We are looking for a Full-time contractor or employee for an Information security consultant roles.
JOB DESCRIPTION: The Information Security Manager reports to the Manager of Information Resources with access to the Director of Operations for escalated information technology security matters. The Information Security Manager performs advanced (senior-level) information security work providing direction and guidance in strategic operations and planning for the Cybersecurity Program of the Department. Work involves planning, developing, documenting, implementing, monitoring, reporting, and maintaining security measures to protect Department systems and information against unauthorized access, disclosure, modification, or destruction. The Information Security Manager works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.
EXAMPLES OF WORK PERFORMED:
Leads the ongoing development and implementation of mandated information security policies, standards, guidelines, and procedures to ensure compliance.- Directs the design, planning, deployment, and continuous improvement of security infrastructure resources.
- Ensures information security configurations adhere to established information security policies and procedures.
- Reviews results of security assessments, audits, penetration tests, and vulnerability scans of IT systems and coordinates implementation of necessary remediation items.
- Provides input to the agency risk management program through planning, developing, coordinating, documenting, and implementing information technology disaster recovery, business continuity, and incident response plans.
- Reviews security requirements, and conducts technical risk assessments for new and existing applications and systems, including physical security and environment.
- Assesses the security practices of external vendors and third-party providers
Skills(Required):
- Experience in information security operations and/or information security analysis management work.
Skills(Preferred):
- Experience in state of Texas information security operations and/or information security analysis management work.
GENERAL REQUIREMENTS:
- Graduation from an accredited four-year college or university with a degree in information technology security, computer information systems, computer science, management information systems, or a related field. Note: Experience and education may be substituted for one another on a year-for-year basis.
- Certification(s) obtained in at least one of the following preferred: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).
KNOWLEDGE, SKILLS, AND ABILITIES
- Knowledge of local, state, and federal laws and regulations relevant to information security and privacy (Texas Administrative Code Chapter 202, Texas DIR Security Controls Standards Catalog, NIST SP 800-53, etc.).
- Knowledge of the limitations and capabilities of computer systems.
- Knowledge of technology across all network layers and computer platforms.
- Knowledge of operational support of networks, operating systems, Internet technologies, databases, and security applications.
- Skill in the use of a computer and applicable software.
- Skill in configuring, deploying, and monitoring security infrastructure.
- Ability to direct and organize program activities.
- Ability to identify problems, evaluate alternatives, and implement effective solutions.
- Ability to develop and evaluate policies and procedures.
- Ability to communicate effectively, including translating complex technical information into non-technical, clear concepts, both orally and in writing.