO oversees the development of enterprise level security policies, coordinates and leads information technology physical and logical security activities, is responsible for performing IT risk management activities, IT security awareness, IT security architecture, and IT security incident management. The CISO plans, assigns and supervises the work of others in functional areas of the delivery of the enterprise security program.
Essential Job Functions (EJFs):
Oversees the development and monitoring of information technology security practices to ensure HHS information and technology infrastructure is appropriately available and secure from unauthorized access, inappropriate alteration or destruction. Oversees internal and external resources that safeguard HHS IT assets and systems. Ensures systems/application comply with IT security policies, industry and state regulations, and best practices. Oversees investigations into security violations and breaches and reports such violations when needed. Responsible for the development and maintenance of IT risk assessment, system security planning, contingency planning and support for the various audits and examinations. Evaluates information security controls and suggests improvements include modification of existing controls and the addition of new, more effective controls. (30%)
Oversees the management of the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security and compliance with Chapter 202 of Title 1 of the Texas Administrative Code (1 TAC 202), Information Security Standards, and Internal Revenue Code, Title 26 of the U.S. Code (26 USC) 6103(l)(7). Continually refines the IT Security & Risk Strategy, ensuring critical data, assets and infrastructure are secure by working to keep cyber defenses, operations and the overall organization prepared for current and ongoing threats. (30%) Defines the HHS Information Security Roadmap and manages the budget associated with the delivery of security functions across the HHS Enterprise. Identifies and implements information security goals, objectives and metrics consistent with HHS risk tolerance, organizational mission and IT strategic plans. (15%)
Oversees the coordination of collaboration of information security across the HHS enterprise. Oversees the development and delivery of security services to agencies within the HHS enterprise. Works closely with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Collaborates with other information systems team members, staff and vendors to design, implement, maintain and monitor secure systems and processes supporting a high level of confidentiality, integrity and availability. Educates users about Information Security Requirements, Policies, and Procedures and consults on security issues as it relates to strategic initiatives for the organization. Partner closely with other Information Technology divisions (Infrastructure and Applications team) to ensure that all applications are developed with security in mind. (15%)
Represents the HHS Enterprise both internally and externally on information security matters. Leads committees and participates in statewide security initiatives. Works with outside consultants as appropriate for independent security audits. (10%)
Knowledge, Skills and Abilities (KSAs):
Extensive working knowledge of federal, state, and local information security compliance requirements. Extensive working Knowledge of information security auditing and risk management. Working knowledge of business continuity planning. Working knowledge of and the ability to negotiate and monitor complex contracts, service level agreements, and performance metrics. Excellent Skill in performing complex security analyses and operationalizing security changes. Ability to identify problems, evaluate alternatives, and implement effective solutions. Excellent skills in communication, both verbal and written with skills in presenting information to executive level management, public, and legislative audiences. Superior mentoring and leadership skills. Skill in building and promoting effective working relationships with user and stakeholder communities operating in a large enterprise environment. Demonstrated leadership and management skills required for a large, complex and sophisticated technical and professional workforce. Ability to manage multiple large scale projects.
Registrations, Licensure Requirements or Certifications:
Certified Information Security Manager(CISM), Certified Information Systems Security Professional(CISSP) and/or Cisco Certified Internetwork Expert(CCIE) Security certifications are preferred.
Initial Screening Criteria:
College degree in computer science, management information systems, engineering, or a related STEM field. Master's degree in a computer science, cybersecurity, or management information systems preferred. 10 years of prior experience leading large technical or security teams preferred.
Additional Information:
Telework may be available based on performance, compliance with the agency's telework policy, and business requirements. Telework arrangements are subject to adjustment and change based on policy and operational requirements.
Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.
Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.
Active Duty, Military, Reservists, Guardsmen, and Veterans :
Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor's Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.
ADA Accommodations:
In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
Pre-Employment Checks and Work Eligibility:
Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.
HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form
Functional Title:
Chief Information Security Officer
Job Title:
Director VI
Agency:
Health & Human Services Comm
Department:
CHIEF INFO SECURITY OFFICE
Posting Number:
1288 Closing Date:
02/08/2025 Posting Audience:
Internal and External Occupational Category:
Computer and Mathematical Salary Group:
TEXAS-B-31 Salary Range:
$10,271.00 - $17,370.75 Shift:
Day
Additional Shift:
Telework:
Travel:
Up to 10%
Regular/Temporary:
Regular
Full Time/Part Time:
Full time
FLSA Exempt/Non-Exempt:
Exempt
Facility Location:
Job Location City:
AUSTIN
Job Location Address:
4601 W GUADALUPE ST
Other Locations:
MOS Codes:
8003,8040,8041,8042,10C0,111X,112X,113X,114X,20C0,30C0,40C0,611X,612X,621X,631X,641X,648X,90G0,91C0
91W0,97,SEI15
Brief Job Description:
The Chief Information Security Officer (CISO) is selected by and reports to the Chief Information Officer, working under minimal supervision, with extensive latitude for the use of initiative and independent judgment.
The CISO is responsible for coordinating information technology security activities and creating and communicating a broad-based IT security conscious culture across the organization. The CISO performs highly advanced managerial work providing direction and guidance in strategic IT operations and planning. The CISO oversees the development of enterprise level security policies, coordinates and leads information technology physical and logical security activities, is responsible for performing IT risk management activities, IT security awareness, IT security architecture, and IT security incident management. The CISO plans, assigns and supervises the work of others in functional areas of the delivery of the enterprise security program.
Essential Job Functions (EJFs):
Oversees the development and monitoring of information technology security practices to ensure HHS information and technology infrastructure is appropriately available and secure from unauthorized access, inappropriate alteration or destruction. Oversees internal and external resources that safeguard HHS IT assets and systems. Ensures systems/application comply with IT security policies, industry and state regulations, and best practices. Oversees investigations into security violations and breaches and reports such violations when needed. Responsible for the development and maintenance of IT risk assessment, system security planning, contingency planning and support for the various audits and examinations. Evaluates information security controls and suggests improvements include modification of existing controls and the addition of new, more effective controls. (30%)
Oversees the management of the development and implementation of security policy, standards, guidelines and procedures to ensure ongoing maintenance of security and compliance with Chapter 202 of Title 1 of the Texas Administrative Code (1 TAC 202), Information Security Standards, and Internal Revenue Code, Title 26 of the U.S. Code (26 USC) 6103(l)(7). Continually refines the IT Security & Risk Strategy, ensuring critical data, assets and infrastructure are secure by working to keep cyber defenses, operations and the overall organization prepared for current and ongoing threats. (30%) Defines the HHS Information Security Roadmap and manages the budget associated with the delivery of security functions across the HHS Enterprise. Identifies and implements information security goals, objectives and metrics consistent with HHS risk tolerance, organizational mission and IT strategic plans. (15%)
Oversees the coordination of collaboration of information security across the HHS enterprise. Oversees the development and delivery of security services to agencies within the HHS enterprise. Works closely with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Collaborates with other information systems team members, staff and vendors to design, implement, maintain and monitor secure systems and processes supporting a high level of confidentiality, integrity and availability. Educates users about Information Security Requirements, Policies, and Procedures and consults on security issues as it relates to strategic initiatives for the organization. Partner closely with other Information Technology divisions (Infrastructure and Applications team) to ensure that all applications are developed with security in mind. (15%)
Represents the HHS Enterprise both internally and externally on information security matters. Leads committees and participates in statewide security initiatives. Works with outside consultants as appropriate for independent security audits. (10%)
Knowledge, Skills and Abilities (KSAs):
Extensive working knowledge of federal, state, and local information security compliance requirements. Extensive working Knowledge of information security auditing and risk management. Working knowledge of business continuity planning. Working knowledge of and the ability to negotiate and monitor complex contracts, service level agreements, and performance metrics. Excellent Skill in performing complex security analyses and operationalizing security changes. Ability to identify problems, evaluate alternatives, and implement effective solutions. Excellent skills in communication, both verbal and written with skills in presenting information to executive level management, public, and legislative audiences. Superior mentoring and leadership skills. Skill in building and promoting effective working relationships with user and stakeholder communities operating in a large enterprise environment. Demonstrated leadership and management skills required for a large, complex and sophisticated technical and professional workforce. Ability to manage multiple large scale projects.
Registrations, Licensure Requirements or Certifications:
Certified Information Security Manager(CISM), Certified Information Systems Security Professional(CISSP) and/or Cisco Certified Internetwork Expert(CCIE) Security certifications are preferred.
Initial Screening Criteria:
College degree in computer science, management information systems, engineering, or a related STEM field. Master's degree in a computer science, cybersecurity, or management information systems preferred. 10 years of prior experience leading large technical or security teams preferred.
Additional Information:
Telework may be available based on performance, compliance with the agency's telework policy, and business requirements. Telework arrangements are subject to adjustment and change based on policy and operational requirements.
Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.
Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.
Active Duty, Military, Reservists, Guardsmen, and Veterans :
Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor's Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.
ADA Accommodations:
In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
Pre-Employment Checks and Work Eligibility:
Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.
HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form