city seal

City of Austin - JOB DESCRIPTION

city seal

Cybersecurity Officer


FLSA: Standard/Exempt EEO Category: (20) Professionals
Class Code: 10340 Salary Grade: LL1
Approved: September 22, 2014 Last Revised: November 17, 2023


Purpose:
 

Under direction of the Chief Information Security Officer (CISO), this position designs, develops, and implements the City of Austin Information Security Program, which includes ongoing remediation, implementation, and compliance activities that reduce information, technology, and cyber risk to an acceptable level within the Information Security Office (ISO) or departments supporting critical infrastructure.

Duties, Functions and Responsibilities:
  Essential duties and functions, pursuant to the Americans with Disabilities Act, may include the following. Other related duties may be assigned.
  1. Develops and implements security and privacy architecture, long- and short-term strategies and tactics.
  2. Develops and manages security, privacy, and risk programs, policies, processes, procedures, standards, action plans, and operations.
  3. Develops the security, privacy, and risk aspects of project and systems design and the creation of proposals for new programs and systems and their deployment.
  4. Plans, develops, coordinates, and directs information, technology, and cyber business continuity and disaster recovery.
  5. Develops and reports on performance targets.
  6. Develops budget recommendations.
  7. Directs security and privacy risk assessments, control and program assessments, and system audits.
  8. Determines uniform security solutions and platforms for the City.
  9. Maintains relationships and establishes credibility with City administration and departmental management at the highest levels.
  10. Represents the City’s information security, privacy, and risk strategy at all levels of the City and to external organizations.
  11. Manages relevant and appropriate communications, awareness, and training programs and campaigns.
Responsibilities - Supervisor and/or Leadership Exercised:
 

Responsible for the full range of supervisory activities including selection, training, evaluation, counseling, and recommendation for dismissal

Knowledge, Skills, and Abilities:
  Must possess required knowledge, skills, abilities, and experience and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.
  • Knowledge of Local, State, and Federal laws and regulations relevant to information security, privacy, and computer crime
  • Knowledge of the principles and practices of public administration and management
  • Knowledge of the limitations and capabilities of computer systems and technology
  • Knowledge of operational support of networks
  • Knowledge of operating systems, Internet technologies, databases, and security infrastructure
  • Knowledge of information security controls, procedures, and regulations
  • Knowledge of concepts and techniques for enterprise risk management, audits, and risk assessments
  • Knowledge of security requirements and evaluation mechanism for security of cloud-based services
  • Knowledge of Incident response program practices and procedures
  • Skill in the operation of computers and applicable software
  • Skill in configuring, deploying, and monitoring security infrastructure
  • Skill in oral and written communication
  • Ability to direct and organize program activities, identify problems, evaluate alternatives, and implement effective solutions
  • Ability to develop and evaluate policies and procedures and to prepare reports
  • Ability to resolve advanced security issues in diverse and decentralized environments
  • Ability to plan, assign, and supervise the work of others
  • Ability to implement security best practices and security awareness
  • Ability to manage and oversee the development, monitoring, and maintenance of information technology security processes and controls.
Minimum Qualifications:
 
  • Graduation with a bachelor’s degree from an accredited college or university, plus six (6) years related experience, including two (2) years of experience in personnel, project, program, or portfolio management.
  • Graduation with a master’s degree may substitute for experience up to two (2) years.
  • Experience may substitute for education up to four (4) years.
Licenses and Certifications Required:
 

Required to maintain a valid, industry-recognized, product-neutral certification with an ethical behavior clause in information security, information privacy, or information risk.


This description is intended to indicate the kinds of tasks and levels of work difficulty required of the position given this title and shall not be construed as declaring what the specific duties and responsibilities of any particular position shall be. It is not intended to limit or in any way modify the right of management to assign, direct and control the work of employees under supervision. The listing of duties and responsibilities shall not be held to exclude other duties not mentioned that are of similar kind or level of difficulty.