Harris County
Information Security Officer
Harris County, Houston, Texas, United States, 77246
Position Overview:The Information Security Officer (ISO) will be responsible for helping to ensure the protection of Harris County's information systems and critical assets through the day-to-day management of all projects, services and personnel pertaining to the Universal Services Cybersecurity Program. That will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing Harris County's objectives. The ISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which we operate. The Information Security Officer will mitigate overall risks by strengthening defenses and reducing vulnerabilities for Harris County information assets while aligning the information-security governance framework with organizational goals and governance i.e., leadership style, security strategies, philosophy, vision, advisory, values, standards, and policies.Job Duties:Evaluate cybersecurity program against industry best practices and frameworks.Develop and enhance a comprehensive information security risk-based program.Develop an IT security architecture roadmap that will identify security controls and assess technologies that will enforce the organization’s security priorities.Establish and promote information security policies, standards, and guidelines.Serve as an expert advisor to senior management in the development, implementation, and maintenance of information systems to ensure best practice control objectives are achieved in protecting information assets.Monitor and govern the effectiveness of cybersecurity controls and services, ensuring the implementation of Harris County Cybersecurity Policies within Universal Services and across the organization.Define and implement metrics for assessing cybersecurity risk by creating reports and/or dashboards.Provide oversight and thought leadership for the design, implementation, execution, and management of multiple enterprise-wide security solutions to address cybersecurity needs as they are identified and prioritized.Conduct accurate evaluation of security risks and advise on necessary actions on the information security program to senior leadership and Commissioners Court as part of a strategic enterprise risk management program.Create and manage information security awareness training programs for all Harris County employees, contractors, and approved system users.Facilitate information security risk assessment process and oversee treatment efforts.Implement incident management process for cybersecurity incidents.Manage vendor risk, including assessment and remediation efforts.Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical standards and controls.Identify, assess, and prioritize IT risks to county data and systems.Communicate cybersecurity requirements, objectives, and risks to county leadership, personnel, and other third parties as required.Ensure controls comply with contractual obligations, county policies, and regulations.Coordinate development of implementation plans for business-critical service recovery.Conduct independent research and analysis for each project's scope and requirements.Effectively manage an information security budget and monitor for variances.Education:Bachelor's degree from an accredited college or university.Certification:Two or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.Experience:Seven to ten years of relevant experience, including five years in a leadership role. Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security.Knowledge, Skill & Abilities:Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as SOX, PCI DSS, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines as they are updated by the Federal Government.Knowledge of common information security management frameworks, such as NIST.Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.Must possess excellent interpersonal and written/oral communication skills. The ability to interact with executives at all levels.Able to execute projects and program/service delivery with limited direction in a highly complex environment.Advanced knowledge of information security governance, best practices, policies, standards, procedures, guidelines, and risk management principles.Strong knowledge of enterprise networks, personal computers, and software.Previous experience with Microsoft Teams, learning management systems, and SharePoint a plus.Automatic Disqualification:Convictions, probation, or deferred adjudication for any Felony, and any Class A Misdemeanor.Convictions, probation, or deferred adjudication for a Class B Misdemeanor, if within the previous 10 years.Open arrest for any criminal offense (Felony or Misdemeanor).Family Violence conviction.NOTE:
Qualifying education, experience, knowledge, and skills must be documented on your job application. You may attach a resume to the application as supporting documentation but ONLY information stated on the application will be used for consideration. "See Resume" will not be accepted for qualifications.Position Type and Typical Hours of Work:Monday - Friday | 40hrsRegular Full-time | Onsite PositionHybrid ScheduleMay be required to work more than forty hours during the workweek and/or weekends or on-call 24 hours a day to meet special projects or deadlines.Subject to performing other duties as assigned.Must live or plan to live in the Houston Texas metropolitan area.Location:Downtown Houston - 406 Caroline Street, Houston, TX 77002Employment may be contingent on passing a drug screen and meeting other standards.Due to a high volume of applications, positions may close prior to the advertised closing date or at the discretion of the Hiring Department.
#J-18808-Ljbffr
Qualifying education, experience, knowledge, and skills must be documented on your job application. You may attach a resume to the application as supporting documentation but ONLY information stated on the application will be used for consideration. "See Resume" will not be accepted for qualifications.Position Type and Typical Hours of Work:Monday - Friday | 40hrsRegular Full-time | Onsite PositionHybrid ScheduleMay be required to work more than forty hours during the workweek and/or weekends or on-call 24 hours a day to meet special projects or deadlines.Subject to performing other duties as assigned.Must live or plan to live in the Houston Texas metropolitan area.Location:Downtown Houston - 406 Caroline Street, Houston, TX 77002Employment may be contingent on passing a drug screen and meeting other standards.Due to a high volume of applications, positions may close prior to the advertised closing date or at the discretion of the Hiring Department.
#J-18808-Ljbffr