Apply on Employer Site

Texas Attorney General · 4 hours ago

OAG - Enterprise Information Security | Chief Information Security Officer | 26-0234

Austin, TX

Full-time

Hybrid

Director/Executive

10+ years exp

The Texas Attorney General's Office is seeking a Chief Information Security Officer (CISO) to lead their information security program. This role involves developing and executing cybersecurity strategies, overseeing operations, and managing a team to protect the agency's information assets and infrastructure.

GovernmentLaw EnforcementNon Profit

Responsibilities

Developing, maturing, and executing OAG’s cybersecurity strategy and program

Advising the Office of the CIO on security risks and acceptable risk levels

Overseeing cybersecurity operations, risk management, and incident response

Embedding security into digital transformation initiatives, including cloud expansion and modernization

Driving adoption and enforcement of security policies and procedures

Leading a high-performing team of security professionals

Leads the agency’s information security function to ensure consistent, high-quality security management aligned with agency goals and the protection of information assets, technologies, applications, systems, infrastructure, and processes

Establishes and enforces cybersecurity standards, policies, and procedures to maintain service continuity during changes, security incidents, or disaster recovery events

Develops and oversees a strategic, comprehensive information security program ensuring confidentiality, integrity, availability, privacy and recovery of organizational information assets

Operates and manages the Security Operations Center (SOC) to monitor infrastructure for cyber threats, including external attacks and insider risks

Builds and leads a skilled team of security professionals responsible for risk reduction, incident response, and collaboration with business and technical stakeholders during cyber events

Directs threat intelligence collection, analysis, and dissemination to internal teams and partner organizations to strengthen cybersecurity posture

Conducts security assessments, risk analyses, and audits; defines and maintains security standards and compliance requirements

Represents the agency in internal and external forums on information security strategy and represents information security in IT and executive governance committee

Oversees security awareness, communication, and training programs to promote a strong security culture across the organization

Performs related work as assigned

Maintains relevant knowledge necessary to perform essential job functions

Attends work regularly in compliance with agreed-upon work schedule. Telework schedules are permitted for employees based on the agency’s approved Telework Plan (if schedule does not adversely affect operations and service levels, and standard hours of operation are maintained). Telework schedules are set by the Departments based on business needs

Ensures security and confidentiality of sensitive and/or protected information

Complies with all agency policies and procedures, including those pertaining to ethics and integrity

Qualification

Cybersecurity strategySecurity Operations CenterIncident managementRisk managementCybersecurity analysisSecurity policiesThreat intelligenceSecurity assessmentsCybersecurity certificationsCustomer serviceSupervisionPolicy developmentCommunicationProblem-solvingTeam leadership

Required

Graduation from high school or equivalent

Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology, computer engineering, computer information systems, computer science, management information systems, or a related field is generally preferred; experience in the following (or closely related) fields may be substituted for the required education on a year-for-year basis: information security, information technology, or risk management

10 years of full-time experience working in the following (or closely related) fields: information security, information technology, or risk management

Experience and technical mastery in cybersecurity analysis work, with emphasis on security operations, incident management, intrusion detection, information protection, security systems deployment, and security event analysis

Experience in building and/or maturing a Security Operations Center, including the integration of monitoring, threat intelligence, forensic analysis, and incident response

Knowledge of local, state, and federal laws and regulations relevant to information security, privacy, and computer crime; of the principles and practices of public administration and management; of the limitations and capabilities of computer systems; of technology across all network layers and computer platforms; of operational support of networks, operating systems, Internet technologies, databases, and security applications; of cybersecurity controls, procedures, and regulations; and of incident response program practices and procedures

Skill in the use of a computer and applicable software; and in configuring, deploying, and monitoring security infrastructure

Ability to manage and oversee the development, monitoring, and maintenance of security processes and controls; to identify problems, evaluate alternatives, and implement effective solutions; to develop and evaluate policies and procedures; to prepare reports; to implement security best practices and awareness; to communicate effectively; and to supervise the work of others

Ability to provide excellent customer service

Ability to arrange for personal transportation for business-related travel

Ability to work more than 40 hours as needed and in compliance with the FLSA

Ability to lift and relocate 10 lbs

Ability to travel (including overnight travel) up to 10%