Chief Information Security Officer

GENERAL DESCRIPTION

The Texas Division of Emergency Management (TDEM) is an emergency response entity. This status may affect working hours, travel, and duties as needed. The agency’s Chief Information Security Officer (CISO) exercises explicit authority to administer the information security requirements of the Texas Administrative Code agency-wide and establishes vision and direction for the agency’s cyber and cyber-related resources and operations.

Chief Information Security Officer

Texas Division of Emergency Management

Information Technology Division

$13,781.25 monthly

Austin, Texas

Staff

Employees are subject to working extended hours during evenings and weekends. This position is at-will and serves at the discretion of the head of the agency. Salary is a fixed rate and is non‑negotiable. The position is located on-site and is not subject to telecommuting.

• Develop and maintain an agency-wide information security program, rules and procedures aligning with agency policies and risks.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Provide guidance and assistance to senior agency officials, information owners, custodians, and end users regarding their responsibilities to agency information security policies and communicate the value of information security throughout all organizational levels.
• Work with business and technical resources to ensure security controls address applicable requirements of agency information security policies and risks.
• Develop and recommend rules and establish procedures and practices, in cooperation with the agency CIO, owners and custodians, to ensure the security of information and information resources against unauthorized or accidental modification, destruction, or disclosure.
• Provide training and direction to personnel with significant responsibilities for information security.
• Ensure annual information security risk assessments are performed and documented by information owners.
• Review the agency’s inventory of information systems and related ownership and responsibilities.
• Coordinate review of data security requirements, specifications, and third‑party risk assessment of any new computer applications or services that receive, maintain, or process moderate or high‑impact data.
• Verify that security requirements are identified, risk mitigation plans are developed and contractually agreed prior to purchase of information technology hardware, software, and systems development services for high‑impact applications or applications that process moderate or high‑impact data.
• Report at least annually to the agency Chief the status and effectiveness of security controls.
• Inform affected parties in the event of noncompliance with agency information security policies.
• Represent the agency at State, Texas A&M System, and private sector cybersecurity events.
• Under the direction of the System CISO, represent the A&M System at system member institutions during unusual occurrences or incidents where an information security officer is not available.
• Issue exceptions to information security requirements or controls in agency information security policies.
• Maintain a regular work schedule and work extended hours and/or on weekends as needed.
• Perform related work as assigned.
• Ability to travel (5%).

This document represents the major duties, responsibilities, and authorities of this job and is not intended to be a complete list of all tasks and functions. Other duties may be assigned.

Education – Bachelor’s degree in computer science, computer information systems, business administration, information assurance, informatics, or related field; or equivalent combination of education and experience.

Experience – Ten (10) years operational information security management experience involving security assessments, Tier 2/3 security operations, network/security operations, fundamental operations, managing and changing business processes, and aligning strategy and performance metrics to…