INFORMATION SECURITY OFFICER (ISO) ( Exe Lev) - Houston Airport System

POSITION OVERVIEW

PN#27158 INFORMATION SECURITY OFFICER - ISO (EXE LEV)

DESCRIPTION OF DUTIES / ESSENTIAL FUNCTIONS
Under the general direction of the City of Houston (COH) Chief Information Security Officer (CISO), duties, functions and responsibilities of this position include:

• Expand and implement the existing Houston Airport System (HAS) information security risk management strategy and rolling 3-year IT Security Master Plan; ensure IT Security Plan alignment with the COH Cybersecurity Master Plan and controls address the confidentiality, integrity and availability of HAS systems, data and information
• Direct an ongoing, proactive risk assessment program for all new and existing HAS systems and remains familiar with HAS's goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk
• Oversee all ongoing activities related to the development, implementation and maintenance of HAS's information security policies and procedures by ensuring these policies and procedures encompass the overall security of Information Technology (IT) and Operational Technology (OT) systems
• Responsible for communicating risks and recommendations to mitigate risks to the COH CISO, COH CIO and HAS Director in cost/benefit terms so decisions can be made to ensure the security of information systems and information entrusted to HAS
• Ensure HAS vulnerabilities are managed and mitigated per COH Cyber Division policy
• Assist with the development of HAS specific, role-based information security awareness training programs, and works with COH Cyber Division, HAS divisions and programs to present to staff as appropriate
• Work with COH CISO to ensure proper protections, technical and physical controls are in place to protect HAS assets based on cyber industry standards (e.g., NIST 800-53)
• Work with COH CISO on a design and plan to allow COH Security Operations Center (SOC) visibility into HAS operations
• Assist with the development and implementation of an HAS business continuity/disaster recovery plan to offset the impact caused by intentional and unintentional acts
• Responsible for collecting, analyzing, and escalating security events; aligning with the COH Cyber Division on facilitating proper incident response
• Responsible for consuming threat intelligence received from the COH Cyber Division to mitigate identified threats to HAS IT and OT assets
• Evaluate security incidents and determines what response, if any, is needed and coordinates with COH CISO and COH Cyber Division on proper responses when critical systems, sensitive data or sensitive information are compromised
• Assist the COH CISO with HAS insider threat investigations
• Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by COH CISO, and obtaining certifications relevant to job duties
• Act as the primary liaison to COH IT Security Working Group and makes recommendations to the COH CISO; assists in the implementation of citywide changes to work methods and procedures to make security measures more effective
• Assist in the collection and correlation of data for regulatory or other cyber security related audits or RFI's (Request for Information)
• Provide Governance and support for Industrial Internet of Things (Edge, Cloud, etc.)
• Assist in the collection and correlation of data for regulatory or other cyber security related audits or RFI's (Request for Information)
• Provide Governance and support for Industrial Internet of Things (Edge, Cloud, etc.)

WORKING CONDITIONS
There are no major sources of discomfort, i.e., essentially normal office environment with acceptable lighting, temperature and air conditions. Significant time spent using computer display, keyboard, and mouse.

**Must be able to pass a criminal background check, obtain and maintain federally mandated security clearances where required.**

MINIMUM REQUIREMENTS

EDUCATION
B.A. or B.S. degree in Management and Information Systems (MIS), Computer Science, Engineering or a closely related field.

EXPERIENCE
At least 5 years of experience implementing IT Security plans and controls of a department or enterprise IT environment that includes three (3) years managing a technology team. Strong understanding of the department's core business functions and business strategy.

PREFERENCES

Preference will be given to applicants that possess:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• GIAC Security Essentials (GSEC)
• Project Management Professional (PMP)
• A strong understanding of both industry and federal government security standards and best practices, such as National Institute of Science and Technology (NIST), Control Objectives for Information and Related Technology (COBIT) for Information Security, and SANS Critical Controls
• Experience developing a cyber strategy to address the security of IT and OT environment including design, process, and controls with consideration of future regulatory compliance
• Subject matter expertise and coordinating, accumulating, writing/updating of appropriate technological processes and procedures to maintain a secure and operational environment
• Ability to interface, as required, with HAS workstation users, HAS server and desktop teams, HAS application support and HAS hardware/software vendors; coordinates projects with users for deadline requirements
• Ability to assist the COH CISO in research, design and implementation of cyber security solutions
• Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management
• Knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM and DLP
• Solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications
• Experience with a wide variety of operating systems: Windows Server, Windows 10, Windows 7, Linux etc.
• Knowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis models
• Knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies
• Solid knowledge and understanding of networking and TCP/IP
• Well-developed interpersonal skills. Ability to get along with diverse personalities; tactful, mature and flexible
• Ability to establish creditability and be decisive but also to recognize and support the organization's preference and priorities
• Ability to maintain the highest standard of confidentiality is required with zero tolerance
• High energy level, comfortable performing multifaceted projects in conjunction with normal activities
• Results oriented with the ability to balance other business considerations
• Ability to speak and present information effectively to groups of varying sizes
• Proven experience working in a rapidly changing, high intensity environment
• Avid, proactive learner and ability to work well in a team-based environment
• Strong interpersonal and writing skills
• Superior attention to detail

**Preference will also be given to eligible veteran applicants provided such persons possess the qualifications necessary for competent discharge of the duties involved in the position applied for, such persons are among the most qualified candidates for the position, and all other factors in accordance with Executive Order 1-6.**

GENERAL INFORMATION

SELECTION/SKILLS TESTS REQUIRED None
However, the department may administer skills assessment test.

SAFETY IMPACT POSITION No
If yes, this position is subject to random drug testing and if a promotional position, candidate must pass an assignment drug test.

SALARY INFORMATION
Factors used in determining the salary offered include the candidate's qualifications as well as the pay rates of other employees in this classification.

Pay Grade 34

APPLICATION PROCEDURES
Only online applications will be accepted for this City of Houston job and must be received by the Human Resources Department during active posting period. Applications must be submitted online at: www.houstontx.gov .

To view your detailed application status, please log-in to your online profile by visiting: http://agency.governmentjobs.com/houston/default.cfm or call (832) 393-6027.

If you need special services or accommodations, call (832) 393-6027. (TTY 7-1-1)

If you need login assistance or technical support call 855-524-5627.

Due to the high volume of applications received, the Hiring Department will contact you directly, should you be selected to advance in our recruitment process.

All new and rehires must pass a pre-employment drug test and are subject to a physical examination and verification of information provided.

EEO Equal Employment Opportunity
The City of Houston is committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, genetic information, veteran status, gender identity, or pregnancy.
Closing Date/Time:

Houston, Texas United States View Map