INFORMATION SECURITY OFFICER (ISO) (Exe Lev) - Houston Health Department

at  City of Houston TX

EDUCATION

B.A. or B.S. degree in Management and Information Systems (MIS), Computer Science, Engineering or a closely related field.

EXPERIENCE

At least 5 years of experience implementing IT Security plans and controls of a department or enterprise IT environment that includes three (3) years managing a technology team. Strong understanding of the department’s core business functions and business strategy.

Under the general direction of the City of Houston (COH) Chief Information Security Officer (CISO), duties, functions and responsibilities of this position include:

• Develop and implement Houston Health Department (HHD) specific Cybersecurity Master Plan aligned with the COH Cybersecurity Master Plan to address the confidentiality, integrity and availability of HHD systems, data and information
• Directs an ongoing, proactive risk assessment program for all new and existing HHD systems and remains familiar with HHD’s goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk
• Responsible for communicating risks and recommendations to mitigate risks to the COH CIO, CISO and HHD senior leadership team in cost/benefit terms so decisions can be made to ensure the security of information systems and information entrusted to HHD
• Oversees all ongoing activities related to the development, implementation and maintenance of HHD’s information security policies and procedures by ensuring these policies and procedures encompass the overall security of protected health information (PHI) and electronic protected health information (ePHI) bot at rest and in motion
• Assists HHD divisions, programs and HHD Privacy Officer with efforts to ensure Health Insurance Portability and Accountability Act (HIPAA) compliance a
• Ensures HHD vulnerabilities are managed and mitigated per COH Cyber Division policy
• Assists with the development of HHD specific, role-based information security awareness training programs, and works with COH Cyber Division, HHD divisions and programs to present to staff as appropriate
• Works with COH CISO to ensure proper protections, technical and physical controls are in place to protect the confidentiality, integrity and available of HHD systems, data and information
• Assists with the development and implementation of an HHD business continuity/disaster recovery plan to offset the impact caused by intentional and unintentional acts
• Evaluates security incidents and determines what response, if any, is needed and coordinates with COH CISO and COH Cyber Division on proper responses when sensitive data or information are compromised
• Assists the COH CISO with HHD insider threat investigations
• Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by COH CISO, and obtaining certifications relevant to job duties