Information Security Officer
Apply NowCompany: Harris County, TX
Location: Houston, TX 77084
Description:
Salary: Depends on Qualifications
Location : Houston, TX
Job Type: Regular Full-time
Job Number: 12262
Department: Universal Services
Opening Date: 02/16/2024
Closing Date: 3/29/2025 11:59 PM Central
Max Number of Applicants: 275
Position Description
Position Overview:
The Information Security Officer (ISO) will be responsible for helping to ensure the protection of Harris County's information systems and critical assets through the day-to-day management of all projects, services and personnel pertaining to the Universal Services Cybersecurity Program. That will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing Harris County's objectives. The ISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which we operate. The Information Security Officer will mitigate overall risks by strengthening defenses and reducing vulnerabilities for Harris County information assets while aligning the information-security governance framework with organizational goals and governance i.e., leadership style, security strategies, philosophy, vision, advisory, values, standards, and policies.
Job Duties:
Harris County is an Equal Opportunity Employer
https://hrrm.harriscountytx.gov/Pages/EqualEmploymentOpportunityPlan.aspx
If you need special services or accommodations, please call (713) 274-5445 or email ADACoordinator@bmd.hctx.net.
This position is subject to a criminal history check. Only relevant convictions will be considered and, even when considered, may not automatically disqualify the candidate.
Requirements
Education:
Certification:
Experience:
Knowledge, Skill & Abilities:
Applicants for this position will be subject to a criminal background check that includes being fingerprinted. This applies to any position with network access to Criminal Justice Information Services (CJIS) or access to an area where CJIS is received, maintained, or stored either manually or electronically (i.e., custodian, maintenance).
Automatic Disqualification:
NOTE: Qualifying education, experience, knowledge, and skills must be documented on your job application. You may attach a resume to the application as supporting documentation but ONLY information stated on the application will be used for consideration. "See Resume" will not be accepted for qualifications.
Preferences
Education:
Experience:
General Information
Position Type and Typical Hours of Work:
Location:
Employment may be contingent on passing a drug screen and meeting other standards.
Due to a high volume of applications positions may close prior to the advertised closing date or at the discretion of the Hiring Department.
BENEFITS
Harris County offers a competitive benefits program, including comprehensive group health and related benefits plan as well as defined benefit retirement plan.
The following list of benefits is offered only to employees in regular (full-time) positions:
The following benefits are also available to regular (full-time) employment and may be available to part-time employees:
In accordance with the Harris County Personnel Regulations, Group Health and related benefits are subject to amendment or discontinuance at any time. Commissioners Court reserves the right to make benefit modifications on the County's behalf as needed.
For plan details, visit the Harris County benefits website:
01
Which of the following best describes your highest level of education completed as it relates to this position?
02
If you selected a college degree in response to the previous question, which of the following best describes your major?
03
Please describe your educational background including level of education completed, area of study and completed major and minor programs.
04
Which of the following best describes your verifiable relevant related experience? (To be considered, qualifying experience must be documented in your application's employment history)
05
Please provide details about your verifiable relevant related experience. Do not use "Please see Resume" or "See Resume"(To be considered, qualifying experience must be documented in your application's employment history)Please include your (a) role(s), (b) types of organizations, (c) scope of duties and responsibilitiesIf you do not have this experience, please type "None" in the space provided.
06
Which of the following best describes your verifiable experience and success in senior leadership roles in risk management, information security, and IT or OT security? (To be considered, qualifying experience must be documented in your application's employment history)
07
Please provide details about your verifiable experience and success in senior leadership roles in risk management, information security, and IT or OT security. Do not use "Please see Resume" or "See Resume"(To be considered, qualifying experience must be documented in your application's employment history)Please include your (a) role(s), (b) types of organizations, (c) scope of duties and responsibilitiesIf you do not have this experience, please type "None" in the space provided.
08
Which of the following professional certifications do you currently hold? Select all that apply:
09
Do you have experience successfully executing programs that meet the objectives of excellence in a dynamic business environment?
10
Do you have experience with contract and vendor negotiations?
11
Do you have experience working in Government/Public sector?
12
Which of the following describes your level of proficiency using a personal computer and common office software such as MS Office Suite (Word, Excel, PowerPoint, and Outlook). Please select your level of proficiency based on the following descriptions:Advanced:A person with this level of skills is able to produce very large, complex formal documents that require a table of contents, footnotes, endnotes, bookmarks, and other special elements; a wide range of graphic effects, and use advanced techniques for analyzing and manipulating data. Has full mastery of Macro commands and skills to tie the objects together into a cohesive system by using Macros and Visual Basic for Applications code. Makes interactive presentations by using hyperlinks and action buttons.Intermediate:A person with this level of skills is able to customize toolbars, import and insert graphs, embed Excel data, and elaborate reports. Understands the concepts of databases and is able to work with charts and to use the list management capabilities of Excel. Able to use complex query techniques, create efficient forms and reports, and create Macros to automate these forms. Makes interactive presentations by using hyperlinks and action buttons.Basic:A person with this level of skills is able to use basic formatting, editing, printing functions, and understands the document page setup. Has the ability to enter and correct data, modify a workbook, format a worksheet, and use printing functions. Understands the different database concepts and structures and is familiar with data validation and is able to create a simple presentation in PowerPoint, run it, and print it.Entry Level:A person with this level of skills has the ability to open, create, save and modify documents in Word, send and receive email in Outlook and create spreadsheets in Excel. Format documents for printing, comfortable using the printer menu to preview documents. Has ability to change the font, the margins, insert or delete pages and use the built-in spellchecker and grammar check.
Required Question
Location : Houston, TX
Job Type: Regular Full-time
Job Number: 12262
Department: Universal Services
Opening Date: 02/16/2024
Closing Date: 3/29/2025 11:59 PM Central
Max Number of Applicants: 275
Position Description
Position Overview:
The Information Security Officer (ISO) will be responsible for helping to ensure the protection of Harris County's information systems and critical assets through the day-to-day management of all projects, services and personnel pertaining to the Universal Services Cybersecurity Program. That will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing Harris County's objectives. The ISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which we operate. The Information Security Officer will mitigate overall risks by strengthening defenses and reducing vulnerabilities for Harris County information assets while aligning the information-security governance framework with organizational goals and governance i.e., leadership style, security strategies, philosophy, vision, advisory, values, standards, and policies.
Job Duties:
- Evaluate cybersecurity program against industry best practices and frameworks.
- Develop and enhance a comprehensive information security risk-based program.
- Develop an IT security architecture roadmap that will identify security controls and identify and assess technologies that will enforce the organization's security priorities.
- Establish and promote information security policies, standards, and guidelines.
- Serves as an expert advisor to senior management in the development, implementation, and maintenance of information systems to ensure best practice control objectives are achieved in protecting information assets.
- Monitor and govern the effectiveness of cybersecurity controls and services and ensures the implementation of Harris County Cybersecurity Policies within Universal Services and across the organization.
- Define and implement metrics for assessing cybersecurity risk by creating reports and/or dashboards.
- Provides over watch and thought leadership for the design, implementation, execution, and management of multiple enterprise-wide security solutions to address cybersecurity needs as they are identified and prioritized.
- Conduct accurate evaluation of security risks and advise on necessary actions on the information security program to senior leadership and Commissioners Court as part of a strategic enterprise risk management program.
- Create and manage information security awareness training programs for all Harris County employees, contractors, and approved system users.
- Facilitate information security risk assessment process and oversee treatment efforts.
- Implement incident management process for cybersecurity incidents.
- Manage vendor risk, including assessment and remediation efforts.
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical standards and controls.
- Identify, assess, and prioritize IT risks to county data and systems.
- Communicate cybersecurity requirements, objectives, and risks to county leadership, personnel, and other third parties as required.
- Ensure controls comply with contractual obligations, county policies, and regulations.
- Coordinate development of implementation plans for business-critical service recovery.
- Conduct independent research and analysis for each project's scope and requirements.
- Effectively manage an information security budget and monitor for variances.
Harris County is an Equal Opportunity Employer
https://hrrm.harriscountytx.gov/Pages/EqualEmploymentOpportunityPlan.aspx
If you need special services or accommodations, please call (713) 274-5445 or email ADACoordinator@bmd.hctx.net.
This position is subject to a criminal history check. Only relevant convictions will be considered and, even when considered, may not automatically disqualify the candidate.
Requirements
Education:
- Bachelor's degree from an accredited college or university.
Certification:
- Two or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials
Experience:
- (7) Seven to (10) ten years of relevant experience, including (5) five years in a leadership role. Demonstrated experience and success in senior leadership roles in risk management, information security, and IT or OT security
Knowledge, Skill & Abilities:
- Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as SOX, PCI DSS, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines as they are updated by the Federal Government.
- Knowledge of common information security management frameworks, such as NIST.
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
- Must possess excellent interpersonal and written/oral communication skills. The ability to interact with executives at all levels.
- Able to execute projects and program/service delivery with limited direction in a highly complex environment.
- Advanced knowledge of information security governance, best practices, policies, standards, procedures, guidelines, and risk management principles.
- Strong knowledge of enterprise networks, personal computers, and software.
- Previous experience with Microsoft Teams, learning management systems, and SharePoint a plus.
Applicants for this position will be subject to a criminal background check that includes being fingerprinted. This applies to any position with network access to Criminal Justice Information Services (CJIS) or access to an area where CJIS is received, maintained, or stored either manually or electronically (i.e., custodian, maintenance).
Automatic Disqualification:
- Convictions, probation, or deferred adjudication for any Felony, and any Class A Misdemeanor
- Convictions, probation, or deferred adjudication for a Class B Misdemeanor, if within the previous 10 years
- Open arrest for any criminal offense (Felony or Misdemeanor)
- Family Violence conviction
NOTE: Qualifying education, experience, knowledge, and skills must be documented on your job application. You may attach a resume to the application as supporting documentation but ONLY information stated on the application will be used for consideration. "See Resume" will not be accepted for qualifications.
Preferences
Education:
- Master's or higher degree in Information Security, Information Technology, Business Administration, or relevant discipline.
Experience:
- Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Experience with contract and vendor negotiations.
- Experience working in Government/Public sector
General Information
Position Type and Typical Hours of Work:
- Monday - Friday | 40hrs
- Regular Full-time | Onsite Position
- Hybrid Schedule
- May be required to work more than forty hours during the workweek and/or weekends or on-call 24 hours a day to meet special projects or deadlines
- Subject to performing other duties as assigned
- Must live or plan to live in the Houston Texas metropolitan area.
Location:
- Downtown Houston - 406 Caroline Street, Houston, TX 77002
Employment may be contingent on passing a drug screen and meeting other standards.
Due to a high volume of applications positions may close prior to the advertised closing date or at the discretion of the Hiring Department.
BENEFITS
Harris County offers a competitive benefits program, including comprehensive group health and related benefits plan as well as defined benefit retirement plan.
The following list of benefits is offered only to employees in regular (full-time) positions:
- Medical Coverage
- Dental Coverage
- Vision Coverage
- Wellness Plan
- Life Insurance
- Long-term disability
- Employee Assistance Program
- Ten (10) days of vacation each year for the first five (5) years of service
- Accrual rates increase based on years of service
- Eleven (11) County-observed holidays and one (1) floating holiday
- Professional development opportunities
- Dependent Care Reimbursement Plan
- Healthcare Reimbursement Account
- 457 Deferred Compensation Plan
The following benefits are also available to regular (full-time) employment and may be available to part-time employees:
- Retirement Pension (TCDRS)
- Flexible schedule (varies by department)
- Transportation Assistance (Metro RideSponsor Program)
In accordance with the Harris County Personnel Regulations, Group Health and related benefits are subject to amendment or discontinuance at any time. Commissioners Court reserves the right to make benefit modifications on the County's behalf as needed.
For plan details, visit the Harris County benefits website:
01
Which of the following best describes your highest level of education completed as it relates to this position?
- High School or GED diploma
- Associate Degree
- Bachelor's Degree
- Master's Degree or higher
- None of the above
02
If you selected a college degree in response to the previous question, which of the following best describes your major?
- Information Security
- Information Technology
- Business Administration
- Other Related Field
- Unrelated Field
- N/A; No Degree
03
Please describe your educational background including level of education completed, area of study and completed major and minor programs.
04
Which of the following best describes your verifiable relevant related experience? (To be considered, qualifying experience must be documented in your application's employment history)
- Less than seven (7) years
- Seven (7) years but less than eight (8) years
- Eight (8) years but less than nine (9) years
- Nine (9) years or more
- I do not have this experience
05
Please provide details about your verifiable relevant related experience. Do not use "Please see Resume" or "See Resume"(To be considered, qualifying experience must be documented in your application's employment history)Please include your (a) role(s), (b) types of organizations, (c) scope of duties and responsibilitiesIf you do not have this experience, please type "None" in the space provided.
06
Which of the following best describes your verifiable experience and success in senior leadership roles in risk management, information security, and IT or OT security? (To be considered, qualifying experience must be documented in your application's employment history)
- Less than five (5) years
- Five (5) years but less than six (6) years
- Six (6) years but less than seven (7) years
- Seven (7) years or more
- I do not have this experience
07
Please provide details about your verifiable experience and success in senior leadership roles in risk management, information security, and IT or OT security. Do not use "Please see Resume" or "See Resume"(To be considered, qualifying experience must be documented in your application's employment history)Please include your (a) role(s), (b) types of organizations, (c) scope of duties and responsibilitiesIf you do not have this experience, please type "None" in the space provided.
08
Which of the following professional certifications do you currently hold? Select all that apply:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Other similar credentials
- N/A; None of the above
09
Do you have experience successfully executing programs that meet the objectives of excellence in a dynamic business environment?
- Yes
- No
10
Do you have experience with contract and vendor negotiations?
- Yes
- No
11
Do you have experience working in Government/Public sector?
- Yes
- No
12
Which of the following describes your level of proficiency using a personal computer and common office software such as MS Office Suite (Word, Excel, PowerPoint, and Outlook). Please select your level of proficiency based on the following descriptions:Advanced:A person with this level of skills is able to produce very large, complex formal documents that require a table of contents, footnotes, endnotes, bookmarks, and other special elements; a wide range of graphic effects, and use advanced techniques for analyzing and manipulating data. Has full mastery of Macro commands and skills to tie the objects together into a cohesive system by using Macros and Visual Basic for Applications code. Makes interactive presentations by using hyperlinks and action buttons.Intermediate:A person with this level of skills is able to customize toolbars, import and insert graphs, embed Excel data, and elaborate reports. Understands the concepts of databases and is able to work with charts and to use the list management capabilities of Excel. Able to use complex query techniques, create efficient forms and reports, and create Macros to automate these forms. Makes interactive presentations by using hyperlinks and action buttons.Basic:A person with this level of skills is able to use basic formatting, editing, printing functions, and understands the document page setup. Has the ability to enter and correct data, modify a workbook, format a worksheet, and use printing functions. Understands the different database concepts and structures and is familiar with data validation and is able to create a simple presentation in PowerPoint, run it, and print it.Entry Level:A person with this level of skills has the ability to open, create, save and modify documents in Word, send and receive email in Outlook and create spreadsheets in Excel. Format documents for printing, comfortable using the printer menu to preview documents. Has ability to change the font, the margins, insert or delete pages and use the built-in spellchecker and grammar check.
- Advanced
- Intermediate
- Basic
- Entry Level
- Not proficient
Required Question