Harris County was founded in 1836 and is located in the Gulf Coast region of Texas approximately 50 miles from the Gulf of Mexico. Harris County covers over 1700 square miles with over 4 million residents, making it the most populous county in Texas and third most populous in the United States.
The Harris County Universal Services (US) exists to support the mission of Harris County by developing, implementing and supporting high quality, innovative and cost effective information technology solutions.
Under general direction, the Enterprise Cybersecurity Manager will be responsible to help ensure the protection of Harris County's information systems and critical assets through the day-today management of all projects, services and personnel pertaining to Cybersecurity Engineering & Operations and Threat Management functions under the Universal Services Cybersecurity Program.
Job Duties and Responsibilities:
- Responsible for performing daily management duties and administrative tasks for 6 8 direct reports, including annual employee performance reviews.
- Responsible for the design, implementation, execution and management of multiple enterprise-wide security solutions to address Cybersecurity needs as they are identified and prioritized. Current projects may include multi-factor authentication, advanced threat protection, centralized logging/SIEM, SOC services, full-disk encryption and data protection for cloud storage and collaboration platforms.
- Responsible for ensuring quality delivery and timely execution of Cybersecurity services, including Vulnerability Scanning & Remediation, Threat & Vulnerability Advisory, Daily Threat Monitoring & Response, Incident Response, Identity & Access Management, Firewall Change Requests, Web Filtering Requests, Pen Test/Web Application Testing.
- Provides technical thought leadership and hands-on testing/engineering as necessary throughout the project lifecycle (Initiation, Planning, Execution, Control and Closure).
- Capable of managing multiple projects or issues simultaneously that are of high complexity and/or require in-depth knowledge across multiple technical areas and business segments.
- Assists team in conducting independent research, analysis, and stakeholder interviews to gather and document each project s scope, requirements and dependencies.
- Leads vendor evaluation, proof-of-concepts and product selection.
- Guides team in the creation of documentation as necessary to support the overall delivery of Cybersecurity objectives, with little guidance. This includes but is not limited to, project plans, communications, executive presentations, job aids, training materials, architecture diagrams, technical reference documentation, procedures and Request for Proposal/Offers (RFP/RFO s).
- Assists in the development of Cybersecurity strategy/technology roadmaps and metrics/measures packages.
- Designs and implements tools and processes to proactively monitor and govern the effectiveness of Cybersecurity controls and services and ensures the implementation of Harris County Cybersecurity Policies within Universal Services and across the organization.
- Determine key metrics for assessing and measuring cybersecurity risk, and document procedures to routinely gather and produce metrics reports and/or dashboards.
- Develops and maintains executive dashboards and/or regular reports to communicate department-specific cybersecurity risks.
- Assist in presenting cybersecurity risks and gaps to stakeholders as appropriate.
- Will help establish remediation plans and will proactively track progress of remediation efforts to ensure open issues/risks are addressed as agreed.
- Responsible for the coordination and management of third-party penetration tests and security risk assessments, as required to support governance efforts.
- Will actively participate in the on-going review and management of the Harris County Cyber Security Framework and Cybersecurity Policies to ensure alignment with cybersecurity objectives.
- Demonstrates knowledge and understanding of information technology industry trends and emerging technologies and an ability to relate them to the County and its objectives.
- Must be able to conduct accurate evaluation of security risks, weigh business needs against security concerns and articulate issues to senior management and stakeholders.
- Must be able to provide consulting on application development projects as needed to ensure security requirements are understood and incorporated into the application s architecture and design.
- Coaches and mentors more junior level managerial and technical staff.
- May participate on CSIRT incident handling and response activities as required.
- High school diploma or G.E.D. equivalency from an accredited educational institution; and
- A minimum of five (5) years of progressive work experience in Information Security, Cybersecurity or IT Governance and Compliance.
- Formal leadership experience serving as a manager or team lead with 5+ direct reports
- Experience designing and implementing security technologies and processes across complex, large-scale environments, all the way from project initiation to the desired end state of operationally healthy and sustainable services.
- A broad understanding of cybersecurity concepts across all domains, applicable security models (e.g. ISO 2700X, NIST and CIS Critical Security Controls) and regulations (e.g. SOX, PCI, HIPAA and CJIS).
- Strong research, analysis, analytical, problem solving and process development skills.
- Exceptional leadership, verbal and written communication, and project management skills.
- The ability to build and maintain strong relationships across departments/teams, confront challenges in a constructive fashion and influence others through consensus building techniques.
- Bachelor's degree from an accredited college or university.
- Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) or CompTIA Security+ Certification is preferred.
- Experience designing, implementing and managing some of the following security technologies and services is preferred: vulnerability management, advanced threat protection, SIEM/SOC services, identity governance and administration, multi-factor authentication, full-disk encryption, removable media encryption/protection and data protection for cloud storage/collaboration.
- Demonstrates knowledge and understanding of the global threat landscape, cybersecurity trends, emerging technologies and an ability to relate them to the County and its objectives.
- Strong organizational skills, including the ability to adhere to cybersecurity processes, and tools, and to keep focus on multiple tracks of work and open issues in parallel.
- Adept at maintaining focus and flexible/responsive to dynamic work environment.
- A passion for cybersecurity, self-starter mentality, flexibility and willingness to take on new challenges and ability to thrive in a team environment
- Ability to lift at least 20 pounds and/or move boxes and equipment as needed.
- Ability to kneel, crouch, handle, climb, walk, sit, twist and reach is needed to perform the essential functions.
Applicants for this position will be subject to a criminal background check that includes being fingerprinted. This applies to any position with network access to CJI (Criminal Justice Information) systems or access to an area where CJI is received, maintained or stored either manually or electronically (i.e. custodian, maintenance).
- Conviction, probation, or deferred adjudication for any Felony
- Conviction, probation, or deferred adjudication for any Class A Misdemeanor
- Conviction, probation, or deferred adjudication for a Class B Misdemeanor if within the previous 10 years
- Open arrest for any criminal offense (Felony or Misdemeanor)
- Family Violence conviction