INFORMATION SECURITY OFFICE (EXE LEV) - Houston Public Works
Print (https://www.governmentjobs.com/careers/houston/jobs/newprint/4609486)
Apply
?
INFORMATION SECURITY OFFICE (EXE LEV) - Houston Public Works
Salary
$125,000.00 - $150,000.00 Annually
Location
611 Walker Street
Job Type
Executive Level
Job Number
34718
Department
Houston Information Technology Services
Opening Date
08/05/2024
Description
Benefits
Questions
POSITION OVERVIEW
PN#34718 INFORMATION SECURITY OFFICER - ISO (EXE LEV)
DESCRIPTION OF DUTIES / ESSENTIAL FUNCTIONS
Under the direction of the City of Houston (COH) Chief Information Security Officer (CISO), duties, functions and responsibilities of this position include:
Develop and implement Houston Public Works (HPW) specific Cybersecurity Master Plan aligned with the COH Cybersecurity Master Plan to address the confidentiality, integrity and availability of HPW systems, data and information
Direct an ongoing, proactive risk assessment program for all new and existing HPW systems and remains familiar with HPW's goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk
Oversee all ongoing activities related to the development, implementation and maintenance of HPW's information security policies and procedures by ensuring these policies and procedures encompass the overall security of Operational Technology (OT), Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.
Responsible for implementing an ICS Framework approach to facilitate the secure implementation and management of critical HPW systems
Responsible for communicating risks and recommendations to mitigate risks to the COH CISO, COH CIO and HPW Director in cost/benefit terms so decisions can be made to ensure the security of information systems and information entrusted to HPW
Ensure HPW vulnerabilities are managed and mitigated per COH Cyber Division policy
Assist with the development of HPW specific, role-based information security awareness training programs, and works with COH Cyber Division, HPW divisions and programs to present to staff as appropriate
Work with COH CISO to ensure proper protections, technical and physical controls are in place to protect HPW assets based on cyber industry standards (e.g., NIST 800-82)
Work with COH CISO on a design and plan to integrate HPW cyber capability and monitoring into the COH Security Operations Center (SOC)
Assist with the development and implementation of an HPW business continuity/disaster recovery plan to offset the impact caused by intentional and unintentional acts
Responsible for collecting, analyzing, and escalating security events; aligning with the COH Cyber Division on facilitating proper incident response
Responsible for consuming threat intelligence received from the COH Cyber Division to mitigate identified threats to HPW OT, ICS and SCADA assets
Evaluate security incidents and determines what response, if any, is needed and coordinates with COH CISO and COH Cyber Division on proper responses when critical systems, sensitive data or sensitive information are compromised
Assist the COH CISO with HPW insider threat investigations
Interfaces as required with HPW workstation users, HPW server and desktop teams, HPW application support and HPW hardware/software vendors; coordinates projects with users for deadline requirements
Participate in projects to establish and maintain policies, processes, and controls in compliance of cyber security regulatory standards or best practice frameworks including Center for Internet Security (CIS), National Institute of Standards and Technology (NIST) and North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP) where applicable
Assist the COH CISO in research, design and implementation of cyber security solutions
Assist in the collection and correlation of data for regulatory or other cyber security related audits or RFI's (Request for Information)
Provide Governance and support for Industrial Internet of Things (Edge, Cloud, etc.)
Participate in Cyber Vulnerability Assessments, Penetration Testing, and real activation or tabletop exercises of Incident Response Plans
Responsible for pro-actively monitoring and assessing security events through available system logs and security tools via the COH Security Operations Center
Ability to establish creditability and be decisive but also to recognize and support the organization's preference and priorities
Ability to maintain the highest standard of confidentiality is required with zero tolerance
High energy level, comfortable performing multifaceted projects in conjunction with normal activities
Results oriented with the ability to balance other business considerations
Ability to speak and present information effectively to groups of varying sizes
Well-developed interpersonal skills. Ability to get along with diverse personalities; tactful, mature and flexible
Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by COH CISO, and obtaining certifications relevant to job duties
WORKING CONDITIONS
There are no major sources of discomfort, i.e., essentially normal office environment with acceptable lighting, temperature and air conditions. Significant time spent using computer display, keyboard, and mouse.
Must be able to pass a criminal background check, obtain and maintain federally mandated security clearances where required.
MINIMUM REQUIREMENTS
EDUCATION
B.A. or B.S. degree in Management and Information Systems (MIS), Computer Science, Engineering or a closely related field.
EXPERIENCE
At least 5 years of experience implementing IT Security plans and controls of a department or enterprise IT environment that includes three (3) years managing a technology team. Strong understanding of the department's core business functions and business strategy.
PREFERENCES
Preference will be given to applicants that possess:
At least 5 years of experience developing and implementing cybersecurity plans and controls in a public works focused organization. Strong understanding of the department's core business functions and business strategy.
Experience with the development of a cyber strategy designed to address the security of Water/Wastewater SCADA environment including design, process, and controls with consideration of future regulatory compliance
Experience coordinating, accumulating, writing/updating of appropriate technological processes and procedures to maintain a secure and operational environment
Experience providing governance and support for Industrial Control Systems Solutions (Servers/SCADAs, HMIs, OS, Patching Systems, Disaster Recovery, etc.)
Experience developing and maintaining SCADA cyber security awareness training and notification
Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management
Knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM and DLP
Solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications
Experience with a wide variety of operating systems: Windows Server, Windows 10, Windows 7, Linux etc.
Knowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis models
Knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies
Solid knowledge and understanding of networking and TCP/IP
Proven experience working in a rapidly changing, high intensity environment
Avid, proactive learner and ability to work well in a team-based environment
Strong interpersonal and writing skills
Superior attention to detail
Preference will also be given to eligible veteran applicants provided such persons possess the qualifications necessary for competent discharge of the duties involved in the position applied for, such persons are among the most qualified candidates for the position, and all other factors in accordance with Executive Order 1-6.
GENERAL INFORMATION
SELECTION/SKILLS TESTS REQUIRED None
However, the department may administer skills assessment test.
SAFETY IMPACT POSITION No
If yes, this position is subject to random drug testing and if a promotional position, candidate must pass an assignment drug test.
SALARY INFORMATION
Factors used in determining the salary offered include the candidate's qualifications as well as the pay rates of other employees in this classification.
Pay Grade 34
APPLICATION PROCEDURES
Only online applications will be accepted for this City of Houston job and must be received by the Human Resources Department during active posting period. Applications must be submitted online at: www.houstontx.gov.
To view your detailed application status, please log-in to your online profile by visiting: http://agency.governmentjobs.com/houston/default.cfm or call (832) 393-6027.
If you need special services or accommodations, call (832) 393-6027. (TTY 7-1-1)
If you need login assistance or technical support call 855-524-5627.
Due to the high volume of applications received, the Hiring Department will contact you directly, should you be selected to advance in our recruitment process.
All new and rehires must pass a pre-employment drug test and are subject to a physical examination and verification of information provided.
EEO Equal Employment Opportunity
The City of Houston is committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, genetic information, veteran status, gender identity, or pregnancy.
The city offers a competitive benefits program, including competitively priced health coverage and a defined contribution pension plan. Benefits include:
Medical
Dental
Vision
Wellness
Supplemental Insurance
Life insurance
Long-term disability
Retirement pension
457 deferred compensation plan
Employee Assistance Program
10 days of vacation each year
11 city holidays, plus one floating holiday
Compensable Sick Leave
Personal Leave
Flexible schedules
Hybrid-Telework for eligible positions
Professional development opportunities
Transportation/parking plan
Section 125 pretax deductions
Dependent Care Reimbursement Plan
Paid Prenatal, Parental and Infant Wellness Leaves
Healthcare Flexible Spending Account
For plan details, visit http://www.houstontx.gov/hr/benefits.html
01
Are you a veteran who served on active duty in the Armed Forces (United States Army, Navy, Air Force, Marine Corps, or Coast Guard) for more than 90 consecutive days and received either an honorable discharge or a general discharge under honorable conditions?
Yes
No
02
Do you possess a Bachelor's or Master's degree in Management and Information Systems (MIS), Computer Science, Engineering or a closely related field?
Yes
No
03
Do you possess at least 5 years of experience implementing IT Security plans and controls of a department or enterprise IT environment?
Yes
No
04
Do you possess at least 3 years managing a technology team?
Yes
No
05
Please describe your related experience.
06
Which of the following do you possess?
Certified Information Systems Security Professional (CISSP)
Global Industrial Cyber Security Professional (GICSP)
GIAC Response and Industrial Defense (GRID) security certification
None of the above
07
Do you possess at least 5 years of experience developing and implementing cybersecurity plans and controls in a public works focused organization?
Yes
No
08
Do you possess experience developing a cyber strategy to address the security of Water/Wastewater SCADA environment including design, process, and controls with consideration of future regulatory compliance?
Yes
No
09
Do you possess solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications?
Yes
No
10
Do you possess knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management?
Yes
No
11
Do you possess knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM and DLP?
Yes
No
12
Do you possess solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications?
Yes
No
13
Do you have experience with a wide variety of operating systems: Windows Server, Windows 10, Windows 7, Linux etc.?
Yes
No
14
Are you knowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis models?
Yes
No
15
Do you have knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies?
Yes
No
16
Do you consider yourself to be results oriented with the ability to balance other business considerations?
Yes
No
17
Please check all that describe your professional personality and/or abilities:
Well-developed interpersonal skills
Ability to get along with diverse personalities; tactful, mature and flexible
Ability to establish credibility and be decisive but also recognize and support the organization's preference and priorities
Ability to maintain the highest standard of confidentiality is required with zero tolerance
Comfortable performing multifaceted projects in conjunction with normal activities
Results oriented with the ability to balance other business considerations
Ability to speak and present information effectively to groups of varying sizes
Avid, proactive learner and ability to work well in a team-based environment
Strong interpersonal and writing skills
Superior attention to detail
None of the above
Required Question