Agency Announcements

TSABAA Job Board

Information Security Officer Austin, Texas

Apr 30, 2023

Texas Alcoholic Beverage Commission

https://www.governmentjobs.com/careers/tabc

Performs highly advanced (senior-level) information security work providing direction and guidance in strategic operations and planning. Work involves establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which the agency operates. Identifies, evaluates, and reports on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.

Works with business units to implement practices that meet policies, procedures, guidelines, and standards for information security. Oversees a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology. The ISO position is responsible for implementing and running the agency’s information security program.

Supervises the work of others. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment

Essential Job Functions

(25%) Oversees the implementation of computer system security plans with agency personnel and outside vendors.

  • Provides guidance and assistance to senior agency officials, information-owners, information custodians, and end users concerning their responsibilities under TAC 202.
  • Informs management and other parties in the event of noncompliance with TAC 202 and/or with the agency’s information security policies.
  • Coordinates the implementation of computer system security plans with agency personnel and outside vendors.
  • Reports, at least annually, to management the status and effectiveness of security controls.

(25%) Directs the agency risk management program through planning, developing, coordinating, and implementing information technology disaster recovery and business continuity planning.

  • Assists with preparing the Continuity of Operations Plan (COOP) and participates in COOP exercises with SORM.
  • Develops and maintains an agency-wide information security plan as required by §2054.133, Texas Government Code.
  • Maintains the business and technical resources to ensure controls are utilized to address all applicable requirements of TAC 202 and the agency’s information security risks.
  • Develops and implements a comprehensive plan to secure computing network.
  • Manages information security and risk management awareness and training programs.
  • Ensures annual information security risk assessments are performed and documented by information owners as defined by the agency’s data governance policy.
  • Reviews the agency’s inventory of information systems and related ownership and responsibilities.

(25%) Oversees the ongoing development and implementation of statewide information, cybersecurity policies, standards, guidelines, and procedures to ensure information security capabilities cover current threat capabilities.

  • Develops and maintains information security policies and procedures that address the requirements of TAC 202 and the agency’s information security risks.
  • Develops policies and procedures in cooperation with the agency Information Resources Manager, information-owners, and custodians, necessary to ensure the security of information and information resources against unauthorized or accidental modification, destruction, or disclosure.
  • Reviews the data security requirements, specifications, and if applicable, third-party risk assessment of any new computer applications or services that receive, maintain, and/or share confidential data.
  • Develops, maintains, and implements agency-wide information and cybersecurity policies, standards, guidelines, and procedures to ensure information security capabilities cover current threat capabilities.

(15%) Reviews technical risk assessments, new and existing applications, and systems, including data center physical security and environment.

  • Verifies security requirements are identified, risk mitigation plans are developed and contractually agreed and obligated prior to the purchase of information technology hardware, software, and systems development services for any new high impact computer applications or computer applications that receive, maintain, and/or share confidential data.
  • Prevents data breaches, monitors, and reacts to cyber-related attacks.
  • Investigates available tools and countermeasures to remedy the detected vulnerabilities and recommends solutions and best practices.

(10%) Reviews results of special investigations, internal audits, research studies, forecasts, and modeling exercises to provide direction and guidance.

  • May represent the agency at business meetings, hearings, trials, legislative sessions, conferences, and seminars or on boards, panels, and committees.
  • Performs other duties as assigned, plans, assigns, and supervises the work of others.

TRAVEL REQUIREMENT: 10%

 

MQs, KSA, License/Certifications

MINIMUM QUALIFICATIONS: 
 
Must pass a background check.

Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field. Experience and education may be substituted for one another.

AND

Five (5) years’ full-time experience in information security analysis management or information security analysis management work.

PREFERRED QUALIFICATIONS
Certification as a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).

KNOWLEDGE, SKILLS, AND ABILITIES: 

Knowledge

  • Knowledge of local, state, and federal laws and regulations relevant to information security, privacy, and computer crime; of the principles and practices of public administration and management; of the limitations and capabilities of computer systems; of technology across all network layers and computer platforms; and of operational support of networks, operating systems, Internet technologies, databases, and security applications.
  • The ISO position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies.

Skills

  • Skill in the use of a computer and applicable so infrastructure.
  • Skill in the use of a computer and applicable software; and the configuring, deploying, and monitoring security infrastructure.

Abilities
Ability to direct and organize program activities; to identify problems, evaluate alternatives, and implement effective solutions; to develop and evaluate policies and procedures; to prepare reports; to resolve advanced security issues in diverse and decentralized environments; to communicate effectively; and to plan, assign, and/or supervise the work of others.

REGISTRATION, CERTIFICATION OR LICENSURE:
Prefer certification as a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control.
A valid Texas driver license.

 

Physical Requirements/Supplemental Information

Must be able to communicate and exchange accurate information via phone, computer and in person. Must be able to perform repetitive use of a keyboard at a workstation. Must be able to work with overlapping deadlines. Required to work as a team member, provide excellent customer service, and work with sensitive and confidential information. Must be able to attend work regularly in accordance with agency leave and attendance policies. Must be able to comply with all applicable agency policies and procedures, including safety and standards of conduct. Must be willing and able to travel up to 10% or as needed.

MILITARY OCCUPATIONAL SPECIALIST (MOS) CODE: 
Veterans, Reservists or Guardsmen with an MOS or additional duties pertaining to the minimum experience requirements may meet the minimum qualifications for this position and are highly encouraged to apply:
For more information see the Texas State Auditor’s Military Crosswalk at
https://hr.sao.texas.gov/CompensationSystem/JobDescriptions

Supplemental Information:

  • The Texas Alcoholic Beverage Commission reserves the right to adjust compensation based upon legislative mandates in regard to TABC’s and/or an employee’s contribution to the Employees Retirement System. In compliance with Senate Bill 321, agencies that hire a person who has retired from the Employees Retirement System (ERS) or the Law Enforcement and Custodial Officers Supplemental Fund (LECOS) on or after September 1, 2009, are required to remit a surcharge each month the return-to-work retiree is employed. Candidates meeting these requirements will be offered a lower base salary to cover the surcharge.
  • The Commission will conduct a criminal history and driver record check with the Texas Department of Public Safety in accordance with applicable standards on all finalists for this position.
  • Applicants should clearly describe on their applications how they meet the minimum qualifications for the position. Qualifications may be verified through testing. Resumes will not be accepted in lieu of the completed application. Incomplete applications will not be considered.
  • The Immigration Reform and Control Act of 1986 requires all new employees to present proof of eligibility to work in the United States within three (3) days of being hired. The Texas Alcoholic Beverage Commission participates in E-Verify and will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization; For more information, see: https://www.e-verify.gov/about-e-verify/what-is-e-verify
  • Males between the ages of 18 and 25 years, inclusive, may be required to furnish proof of either selective service registration or exemption there from as a condition of state employment. The Texas Alcoholic Beverage Commission adheres to the Veteran’s Preference granted in Chapter 657 of the Texas Government Code and the Former Foster Children Preference granted in Chapter 672 of Section 1, Subtitle B, and Title 6 of the Texas Government Code.