Position Overview:

The Information Security Officer (ISO) will be responsible for helping to ensure the protection of Harris County's information systems and critical assets through the day-to-day management of all projects, services and personnel pertaining to the Universal Services Cybersecurity Program. That will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing Harris County's objectives. The ISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which we operate. The Information Security Officer will mitigate overall risks by strengthening defenses and reducing vulnerabilities for Harris County information assets while aligning the information-security governance framework with organizational goals and governance i.e., leadership style, security strategies, philosophy, vision, advisory, values, standards, and policies.

Job Duties:

• Evaluate cybersecurity program against industry best practices and frameworks.

• Develop and enhance a comprehensive information security risk-based program.

• Develop an IT security architecture roadmap that will identify security controls and identify and assess technologies that will enforce the organization’s security priorities. 

• Establish and promote information security policies, standards, and guidelines.

• Serves as an expert advisor to senior management in the development, implementation, and maintenance of information systems to ensure best practice control objectives are achieved in protecting information assets.

• Monitor and govern the effectiveness of cybersecurity controls and services and ensures the implementation of Harris County Cybersecurity Policies within Universal Services and across the organization.

• Define and implement metrics for assessing cybersecurity risk by creating reports and/or dashboards.

• Provides over watch and thought leadership for the design, implementation, execution, and management of multiple enterprise-wide security solutions to address cybersecurity needs as they are identified and prioritized.

• Conduct accurate evaluation of security risks and advise on necessary actions on the information security program to senior leadership and Commissioners Court as part of a strategic enterprise risk management program.

• Create and manage information security awareness training programs for all Harris County employees, contractors, and approved system users.

• Facilitate information security risk assessment process and oversee treatment efforts.

• Implement incident management process for cybersecurity incidents.

• Manage vendor risk, including assessment and remediation efforts.

• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical standards and controls.

• Identify, assess, and prioritize IT risks to county data and systems.

• Communicate cybersecurity requirements, objectives, and risks to county leadership, personnel, and other third parties as required.

• Ensure controls comply with contractual obligations, county policies, and regulations.

• Coordinate development of implementation plans for business-critical service recovery.

• Conduct independent research and analysis for each project's scope and requirements.

• Effectively manage an information security budget and monitor for variances.

Harris County is an Equal Opportunity Employer https://hrrm.harriscountytx.gov/Pages/EqualEmploymentOpportunityPlan.aspx
 If you need special services or accommodations, please call (713) 274-5445 or email ADACoordinator@bmd.hctx.net. This position is subject to a criminal history check. Only relevant convictions will be considered and, even when considered, may not automatically disqualify the candidate.

Education:

• Bachelor's degree from an accredited college or university.

Certification:

• Two or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials

Experience:

• (7) Seven to (10) ten years of relevant experience, including (5) five years in a leadership role. Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security

Knowledge, Skill & Abilities:

• Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as SOX, PCI DSS, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines as they are updated by the Federal Government.

• Knowledge of common information security management frameworks, such as NIST.

• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

• Must possess excellent interpersonal and written/oral communication skills. The ability to interact with executives at all levels.

• Able to execute projects and program/service delivery with limited direction in a highly complex environment.

• Advanced knowledge of information security governance, best practices, policies, standards, procedures, guidelines, and risk management principles.

• Strong knowledge of enterprise networks, personal computers, and software.

• Previous experience with Microsoft Teams, learning management systems, and SharePoint a plus.

Applicants for this position will be subject to a criminal background check that includes being fingerprinted. This applies to any position with network access to Criminal Justice Information Services (CJIS) or access to an area where CJIS is received, maintained, or stored either manually or electronically (i.e., custodian, maintenance).
 
 Automatic Disqualification:

• Convictions, probation, or deferred adjudication for any Felony, and any Class A Misdemeanor 
• Convictions, probation, or deferred adjudication for a Class B Misdemeanor, if within the previous 10 years 
• Open arrest for any criminal offense (Felony or Misdemeanor) 
• Family Violence conviction

Education:

• Master’s or higher degree in Information Security, Information Technology, Business Administration, or relevant discipline.

Experience:

• Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.

• Experience with contract and vendor negotiations.

• Experience working in Government/Public sector