Information Security Officer
Information Security Officer
Harris County
Houston, TX
See who Harris County has hired for this role
Position Description
Position Overview:
The Information Security Officer (ISO) will be responsible for helping to ensure the protection of Harris County's information systems and critical assets through the day-to-day management of all projects, services and personnel pertaining to the Universal Services Cybersecurity Program. That will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing Harris County's objectives. The ISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which we operate. The Information Security Officer will mitigate overall risks by strengthening defenses and reducing vulnerabilities for Harris County information assets while aligning the information-security governance framework with organizational goals and governance i.e., leadership style, security strategies, philosophy, vision, advisory, values, standards, and policies.
Job Duties:
https://hrrm.harriscountytx.gov/Pages/EqualEmploymentOpportunityPlan.aspx
If you need special services or accommodations, please call (713) 274-5445 or email ADACoordinator@bmd.hctx.net .
This position is subject to a criminal history check. Only relevant convictions will be considered and, even when considered, may not automatically disqualify the candidate.
Requirements
Education:
Automatic Disqualification:
Preferences
Education:
Position Type and Typical Hours of Work:
Due to a high volume of applications positions may close prior to the advertised closing date or at the discretion of the Hiring Department.
Position Overview:
The Information Security Officer (ISO) will be responsible for helping to ensure the protection of Harris County's information systems and critical assets through the day-to-day management of all projects, services and personnel pertaining to the Universal Services Cybersecurity Program. That will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing Harris County's objectives. The ISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which we operate. The Information Security Officer will mitigate overall risks by strengthening defenses and reducing vulnerabilities for Harris County information assets while aligning the information-security governance framework with organizational goals and governance i.e., leadership style, security strategies, philosophy, vision, advisory, values, standards, and policies.
Job Duties:
- Evaluate cybersecurity program against industry best practices and frameworks.
- Develop and enhance a comprehensive information security risk-based program.
- Develop an IT security architecture roadmap that will identify security controls and identify and assess technologies that will enforce the organization’s security priorities.
- Establish and promote information security policies, standards, and guidelines.
- Serves as an expert advisor to senior management in the development, implementation, and maintenance of information systems to ensure best practice control objectives are achieved in protecting information assets.
- Monitor and govern the effectiveness of cybersecurity controls and services and ensures the implementation of Harris County Cybersecurity Policies within Universal Services and across the organization.
- Define and implement metrics for assessing cybersecurity risk by creating reports and/or dashboards.
- Provides over watch and thought leadership for the design, implementation, execution, and management of multiple enterprise-wide security solutions to address cybersecurity needs as they are identified and prioritized.
- Conduct accurate evaluation of security risks and advise on necessary actions on the information security program to senior leadership and Commissioners Court as part of a strategic enterprise risk management program.
- Create and manage information security awareness training programs for all Harris County employees, contractors, and approved system users.
- Facilitate information security risk assessment process and oversee treatment efforts.
- Implement incident management process for cybersecurity incidents.
- Manage vendor risk, including assessment and remediation efforts.
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical standards and controls.
- Identify, assess, and prioritize IT risks to county data and systems.
- Communicate cybersecurity requirements, objectives, and risks to county leadership, personnel, and other third parties as required.
- Ensure controls comply with contractual obligations, county policies, and regulations.
- Coordinate development of implementation plans for business-critical service recovery.
- Conduct independent research and analysis for each project's scope and requirements.
- Effectively manage an information security budget and monitor for variances.
https://hrrm.harriscountytx.gov/Pages/EqualEmploymentOpportunityPlan.aspx
If you need special services or accommodations, please call (713) 274-5445 or email ADACoordinator@bmd.hctx.net .
This position is subject to a criminal history check. Only relevant convictions will be considered and, even when considered, may not automatically disqualify the candidate.
Requirements
Education:
- Bachelor's degree from an accredited college or university.
- Two or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials
- (7) Seven to (10) ten years of relevant experience, including (5) five years in a leadership role. Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security
- Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as SOX, PCI DSS, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines as they are updated by the Federal Government.
- Knowledge of common information security management frameworks, such as NIST.
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
- Must possess excellent interpersonal and written/oral communication skills. The ability to interact with executives at all levels.
- Able to execute projects and program/service delivery with limited direction in a highly complex environment.
- Advanced knowledge of information security governance, best practices, policies, standards, procedures, guidelines, and risk management principles.
- Strong knowledge of enterprise networks, personal computers, and software.
- Previous experience with Microsoft Teams, learning management systems, and SharePoint a plus.
Automatic Disqualification:
- Convictions, probation, or deferred adjudication for any Felony, and any Class A Misdemeanor
- Convictions, probation, or deferred adjudication for a Class B Misdemeanor, if within the previous 10 years
- Open arrest for any criminal offense (Felony or Misdemeanor)
- Family Violence conviction
Preferences
Education:
- Master’s or higher degree in Information Security, Information Technology, Business Administration, or relevant discipline.
- Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Experience with contract and vendor negotiations.
- Experience working in Government/Public sector
Position Type and Typical Hours of Work:
- Monday - Friday | 40hrs
- Regular Full-time | Onsite Position
- Hybrid Schedule
- May be required to work more than forty hours during the workweek and/or weekends or on-call 24 hours a day to meet special projects or deadlines
- Subject to performing other duties as assigned
- Must live or plan to live in the Houston Texas metropolitan area.
- Downtown Houston - 406 Caroline Street, Houston, TX 77002
Due to a high volume of applications positions may close prior to the advertised closing date or at the discretion of the Hiring Department.
-
Seniority level
Mid-Senior level -
Employment type
Full-time -
Job function
Information Technology -
Industries
Government Administration
Referrals increase your chances of interviewing at Harris County by 2x
See who you knowGet notified about new Information Security Officer jobs in Houston, TX.
Sign in to create job alertSimilar jobs
People also viewed
-
Data Center Security Manager
Data Center Security Manager
-
Cyber Security Lead
Cyber Security Lead
-
Information Security Manager
Information Security Manager
-
Data Center Security Manager
Data Center Security Manager
-
Cybersecurity Awareness Manager
Cybersecurity Awareness Manager
-
Vice President of Cybersecurity (Hybrid)
Vice President of Cybersecurity (Hybrid)
-
Sr Information System Security Officer
Sr Information System Security Officer
-
IT Cybersecurity Manager
IT Cybersecurity Manager
-
Manager, Information Security
Manager, Information Security
-
Cybersecurity Manager
Cybersecurity Manager
Looking for a job?
Visit the Career Advice Hub to see tips on interviewing and resume writing.
View Career Advice Hub