City of Austin - JOB DESCRIPTION

Chief Information Security Officer

This position is responsible for the Citywide information security program, including safeguarding the City’s information, data, and technology infrastructure; and for overseeing the information security governance committee. 

1. Monitors and protects the City’s information and data from current and emerging internal and external security threats.
2. Designs, develops, implements, evaluates, refines, monitors, and reports on all security-related aspects of the City's information and data systems and architecture.
3. Develops and implements response and strategic business continuity plans and related policies and procedures to ensure service is continuous when a change program is introduced, a security breach occurs, or in the event that the disaster recovery plan needs to be triggered.
4. Audits and conducts a continuous assessment of current IT security practices and systems and identifies areas for improvement.
5. Researches and evaluates Citywide data security solutions.
6. Develops and presents budget recommendations, long- and short-term plans, and key performance indicators and targets.
7. Directs security threat assessments, risk analyses, and system audits; and develops information and data security standards.
8. Maintains relationships and establishes credibility with City administration and departmental management.
9. Represents the City on information security strategy to internal and external organizations and maintains an information security governance committee.
10. Oversees relevant and appropriate communications, awareness, and training programs.
11. Champions and educates the organization about the latest security strategies and technologies.

Responsible for the full range of supervisory activities including selection, training, evaluation, counseling, and recommendation for dismissal.

• Knowledge of Local, State, and Federal laws and regulations relevant to information security, privacy, and computer crime.
• Knowledge of the principles and practices of public administration and management.
• Knowledge of the capabilities and limitations of computer systems and technology.
• Knowledge of operating systems, Internet technologies, databases, and security infrastructure.
• Knowledge of information security controls, procedures, and regulations.
• Knowledge of concepts and techniques for enterprise risk management, audits, and risk assessments.
• Knowledge of incident response program practices and procedures.
• Skill in quickly resolving advanced security issues in diverse and decentralized environments.
• Skill in foreseeing technology threats and keeping ahead of security needs.
• Ability to establish and maintain effective working relationships with City staff, executive management, peers, State and County officials, outside agencies and partners, vendors, community groups, general public, and media representatives.
• Ability to direct and organize program activities; to identify problems, evaluate alternatives, and implement effective solutions.
• Ability to develop and evaluate policies and procedures and to prepare reports.
• Ability to communicate effectively in writing, verbally, and in presentations;
• Ability to plan, assign, or supervise the work of others.
• Ability to manage and oversee the development, monitoring, and maintenance of information technology security processes and controls.

Graduation with a Bachelor’s degree from an accredited college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field, plus six (6) years of related experience, including two (2) years of experience which were in a supervisory capacity.

• Maintain relevant security leadership certification (i.e., CISSP, CISM) or obtain within six (6) months of employment.
• Relevant security incident response/forensics certification (i.e., OSCP, GIAC, etc.).