INFORMATION SECURITY OFFICER (ISO) (Exe Lev) - Houston Health Department

INFORMATION SECURITY OFFICER (ISO) (Exe Lev) - Houston Health DepartmentPrint ( SECURITY OFFICER (ISO) (Exe Lev) - Houston Health DepartmentSalary$125,000.00 - $150,000.00 AnnuallyLocation8000 N. StadiumJob TypeExecutive LevelJob Number27009DepartmentHouston Information Technology ServicesOpening Date11/30/2021DescriptionBenefitsQuestionsPOSITION OVERVIEWPN#27009 INFORMATION SECURITY OFFICER - ISO (EXE LEV)DESCRIPTION OF DUTIES / ESSENTIAL FUNCTIONSUnder the general direction of the City of Houston (COH) Chief Information Security Officer (CISO), duties, functions and responsibilities of this position include:Develop and implement Houston Health Department (HHD) specific Cybersecurity Master Plan aligned with the COH Cybersecurity Master Plan to address the confidentiality, integrity and availability of HHD systems, data and informationDirects an ongoing, proactive risk assessment program for all new and existing HHD systems and remains familiar with HHD s goals and business processes so effective controls can be put in place for those areas presenting the greatest information security riskResponsible for communicating risks and recommendations to mitigate risks to the COH CIO, CISO and HHD senior leadership team in cost/benefit terms so decisions can be made to ensure the security of information systems and information entrusted to HHDOversees all ongoing activities related to the development, implementation and maintenance of HHD s information security policies and procedures by ensuring these policies and procedures encompass the overall security of protected health information (PHI) and electronic protected health information (ePHI) bot at rest and in motionAssists HHD divisions, programs and HHD Privacy Officer with efforts to ensure Health Insurance Portability and Accountability Act (HIPAA) compliance aEnsures HHD vulnerabilities are managed and mitigated per COH Cyber Division policyAssists with the development of HHD specific, role-based information security awareness training programs, and works with COH Cyber Division, HHD divisions and programs to present to staff as appropriateWorks with COH CISO to ensure proper protections, technical and physical controls are in place to protect the confidentiality, integrity and available of HHD systems, data and informationAssists with the development and implementation of an HHD business continuity/disaster recovery plan to offset the impact caused by intentional and unintentional actsEvaluates security incidents and determines what response, if any, is needed and coordinates with COH CISO and COH Cyber Division on proper responses when sensitive data or information are compromisedAssists the COH CISO with HHD insider threat investigationsRemains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by COH CISO, and obtaining certifications relevant to job dutiesWORKING CONDITIONSThere are no major sources of discomfort, i.e., essentially normal office environment with acceptable lighting, temperature and air conditions. Significant time spent using computer display, keyboard, and mouse.Must be able to pass a criminal background check, obtain and maintain federally mandated security clearances where required.MINIMUM REQUIREMENTSEDUCATIONB.A. or B.S. degree in Management and Information Systems (MIS), Computer Science, Engineering or a closely related field.EXPERIENCEAt least 5 years of experience implementing IT Security plans and controls of a department or enterprise IT environment that includes three (3) years managing a technology team. Strong understanding of the department's core business functions and business strategy.PREFERENCESPreference will be given to applicants that possess:Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)HealthCare Information Security and Privacy Practitioner (HCISPP) security certificationsAt least 5 years of experience developing and implementing cybersecurity plans and controls in a healthcare focused organization. Strong understanding of the department s core business functions and business strategyBroad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needsComprehensive understanding of the compliance and legal requirements for information confidentiality and integrity especially as it relates to patient information in a healthcare environment (electronic health/medical records (EHR/EMR), HIPAA, HITECH, etc.)Experience evaluating and managing cyber risk and working within industry-standard frameworks (e.g. NIST Cybersecurity Framework, CIS Top 20, NIST 800-XX, etc.)Knowledge and experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration managementKnowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM and DLPSolid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applicationsExperience with a wide variety of operating systems: Windows Server, Windows 10, Windows 7, Linux etcKnowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis modelsKnowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologiesSolid knowledge and understanding of networking and TCP/IPWell-developed interpersonal skills. Ability to get along with diverse personalities; tactful, mature and flexibleAbility to establish creditability and be decisive but also to recognize and support the organization s preference and prioritiesAbility to maintain the highest standard of confidentiality is required with zero toleranceHigh energy level, comfortable performing multifaceted projects in conjunction with normal activitiesResults oriented with the ability to balance other business considerationsAbility to speak and present information effectively to groups of varying sizesProven experience working in a rapidly changing, high intensity environmentAvid, proactive learner and ability to work well in a team-based environmentStrong interpersonal and writing skillsSuperior attention to detailPreference will also be given to eligible veteran applicants provided such persons possess the qualifications necessary for competent discharge of the duties involved in the position applied for, such persons are among the most qualified candidates for the position, and all other factors in accordance with Executive Order 1-6.GENERAL INFORMATIONSELECTION/SKILLS TESTS REQUIRED NoneHowever, the department may administer skills assessment test.SAFETY IMPACT POSITION NoIf yes, this position is subject to random drug testing and if a promotional position, candidate must pass an assignment drug test.SALARY INFORMATIONFactors used in determining the salary offered include the candidate's qualifications as well as the pay rates of other employees in this classification.Pay Grade 34APPLICATION PROCEDURESOnly online applications will be accepted for this City of Houston job and must be received by the Human Resources Department during active posting period. Applications must be submitted online at: www.houstontx.gov.To view your detailed application status, please log-in to your online profile by visiting: or call (832) ###-####.If you need special services or accommodations, call (832) ###-####. (TTY 7-1-1)If you need login assistance or technical support call 855-###-####.Due to the high volume of applications received, the Hiring Department will contact you directly, should you be selected to advance in our recruitment process.All new and rehires must pass a pre-employment drug test and are subject to a physical examination and verification of information provided.EEO Equal Employment OpportunityThe City of Houston is committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, genetic information, veteran status, gender identity, or pregnancy.The city offers a competitive benefits program, including competitively priced health coverage and a defined contribution pension plan.Benefits include:MedicalDentalVisionWellnessLife insuranceLong-term disabilityRetirement pension457 deferred compensation planEmployee Assistance Program10 days of vacation each year11 city holidays, plus one floating holidayFlexible schedulesProfessional development opportunitiesTransportation/parking planSection 125 pretax deductionsDependent Care Reimbursement PlanHealthcare Flexible Spending AccountFor plan details, visit you a veteran who served on active duty in the Armed Forces (United States Army, Navy, Air Force, Marine Corps, or Coast Guard) for more than 90 consecutive days and received either an honorable discharge or a general discharge under honorable conditions?YesNo02Do you possess a Bachelor's or Master's degree in Management and Information Systems (MIS), Computer Science, Engineering or a closely related field?YesNo03Do you possess at least 5 years of experience implementing IT Security plans and controls of a department or enterprise IT environment?YesNo04Do you possess at least 3 years managing a technology team?YesNo05Please describe your related experience.06Which of the following do you possess? (check all that apply)Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)HealthCare Information Security and Privacy Practitioner (HCISPP)None of the above07Do you possess at least 5 years of experience developing and implementing cybersecurity plans and controls in a healthcare focused organization?YesNo08Do you possess broad working knowledge of health care operations and their related data/software/hardware requirements including, but not limited to, hospitals, clinics, medical offices, and their information technology needs?YesNo09Do you possess a comprehensive understanding of the compliance and legal requirements for information confidentiality and integrity especially as it relates to patient information in a healthcare environment (electronic health/medical records (EHR/EMR), HIPAA, HITECH, etc.)?YesNo10Do you possess experience evaluating and managing cyber risk and working within industry-standard frameworks (e.g. NIST Cybersecurity Framework, CIS Top 20, NIST 800-XX, etc.)?YesNo11Do you possess knowledge and experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM and DLP?YesNo12Do you possess solid expertise in formal/structured IT security risk assessment methodology, including understanding the implementation challenges and advantages across all levels of hardware platforms and software applications?YesNo13Do you have experience with a wide variety of operating systems: Windows Server, Windows 10, Windows 7, Linux etc.?YesNo14Are you knowledgeable of Cyber Kill Chain and Diamond Model of Intrusion Analysis models?YesNo15Do you have knowledge of SIEM, IDS, anti-virus/anti-malware and firewall technologies?YesNo16Do you possess experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management?YesNo17Please check all that describe your professional personality and/or abilities:Well-developed interpersonal skillsAbility to get along with diverse personalities; tactful, mature and flexibleAbility to establish credibility and be decisive but also recognize and support the organization's preference and prioritiesAbility to maintain the highest standard of confidentiality is required with zero toleranceComfortable performing multifaceted projects in conjunction with normal activitiesResults oriented with the ability to balance other business considerationsAbility to speak and present information effectively to groups of varying sizesAvid, proactive learner and ability to work well in a team-based environmentStrong interpersonal and writing skillsSuperior attention to detailNone of the aboveRequired Question