Job Description

GENERAL DESCRIPTION

The Deputy Chief Information Security Officer (CISO) will report to the CISO and in partnership lead the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected. The Deputy CISO will proactively work with agency divisions and vendors to implement practices that meet agreed-on policies and standards for information security. He or she should understand IT and must oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology. The Deputy CISO will oversee and manage a team of information security professionals and will act on behalf of the CISO in their absence. The ideal candidate embraces servant leadership and will cultivate a high-performing, unified team culture.

The Information Technology Division is committed to providing secure, high quality, value-driven technology services to the agency. We believe that having talented people in the right place, effectively utilizing new tools and technologies, we can empower the agency to better serve the people of Texas. OAG employees enjoy excellent benefits along with tremendous opportunities to do important work and make a positive difference in the lives of all Texans.

The OAG is a dynamic state agency with over 4,000 employees throughout the State of Texas. As the State's law firm, the OAG provides exemplary legal representation in diverse areas of law. OAG employees enjoy excellent benefits (https://ers.texas.gov/Benefits-at-a-Glance) along with tremendous opportunities to do important work at a large, dynamic state agency making a positive difference in the lives of Texans.

ESSENTIAL POSITION FUNCTIONS

• Leads the information security function across the agency to ensure consistent and high-quality information security management in support of agency goals.
• Develops and implements cybersecurity strategies, policies, programs, and projects designed to continually improve and enhance the agency cyber and information security posture and resiliency. Assist in the development of metrics to measure the efficiency and effectiveness of the security program.
• Oversees relevant and appropriate communications, awareness, and training programs.
• Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the agency.
• Serve as gatekeeper for issues that would otherwise require the attention or involvement of the CISO. Regularly respond to inquiries and make decisions on behalf of the CISO. Ensure continuity of operations when the CISO is unavailable.
• Directs security assessments, risk analysis, and system audits; develops information and data security standards. Assist the CISO in strategy development and managing the information security program, focusing on security risk assessments; risk management (including risk prioritization and mitigation); education and awareness. Make appropriate recommendations for security enhancements to the CISO - including tools, technologies, services, policies, procedures, and other areas as needed.
• Direct the incident response planning and management of security incidents and events to protect agency assets (e.g. information, critical infrastructure, and reputation) in addition to investigations of security breaches and assist with disciplinary and legal matters associated with such breaches, as necessary.
• Performs related work as assigned
• Maintains relevant knowledge necessary to perform essential job functions
• Attends work regularly in compliance with agreed-upon work schedule
• Ensures security and confidentiality of sensitive and/or protected information
• Complies with all agency policies and procedures, including those pertaining to ethics and integrity

Qualifications:

MINIMUM QUALIFICATIONS

• Education: Graduation from high school or equivalent
• Experience: Nine years of full-time experience working in the following (or closely related) fields: cybersecurity, information technology, computer engineering, computer information systems, computer science, management information systems, or other related fields; may substitute credit hours from an accredited college or university for the required experience on a year-for-year basis.
• Knowledge of cybersecurity analysis work, with emphasis on security operations, incident management, intrusion detection, firewall deployment, and security event analysis.
• Knowledge of local, state, and federal laws and regulations relevant to cybersecurity, privacy, and computer crime; of the principles and practices of public administration and management; of the limitations and capabilities of computer systems; of technology across all network layers and computer platforms; of operational support of networks, operating systems, Internet technologies, databases, and security applications; of cybersecurity controls, procedures, and regulations; and of incident response program practices and procedures.
• Knowledge of basic human resource management programs, rules, policies, and procedures to effectively carry out supervisory responsibilities such as interviewing and recommending selections, developing performance standards and appraising subordinate performance, identifying training needs and arranging for appropriate training for staff, resolving grievances and complaints, and effectively managing disciplinary issues.
• Knowledge of management of an effective security and compliance program, including training, monitoring, conducting and documenting investigations, addressing violations, and monitoring corrective actions.
• Knowledge of Security Incident Responses, Security Vulnerability Assessments, Penetration Testing, Auditing, and Security Awareness Training.
• Knowledge of infrastructure components, including infrastructure security components (e.g. network security, firewalls, IDS, IPS etc.).
• Skill in leading staff to interact as a team, focused on cooperating with one another to accomplish team goals and initiatives.
• Skill in responding appropriately to a diversity of groups and individuals in a variety of challenging situations with a demonstrated ability to be tactful and to treat others with respect.
• Skill in developing networks, achieving cooperation, and collaborating with others when appropriate.
• Skill in influencing others to accept and implement recommendations and in building consensus.
• Ability to plan, assign, and appraise work products to assure high levels of performance.
• Ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Ability to effectively resolve significant or controversial issues.
• Ability to arrange for personal transportation for business-related travel
• Ability to work in person at assigned OAG work location, perform all assigned tasks at designated OAG work space within OAG work location, and perform in-person work with coworkers (e.g., collaborating, training, mentoring) for the entirety of every work week (unless on approved leave)
• Ability to arrange for personal transportation for business-related travel
• Ability to work more than 40 hours as needed and in compliance with the FLSA
• Ability to lift and relocate 30 lbs.
• Ability to travel (including overnight travel) up to 10%

PREFERRED QUALIFICATIONS

• Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC)
• Education: Bachelor's degree from an accredited four-year college or university with major coursework in cybersecurity, information technology, computer engineering, computer information systems, computer science, management information systems, or a related field

TO APPLY

To apply for a job with the OAG, electronic applications can be submitted through CAPPS Recruit. A State of Texas application must be completed to be considered, and paper applications are not accepted. Your application for this position may subject you to a criminal background check pursuant to the Texas Government Code. Military Crosswalk information can be accessed at

https://hr.sao.texas.gov/Compensation/MilitaryCrosswalk/MOSC_InformationTechnology.pdf

THE OAG IS AN EQUAL OPPORTUNITY EMPLOYER