Information Technology Department - Chief Information Security Officer
County of El Paso TX in El Paso, TX
Industry: Information Technology - Information Security Specialist/Forensics
Type: Full Time
$95,173.33 - 146,840.00
PLEASE NOTE: Salary dependent upon the experience of the successful candidate. The starting salary is generally entry level; however it may be higher with Commissioners Court approval.
Acceptable Experience and Education
Bachelor's degree from an accredited university in Bachelor of Science in Information Technology, Information Security, Computer Science, Engineering, or related field and seven (7) years of information technology experience to include two (2) years of information technology security experience in any or all of the following: information security architecture, information security procedures and controls, physical security, attack & penetration testing, application testing, information assurance program gap analysis and incident response; with five (5) years of supervisory and project personnel management experience.
Or, any equivalent combination of education, experience, and training which provides the required knowledge, skills, and abilities will be considered.
Certificates and Licenses Required
Must have or obtain by date of hire a valid driver's license applicable to job responsibilities, with a driving record acceptable to the County of El Paso.
Any one of the following industry certifications will be required within twelve (12) months from date of appointment; Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), or Certified in Risk and Information Systems Control (CRISC).
Manages the design, development, documentation, operation, and maintenance of the County's information cybersecurity services;
Manages the County's response to incidents and ensures they are appropriately addressed, documented, and reported;
Provides strategic and operation information security and technology leadership Countywide;
Establishes support and continuously improves enterprise information security and privacy technology;
Develops and updates the information security policies, procedures, and standards, which align with business goals and objectives across county departments;
Manages business plans and exercise with departments and offices to design, implement, test, and validate recovery processes to ensure the County can restore operations within set recover time and recovery point objectives;
Identifies current and potential legal and regulatory requirements affecting information security;
Coordinates and collaborate with information technology administrators and County departments to ensure security compliance of information systems;
Manages, schedules, coordinates, and audits mandatory information system patching, updating and scanning based on vulnerabilities and threats or regular compliance on an on-going basis;
Identifies and periodically evaluates information security controls and countermeasures to mitigate risk to acceptable levels;
Integrates risk, threat and vulnerability identification and management into life cycle processes;
Provides oversight and guidance with regard to information security in new and on-going projects;
Develops security awareness by directing development of orientation/awareness and training programs for all County employees as well as specific training for information technology employees;
Establishes Key Performance Indicators (KPIs) to evaluate the effectiveness of the information security program.
Develops and implements processes for preventing, detecting, identifying, analyzing and responding to information security incidents;
Manages internal and external resources required to execute the information security program;
Ensures the County of El Paso and its vendors meet all mandated security and compliance standards;
Provides support to the department head in the acquisition, compilation, and presentation of statistical and other data requirements;
Plans and directs research projects, prepares recommendations, and prepares regular reports;
Due to critical nature of IT system must be available to respond to department "on demand" and in a timely manner;
Commits self to providing excellent customer service and demonstrate commitment through cooperative team and individual efforts; and
Creates a high quality work culture through participation in and emphasis on training and mentoring to develop leadership, management, and technical skills in self and all employees, including safety related training and skills.
Other Important Duties
Performs such other related duties as may be assigned;
Adheres to all County performance standards as well as departmental KPIs that measure individual work product;
Works both traditional and non-traditional business work hours, including but not limited to; evening shifts, weekends and holidays;
Leads the County of El Paso's Cyber Incident Response Team (CIRT);
May be required to wear a uniform as per department appearance standards;
As members of the County of El Paso Emergency Response System, all El Paso County employees are designated as Disaster Service Workers during a proclaimed emergency and may be required to train on emergency response and/or perform certain emergency services at the direction of their supervisor.
The Chief Information Security Officer (CISO) under general direction, manages the design, development, operation, testing, and maintenance of the County's information cybersecurity policies & practices. The CISO leads the cybersecurity requirements, strategy, and programs at an enterprise-level across all departments. The CISO is responsible in ensuring information system security risks, assets, and processes are protected; identified, evaluated, remediated, and exposure minimized, oversees cybersecurity training programs for all County staff; enables business resilience through continuity planning and solutions; ensures compliance with regulatory requirements; manages audit and incident responses; and aligns the overall risk posture of the County.
Reports to: Chief Technology Officer
Directs: Depending on project assignment will lead staff
Other: Has contact with department heads and/or staff in order to coordinate and complete assigned responsibilities; outside departments utilizing automated systems or equipment; vendors, contractors, outside agencies, and other County employees; frequent contact with County IT staff and IT staff from other public entities. Collaborates with other department heads and their senior staff. Cooperates and interfaces with outside agencies, public agencies, law enforcement agencies and general public. Interacts with IT end users, vendors, contractors and sub-contractors.
Minimum Requirements: Knowledge, Skills, and Abilities
Knowledge of: Cybersecurity standards and framework applicable to county government; project management; information security standards and practices; regulatory compliance standards; information security management, physical security and network security; the Information Technology typical of county operating environment, included but not limited to, server, desktop, mobile operating systems, network directory and operating systems, productivity software products, software development practices and architectures, etc.; incident management and response; risk assessment and risk management; applicable laws and regulations as they relate to IT; applicable laws and regulations as they relate Local government.
Skill/Ability to: apply IT in solving business problems; provide strong leadership; communicate in writing, oral, and interpersonal; present ideas in a business-friendly and user-friendly language; be highly self-motivated, self-directed, and attentive to detail; effectively prioritize and execute tasks in a high-pressure environment; work in a team-oriented, collaborative environment; complete projects on time and within budget; operate personal computer using standard office operating software and general office equipment; prepare and maintain records, maintain filing systems, compile and organize information; promote program activities; train; and establish and maintain cooperative and effective relationships with those contacted during the course of work; Pass a background investigation.
Each and every county position requires the following professional skills and abilities as key and necessary elements of performance:
* Pass a thorough background investigation.
* Demonstrate regular and reliable attendance.
* Work well with others and participate fully in a team oriented environment.
* Interface with other employees and customers in a courteous and respectful manner.
* Maintain strict confidentiality.
* Project positive support of their department and organizations receiving IT service at all times.
* Maintain and enhance the County's commitment to customer service excellence. Associated topics: attack, cybersecurity, information assurance, leak, phish, protect, security officer, threat, violation, vulnerability