Chief Information Security Officer

Hello, we’re
Metro ! Metro is dedicated to shaping a better future for the greater Portland region. The work the people of Metro do every day benefits the lives of the people who live here, today, and tomorrow.

The Information Technology and Records Management (IT) department is looking for a Chief Information Security Officer (CISO) to lead Metro’s enterprise-wide cybersecurity strategy. This role provides strategic direction, oversight and leadership for information security, cyber risk management and compliance across the organization.

The CISO partners with departments across Metro to build a culture of shared responsibility for security. Rather than acting as a gatekeeper, this leader works collaboratively with business units to implement practical, risk‑based security solutions that support innovation and operational resilience.

This is an opportunity to shape the future of cybersecurity at a regional government, implement modern security frameworks such as the NIST Cybersecurity Framework 2.0, and lead transformative initiatives including Zero Trust Architecture and phishing‑resistant authentication.

• Lead the development and execution of Metro’s enterprise cybersecurity strategy.
• Establish and maintain a risk-based approach to information security and cyber risk management.
• Develop, implement and oversee Metro-wide information security policies, standards and procedures.
• Partner with business units to align security practices with operational needs and regulatory requirements.
• Implement and mature the NIST Cybersecurity Framework (version 2.0).
• Lead Zero Trust Architecture initiatives and strengthen identity and access management controls.
• Oversee phishing-resistant authentication strategies.
• Direct incident response, business continuity and disaster recovery planning and testing.
• Manage and supervise the Information Security division, including staff development and performance management.
• Report on security posture, risks and improvement progress to executive leadership.

• Strong strategic leadership and ability to influence at the executive level.
• Collaborative mindset with the ability to build trust across diverse departments.
• Experience implementing risk-based security frameworks.
• Strong understanding of modern cybersecurity principles including Zero Trust and identity management.
• Ability to translate complex technical issues into clear business language.
• Strong analytical and critical thinking skills.
• Experience leading and developing high-performing teams.
• Commitment to continuous improvement and operational resilience.
• Ability to remain calm and effective under pressure.
• High level of integrity and ability to maintain confidentiality.

At Metro, we strive to cultivate diversity, advance equity, and practice inclusion in all of its work. Workplace diversity is both a moral imperative and a business strength, essential to providing quality support and services to our region. Metro’s goal is to hire, develop and retain highly skilled and talented individuals across all departments and programs who best reflect the diversity of our community.

Learn more about Metro’s Diversity Action Plan

We will consider any combination of relevant work experience, volunteering, education, and transferable skills as qualifying unless an item or section is labeled required. Please be clear and specific in your application materials on how your background is relevant.

• Bachelor’s degree from an accredited college or university with major coursework in cybersecurity, computer science, engineering or a related field, and
• Seven (7) years of experience in data security management and overseeing security systems and practices, including demonstrated success in information security methodology, concepts and analyzing/monitoring, and
• Five (5) years of experience in a leadership or supervisory role, or
• Any combination of education, professional experience and training that provides the equivalent knowledge, skills and abilities necessary to perform the essential duties of the position.