Chief Information Security Officer

About The Position

Requirements

• BS or BA in Cybersecurity, Computer Science, Information Systems, Electrical Engineering, or a related field.
• Minimum of 10 years of IT experience, 7 years of cybersecurity experience, 5 years of ICS-specific experience, 5-years management experience, proven track record of successful project management and team leadership.
• Certified Information Systems Security Professional, Certified Information Systems Manager, or equivalent certification approved by CIO (Required)
• Valid Texas Driver’s License (Required)
• Must have knowledge of IT and ICS to include cybersecurity, networks, hardware, software, system analysis and design, project management, and their specialized budgeting and procurement procedures.
• Must have excellent written and verbal communication and organization skills.
• Ability to communicate security and risk-related concepts to both technical and non-technical audiences, including executive and board level.
• Extensive knowledge of business risk, risk assessment, and risk-based decision making.
• Must be able to understand and operate IT management and project management software and tools.
• Must possess the ability to inspire, influence, and build coalitions as well as direct the work of others and positively interact with senior and executive management.

Nice To Haves

• Advanced degree preferred.
• Preferred experience in the water sector.
• Certified Automation Professional or equivalent as approved by CIO (Preferred)
• Additional IT / ICS / Cybersecurity / Project Management Certifications (Preferred)

Responsibilities

• Serves as the principal advisor to Authority executives and the Board on cybersecurity risk, vulnerabilities, and mitigation strategies.
• Manages and develops the Authority’s long-term cybersecurity strategy and roadmap across the Authority to include policy development, procedures, standards, and guidelines, and oversees their approval, dissemination, implementation, and maintenance.
• Provides effective leadership and management of cybersecurity operations. including selection, scheduling, supervision, retention, and evaluation of employees in the department. Develop and mentor staff across the organization on cybersecurity and information security.
• Champions cybersecurity program across the organization. Provides training, development, and mentoring of staff across the Authority including senior leaders and executives.
• Manages cybersecurity risk program and establishes rapport with senior leaders across the business to assess and communicate acceptable levels of risk. Oversees and leads the creation, communication, and implementation of a process for managing vendor risk and other third-party risks.
• Identifies, evaluates, and reports on information security risks, practices, and projects to the Executive Committee and the Board of Directors, and provides subject matter expertise and direction on security standards (NIST, ISA, ISO, etc.) and best practices (FFIEC, Dodd-Frank, SOX, PCI, etc.).
• Manages the Authority Intrusion Detection and Vulnerability Management programs. Reviews internal and external systems for appropriate cybersecurity controls and oversees all required fixes.
• Oversees incident response planning and the investigation of security breaches, and assists with any associated disciplinary, public relations, and legal matters. Establishes relationships with local, state, and federal law enforcement and other advisory bodies (CISA, AWWA, WEF, Water-ISAC, etc.) to ensure that the organization maintains a strong security posture.
• Manages and directs the evaluation, selection, and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive. Partners with engineering teams for Capital Improvement Projects, enterprise architecture, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.
• Essential personnel are required to report to work when scheduled during departmental and/or emergency situations, including, but not limited to, extended periods of inclement weather when travel may be difficult. This position is essential because, in the absence of sufficient personnel, the plant cannot operate safely.