Chief Information Services Security Officer

Metropolitan Council390 Robert St. N St. Paul, MN
Hybrid

About The Position

The Chief Information Services Security Officer (CISO) provides strategic leadership and oversight for the Council's enterprise-wide information security strategy. The CISO is responsible for safeguarding all digital assets and information systems from internal and external threats. The CISO aligns cybersecurity programs to organizational goals, ensuring that risk management, compliance, and awareness efforts are proactive, robust, and effectively integrated into business operations. The CISO also leads the information security team, ensuring operational readiness, collaboration across divisions, and continuous improvement of security posture. Acts on behalf of the CIO as needed. People Leadership The CISO leads the Information Security team, ensuring high performance through clear expectations, accountability, and continuous learning. This leader cultivates a supportive, inclusive, and agile environment that embraces change and empowers staff to contribute their perspectives and challenge assumptions. Builds team capabilities by mentoring staff, developing future leaders, and promoting diversity and inclusion in hiring and development. Strategic Leadership Develops a long-term vision and roadmap for cybersecurity aligned to the Council’s digital strategy and public mission. Partners with the CIO and IS Leadership Team to shape strategy across the Information Services department. Provides guidance and decision-making leadership in IT governance, risk mitigation, architecture, and service continuity. Business Partner Engagement Serves as a trusted advisor to executive leadership and division leaders on matters of cybersecurity, privacy, and risk for all divisions. Builds collaborative relationships across the enterprise, including Legal, Compliance, HR, and Operations, to embed security best practices and ensure consistent execution of policies. Translates technical security concepts into business value and risk reduction terms. Risk Management & Compliance Oversees the design and enforcement of security policies and standards. Ensures compliance with regulatory and industry frameworks such as NIST, HIPAA, GDPR, CJIS, PCI-DSS, and ISO 27001. Leads vulnerability and risk assessments, mitigation strategies, and incident response processes. Establishes and monitors key risk indicators (KRIs) and key performance indicators (KPIs). Security Operations & Program Leadership Directs the implementation and operations of security technologies and tools, including threat detection, SIEM, endpoint protection, IAM, encryption, firewalls, and cloud security. Provides executive oversight of the incident response lifecycle, forensics investigations, and remediation activities. Continuously evaluates system resilience and recommends improvements. Budget, Vendor, and Resource Leadership Leads cybersecurity budgeting and financial planning to ensure efficient allocation of resources. Oversees vendor selection, contract negotiations, and vendor performance for cybersecurity services. Guides resource planning to align with strategic priorities and support operational execution. Security Awareness & Organizational Culture Promotes a security-first culture through education, training, and engagement. Develops awareness programs tailored to different user groups. Ensures that every staff member understands their security responsibilities. Collaborates with HR, Legal, and Communications to increase organizational maturity in handling sensitive data.

Requirements

  • Master's degree with seven (7) years of experience including five (5) years directly managing professional staff.
  • Bachelor's degree with nine (9) years of experience including five (5) years directly managing professional staff.
  • Associate degree with eleven (11) years of experience including five (5) years directly managing professional staff.
  • High school diploma/GED with thirteen (13) years of experience including five (5) years directly managing professional staff.

Nice To Haves

  • Master's degree.
  • CISSP/CISM/CISA certifications.
  • Experience and demonstrated ability to identify opportunities to integrate equity initiatives meaningfully into work products and processes.
  • Knowledge of: Regulatory frameworks: HIPAA, GDPR, FISMA, CJIS, NIST, PCI-DSS, ISO.
  • Risk management, threat detection, and mitigation techniques.
  • Cloud, hybrid, and on-prem infrastructure security.
  • Enterprise security tools, systems, and operations.
  • Cybersecurity operations, risk frameworks, compliance.
  • High conceptual and organizational understanding of how security underpins business operations.
  • Skills in: Strategic planning, budget development, and policy enforcement.
  • Communication and collaboration.
  • Project management and cross-functional team leadership.
  • Influencing across systems, divisions, and leadership.
  • Ability to: Lead change and drive cultural transformation.
  • Mentor, coach, and build inclusive teams.
  • Handle confidential data and investigations with discretion.
  • Apply complex, conceptual thinking to stay ahead of evolving threats, and balance compliance, user needs, and innovation.
  • Use adaptive thinking and sound judgement to lead under pressure.
  • Hold a high level of accountability for maintaining the Council's security posture, regulatory compliance, and public trust.

Responsibilities

  • Leads development and execution of the Council’s enterprise security strategy and governance framework.
  • Serves as an advisor to the CIO, executive leadership, and Council members on cybersecurity trends, risks, and performance.
  • Builds and leads a high-performing Information Security team.
  • Ensures compliance with data privacy and cybersecurity laws and frameworks.
  • Evaluates emerging technologies, evolving threats, and recommend strategic improvements.
  • Oversees incident response planning and execution, including forensics and root cause analysis.
  • Develops and tracks service-level agreements (SLAs) and performance metrics.
  • Builds relationships with peer agencies, government entities, and cybersecurity organizations.
  • Prepares and presents risk reports and strategy updates to Council stakeholders.
  • Manages cybersecurity audits, assessments, and third-party evaluations.
  • Promotes an inclusive, diverse, and psychologically safe security work environment.

Benefits

  • on-site training
  • tuition reimbursement
  • competitive salary
  • excellent benefits
  • good work/life balance
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service