The Houston Health Department (HHD) is seeking an information security officer (ISO) with at least five years of experience implementing IT security plans and three years of managing a technology team.
According to the job posting, the candidate must have a bachelor’s degree in management and information systems, computer science, engineering or a related field.
Specific job duties include:
- Developing and implementing the department’s cybersecurity master plan
- Directing an ongoing, proactive risk assessment program for all new and existing department systems
- Communicating risks and recommendations to the city’s CIO, CISO and the department’s senior leadership team
- Overseeing all ongoing activities related to the development of the department’s information security policies and procedures
- Assisting department divisions, programs and the HHD privacy officer with efforts to ensure Health Insurance Portability and Accountability Act (HIPAA) compliance
- Ensuring department vulnerabilities are managed and mitigated per the city’s cyber division policy
- Assisting with the development of HHD-specific, role-based information security awareness training programs
- Assisting with the development and implementation of an HHD business continuity and disaster recovery plan
- Evaluating security incidents and determining how to mitigate compromised data scenarios if they occur
- Assisting the city’s CISO with HHD insider threat investigations
Houston Public Works (HPW) is seeking an ISO with “five years of experience developing and implementing cybersecurity plans and controls in a public works focused organization” and a “strong understanding of the department’s core business functions and business strategy.”
According to the job posting, applicants with the following experience will be given preference:
- Experience developing a cyber strategy designed to address the security of water or a wastewater supervisory control and data acquisition environment
- Experience coordinating, accumulating, writing and updating technological processes to maintain a secure and operational environment
- Experience providing governance and support for industrial control systems solutions
- Experience with various operating systems, including Windows Server, Windows 10, Windows 7, Linux, etc.
- Experience with Windows, active directory, group policy, DNS, encryption, patch management, anti-virus and system configuration management
- Expertise in formal and structured IT security risk assessment methodology
- Experience with Cyber Kill Chain (a tool to defend against cyber attacks) and diamond model of intrusion analysis (a form of identifying malicious activity) models
- Developing and implementing an HPW cybersecurity master plan
- Directing an ongoing, proactive risk assessment program for all new and existing HPW systems
- Overseeing all ongoing activities related to HPW’s information security policies and procedures
- Implementing an industrial control system framework to facilitate the secure implementation and management of critical HPW systems
- Communicating risks and recommendations to the city’s CISO, CIO and HPW director
- Ensuring HPW vulnerabilities are managed and mitigated per the city’s cyber division policy
- Developing HPW-specific, role-based information security awareness training programs
- Working with the city’s CISO on a plan to integrate HPW cyber capability and monitoring into the city’s security operations center
- Implementing an HPW business continuity and disaster recovery plan to offset threats
- Collecting, analyzing and escalating security events
- Evaluating security incidents and determining proper responses when critical systems, sensitive data or sensitive information are compromised
- Assisting the city’s CISO with HPW insider threat investigations
- Interfacing with HPW workstation users, HPW server and desktop teams, HPW application support and HPW hardware and software vendors
- Assisting the city’s CISO in the research, design and implementation of cybersecurity solutions
- Assisting in the collection and correlation of data for regulatory or other cybersecurity-related audits or requests for information
- Participating in cyber vulnerability assessments, penetration testing and real activation or tabletop exercises of incident response plans
- Monitoring and assessing security events through available system logs and security tools via the city’s security operations center
Last, the Houston Airport System (HAS) is seeking an ISO.
According to the job posting, preference will be given to applicants who are certified information systems security professionals, information security managers and those holding other relevant credentials.
Essential job duties include:
- Expanding the existing HAS information security risk management strategy and rolling three-year IT security master plan
- Directing an ongoing, proactive risk assessment program for all new and existing HAS systems
- Overseeing all ongoing activities related to HAS’ information security policies and procedures
- Ensuring HAS vulnerabilities are managed and mitigated per the city’s cyber division policy
- Developing HAS-specific, role-based information security awareness training programs
- Working with the city’s CISO to ensure proper protections, technical and physical controls are in place to protect HAS assets
- Working with the city’s CISO on a design and plan to allow the city’s security operations center visibility into HAS operations
- Collecting, analyzing and escalating security events
- Evaluating security incidents and determining what response is appropriate
- Assisting the city’s CISO with HAS insider threat investigations
- Assisting in the collection and correlation of data for regulatory or other cybersecurity-related audits or requests for information
- Providing governance and support for the Industrial Internet of Things