Chief Information Security Officer, Austin Technology Services

About The Position

Requirements

• Knowledge of Local, State, and Federal laws and regulations relevant to information security, privacy, and computer crime.
• Knowledge of the principles and practices of public administration and management.
• Knowledge of the capabilities and limitations of computer systems and technology.
• Knowledge of operating systems, Internet technologies, databases, and security infrastructure.
• Knowledge of information security controls, procedures, and regulations.
• Knowledge of concepts and techniques for enterprise risk management, audits, and risk assessments.
• Knowledge of incident response program practices and procedures.
• Skill in quickly resolving advanced security issues in diverse and decentralized environments.
• Skill in foreseeing technology threats and keeping ahead of security needs.
• Ability to establish and maintain effective working relationships with City staff, executive management, peers, State and County officials, outside agencies and partners, vendors, community groups, general public, and media representatives.
• Ability to direct and organize program activities; to identify problems, evaluate alternatives, and implement effective solutions.
• Ability to develop and evaluate policies and procedures and to prepare reports.
• Ability to communicate effectively in writing, verbally, and in presentations.
• Ability to plan, assign, or supervise the work of others.
• Ability to manage and oversee the development, monitoring, and maintenance of technology security processes and controls.
• Graduation with a Bachelor's degree from an accredited college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field, plus six (6) years of related experience, including two (2) years of experience which were in a supervisory capacity.
• Maintain relevant security, privacy or risk leadership certification (i.e., CISSP, CISM, CISA, CRISC, CDPSE,CIPP, CIPM, CIPT, CCSK, ISO/IEC 27001, ISO/IEC 27701 ) or obtain within six (6) months of employment.

Nice To Haves

• Demonstrated experience leading cybersecurity programs across both public and private sector organizations, with a strong preference for state or local government experience.
• Proven ability to balance policy-level decision-making with hands-on technical understanding of security architecture, risk management, and incident response.
• Experience overseeing information security functions in sectors such as utilities, airports, or industrial control systems, where safety, compliance, and technology converge.
• Track record of assessing, prioritizing, and executing long-term cybersecurity strategies and roadmaps that align organizational objectives with realistic timelines for improvement.
• Exceptional communication skills with the ability to effectively translate complex technical concepts for policymakers, executive leadership, and non-technical audiences, fostering trust and transparency across departments and City governance structures.

Responsibilities

• Leads the cyber team that monitors and protects the City's information and data from current and emerging internal and external security threats.
• Designs, develops, implements, evaluates, refines, monitors, and reports on all security-related aspects of the City's information and data systems and architecture.
• Leads the development and implementation of cyber-incident response plans and procedures to ensure timely recovery of business-critical services during security events; delivers guidance, support, and internal consulting on incident response practices; works with the resiliency team to ensure incident responses are a coordinated effort across the City.
• Assess current IT security best practices and systems controls to identify areas for improvement, based on NIST control sets.
• Collaborates with the enterprise architecture team to align security and enterprise reference architectures, ensuring cybersecurity requirements are embedded by design and integrated into all architectural frameworks.
• Researches and evaluates Citywide data security solutions through the citywide enterprise architecture process.
• Develops and presents budget recommendations, long- and short-term plans, and key performance indicators and targets.
• Directs security threat assessments, risk analyses, and system audits; leads and participates in tabletop exercises for cybers; and develops information and data security standards.
• Collaborates with other departments and stakeholders for cybersecurity best practices and preparedness for cyber events.
• Represents the City on information security strategy to internal and external organizations and maintains an information security governance committee.
• Oversees relevant and appropriate communications, awareness, and training programs.
• Oversees the coordination of the Citywide Security Operations.
• Champions and educates the organization about the latest security initiatives, strategies and technologies.
• Responsible for the full range of supervisory activities including selection, training, evaluation, counseling, and recommendation for dismissal.

Benefits

• generous leave
• work-life balance programs
• extensive benefits
• City of Austin Employees' Retirement System
• public transit and bike-friendly infrastructure
• wellness programs
• on-site fitness centers
• mental health support
• professional development
• leadership opportunities