Information Security Officer
Job #: 2022-119
- TWC Job #: 15392986
- Opening Date: 7/11/2022
- Travel Required: 5%
- Monthly Salary: $9,583.34 - $10,416.67/mo
- Position Location: Austin, TX
- Group Step: B30
- Class: 0238
Veterans, Reservists or members of the Guard can compare this position to Military Occupations (MOS) at the Texas State Auditor's Office.
Omission of data on the state application is grounds for disqualification of the application.
Only interviewed applicants will receive notice of the final disposition of the selection process.
OOG employees applying for a position in the same pay group, if selected, will be laterally transferred with a maximum increase in salary of 3.4%.
- Defined Retirement Benefit Plan.
- Optional 401(k) and 457 accounts.
- Medical Insurance - State pays 100% of the health plan premium for eligible full-time employees and 50% of the premium for their eligible dependents. State pays 50% of the eligible part-time employee’s premium and 25% for eligible dependents.
- Optional Benefits such as dental, vision, and life insurance.
- 8 hours sick leave per month and 8 hours vacation leave per month with potential to earn more with longevity. Part-time employee’s hours are proportional with no longevity.
- Telework Program – telework opportunities are available upon request. Reliable internet is required. Alternate work schedules and telework may be discussed with the hiring manager during the interview process.
The Information Security Officer (ISO) works within the Office of the Governor, Administration Division and reports to Director of Administration. Performs highly advanced (senior-level) information security work providing direction and guidance in strategic information technology operations and planning. Work involves overseeing and/or planning, implementing, and monitoring security measures and resolving information security threats to ensure the protection of agency systems and infrastructure.
The ISO develops information security and business continuity standards and action plans; develops security architecture and policies based on business needs, risk assessments, and regulatory requirements; and conducts information security risk analysis and system audits. Directs the agency’s response to and resolution of cyber incidents in collaboration with the Texas Department of Information Resources (DIR). Depending on the incident, the ISO will be expected to provide direction outside of normal working hours until resolution. May supervise the work of others as needed. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.
- The ISO, in conjunction with the Information Services (IS) Division Director and Director of Administration, directs the design, planning, deployment and continuous improvement of the information security infrastructure policy and resources for the agency.
- Works with IS Division staff to implement computer system security plans, and identify and resolve vulnerabilities.
- Develops, revises, and oversees the implementation of mandated information security policies, standards, guidelines, and procedures to ensure compliance.
- Ensures agency information security configurations adhere to established information security and cybersecurity policies and procedures.
- Reviews account permissions and computer data access needs of agency personnel and vendors.
- Reviews security requirements, conducts technical risk assessments and audits for new and existing applications and systems, including physical security and infrastructure environment security.
- Coordinates implementation of recurring technical risk assessments, vulnerability scans and penetration tests of agency-managed IT systems; reviews the results; monitors resolution of action items; and documents each review.
- Directs the agency risk management program through planning, developing, coordinating, and implementing information technology disaster recovery and business continuity planning.
- Prepares and submits the agency’s Information Security Plan to DIR as required.
- Develops and maintains the information technology disaster recovery, business continuity and incident response plans. Oversees tests of each plan at least annually and prepares reports on the results of the tests with recommendations for improvements, as needed.
- Verifies security requirements are identified, and risk mitigation plans are developed and implemented prior to the deployment of internally developed information systems and/or related applications or services.
- Develops and implements agency policies for encryption and storage of data and data transmissions.
- Reviews information security budgets and proposes budget requirements in conjunction with the IS Director.
- Monitors and assesses the security practices of outsourced information technology service providers.
- Reviews results of information security-related investigations, audits, research studies, forecasts, and modeling exercises to provide guidance in order to improve security posture.
- Develops, certifies, and ensures delivery of information security and risk management awareness and training programs.
- May represent the agency at meetings, hearings, trials, legislative sessions, conferences, and seminars or on boards, panels, and committees related to information security.
- Maintains regular work schedule.
- Performs all other related duties as assigned.
- Graduation from an accredited four-year college or university with a degree in information technology security, computer information systems, computer science, management information systems, or a related field; and
- Seven (7) years of experience in information security operations, information technology, and/or information security analysis management work.
Note: Experience and education may be substituted for one another on a year-for-year basis.
- Three (3) years of state of Texas information security operations and/or information technology experience; and
- Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) certification, and/or Certified Information Systems Manager (CISM).
Knowledge, Skills, and Abilities Requirements
- Advanced knowledge of local, state, and federal laws and regulations relevant to information security, privacy, and computer crime (Texas Administrative Code Chapter 202, Texas DIR Security Controls Standards Catalog, TX-RAMP/Fed-RAMP).
- Advanced knowledge of the principles and practices of public administration and management.
- Advanced knowledge of the limitations and capabilities of computer systems.
- Advanced knowledge of technology across all network layers and computer platforms.
- Advanced knowledge of operational support of networks, operating systems, Internet technologies, databases, and security applications.
- Skill in the use of a computer and applicable software.
- Skill in configuring, deploying, and monitoring security infrastructure.
- Ability to direct and organize program activities.
- Ability to analyze complex information and exercise sound judgment in making critical decisions or providing recommendations to agency management that lead to critical decisions.
- Ability to identify problems, evaluate alternatives, and implement effective solutions.
- Ability to develop, evaluate and write policies and procedures.
- Ability to prepare reports.
- Ability to respond to and resolve advanced security issues in a decentralized environment.
- Ability to communicate effectively, including translating complex technical information into non-technical, clear concepts, both orally and in writing.
Registration, Certification or Licensure
- Valid Texas Driver’s License.
- Obtainment of at least one of the following certifications within one year from the date of hire: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) certification, and/or Certified Information Systems Manager (CISM).
Physical Requirements and/or Working Conditions
This classification functions in a standard office environment. Ability to move up to 20 Ibs. Ability to drive and travel as needed. Will need to move about the office to access file cabinets, office machinery, set up conference rooms for meetings, etc. Must be able to communicate and exchange accurate information via phone, computer and in person. Must be able to observe and evaluate data in a variety of formats, including hard copy, electronic and media formats. Must be able to work hours during a legislative session that include holidays and as needed.
How to Apply
Applications are received only through Work In Texas. The OOG requires all sections of the state application to be completed. Omission of data on the state application is grounds for disqualification of the application. Requests for accommodation should be made to the Human Resources office as early as possible in the application/employment process.
Equal Opportunity Employer
The Office of the Governor is an Equal Opportunity Employer. The Immigration Reform and Control Act of 1986 requires all new employees to present proof of eligibility to work in the United States within three (3) days of being hired. The Office of the Governor participates in E-Verify and will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization. Male candidates between 18 and 25 years of age are required to show proof of Selective Service registration (or exemption) prior to an offer of employment being extended. Such proof is not required to be filed with an application but must be provided upon request by the Human Resources office. For additional information pertaining to Selective Service registration, you may visit www.sss.gov. View a copy of the Agency's Equal Employment Opportunity Utilization Report.
Notice to Applicants Who May Require Reasonable Accommodation in the Interview Process
Applicants with disabilities who may need to discuss special accommodations during the interview process should email the OOG’s Reasonable Accommodation Program Manager or call 512-463-8315 in the Human Resources Department. If reasonably possible, please call at least 48 hours in advance to afford our representative and the hiring division sufficient time to properly review and coordinate your request.
Contact Human Resources