| Purpose: |
| |
The Cybersecurity Officer – Electric Utility will manage the Austin Energy Enterprise Information Security team and programs. This position assures adherence to the City of Austin Information Security Program as well as Department-specific policies and regulatory requirements such as NERC CIP. This position collaborates with and provides support to the City of Austin Chief Information Security Officer (CISO) in meeting the City’s Information Security Vision, Mission, and Goals as defined in the City of Austin Information Security Program. |
| Duties, Functions and Responsibilities: |
| |
Essential duties and functions, pursuant to the Americans with Disabilities Act, may include the following. Other related duties may be assigned.
- Functions as the utility’s information security officer and represents the utility in information security governance and associated activities, including participation in periodic citywide information security governance groups and activities.
- Collaborates with compliance and operations teams to identify and understand emerging threats and future regulations, and assures controls are identified and implemented to address emerging cybersecurity risks and regulations.
- Implements the City of Austin Information Security Program and any supplementary security programs.
- Manages Vulnerability Management and Incident Response programs as well as cybersecurity awareness and training, vendor evaluation and security audits, and governance compliance and risk (GRC).
- Develops plans, procedures, resources, and budget that meet Austin Energy cybersecurity needs.
- Directs the planning, development, and implementation of information security strategies and privacy controls in accordance with business needs and the City of Austin Information Security Program.
- Monitors cybersecurity trends and industry best practices and works collaboratively with Enterprise Risk Management to manage cybersecurity risks relative to utility tolerances.
- Directs Austin Energy’s day-to-day security operations for in-scope activities and leads continuous improvement of operations, decreases turnaround times, streamlines work processes, and works cooperatively and jointly to provide quality customer service.
- Aligns, prioritizes, and sponsors programs and projects to support the City of Austin Information Security Program strategic direction.
- Provides direction to leadership and business units in assessing risk and determining appropriate protections for information assets and technologies.
- Works with the Information Security Office (ISO) to ensure that ISO has appropriate levels of access for visibility into the utility technology environment in support of ISO’s citywide security and privacy assessment, monitoring, audit, and incident response roles.
- Ensures support of the ISO for incident management activities.
- Ensures in-scope systems attain and maintain an authority to operate.
|
| Responsibilities - Supervisor and/or Leadership Exercised: |
| |
- Responsible for the full range of supervisory activities: selection, training, evaluation, counseling, and recommendation for dismissal.
|
| Knowledge, Skills, and Abilities: |
| |
Must possess required knowledge, skills, abilities, and experience and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.
- Knowledge of Local, State, and Federal laws and regulations relevant to information security, privacy, and computer crime.
- Knowledge of the principles and practices of public administration and management.
- Knowledge of the limitations and capabilities of computer systems and technology.
- Knowledge of network operational support.
- Knowledge of operating systems, internet technologies, databases, and security infrastructure.
- Knowledge of information security controls, procedures, and regulations.
- Knowledge of concepts and techniques for enterprise risk management, audits, and risk assessments.
- Knowledge of security requirements and evaluation mechanism for security of cloud-based services.
- Skill in configuring, deploying, and monitoring security infrastructure.
- Skill in managing the performance of an IT security division, including managing large budgets, completing major projects, and meeting strategic goals.
- Skill in driving security and/or privacy compliance, risk management, security operations, and communicating complex technical issues and solutions to technical and non-technical stakeholders, peers, and all levels of leadership.
- Ability to manage and oversee the development, monitoring and maintenance information technology security processes and controls.
- Ability to direct and organize program activities, identify problems, evaluate alternatives, and implement effective solutions.
- Ability to apply a range of analytical skills to effectively plan, organize, implement, and measure information security related program objectives and progress.
- Ability to work with a broad and diverse user community to gather requirements, to develop and validate information security solutions.
- Ability to communicate effectively in writing and verbally, and to effectively present complex information.
- Ability to translate business requirements into security solutions and develop a blended multi-disciplinary team in a matrixed environment.
|
| Minimum Qualifications: |
| |
- Graduation with a bachelor’s degree from an accredited college or university, plus five (5) years related experience, including two (2) years of experience in personnel, project, program, or portfolio management.
- Graduation with a master’s degree may substitute for experience up to two (2) years.
- Experience may substitute for education up to four (4) years.
|
| Licenses and Certifications Required: |
| |
|
| Physical Requirements: |
| |
|
