Deputy CISO

Job Description:
This position serves as the Deputy Chief Information Security Officer and is accountable to the Chief Information Security Officer. This position performs highly advanced managerial work such as leading the development of enterprise-wide cybersecurity architectures and solutions as well as research, develops and recommends cybersecurity architectural policies and practices for cybersecurity initiatives from the definition phase through implementation.

This position formulates strategic plans and goals and the future state of security policies, practices, and requirements for HHSC. It requires critical thinking and analysis of best practices and solutions for the cybersecurity of the agency. Therefore, exposure to, and thorough knowledge of, emerging cybersecurity threats, vulnerabilities, and risks are fundamental to the role. Additionally, this position ensures adequate security solutions are in place throughout all HHSC IT systems and platforms to mitigate risks sufficiently while also meeting business objectives and regulatory requirements.

This position is also responsible for developing and coordinating the department’s budget processes and provide analysis services for executive management. This position facilitates ongoing business processes by enhancing communication and coordination between various functional areas. Performs professional-level budget preparation, analysis, coordination, and administrative work, including professional fiscal analysis and research duties in support of the preparation and administration of capital and operating budgets.

Supervises the work of others. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.

This position is also responsible for developing policies, procedures, and guidelines in areas of architecting, engineering, implementing, integrating, and operationalizing advanced security technologies for cybersecurity initiatives that support the HHS enterprise. This position enhances and matures cybersecurity architecture and processes in line with business needs. This is accomplished by leveraging industry standards and best practices for the purposes of assessing the current “as-is” architecture and proposing the desired “to-be” architecture based on solid risk assessment and evaluation of available technology and controls.

Additionally, this position must ensure that HHSC's cybersecurity architecture and processes comply with all statutory and regulatory requirements for information access, security, and privacy. This is a lead position of the cybersecurity department whose responsibilities also include monitoring intrusion prevention systems and acting as an Incident Responder should an event occur. Vulnerability management practices and procedures are used to assess new cyber threats and mitigate risk. The cyber threat landscape is monitored for potential issues with HHSC systems and infrastructure. This position shapes an effective technical IT cybersecurity risk program both near and long term. Essential Job Functions:
Serve as the Incident Commander responsible for leading and coordinating the response to all incidents. Responsible for being the central authority for making critical decisions, organizes teams, and oversees the entire incident response process. Responds to cybersecurity incidents which can strike with little forewarning and unfold in ways that no one can predict. Participates in technical incident management, investigations, and troubleshooting. Identifies cybersecurity incidents. Takes appropriate action to resolve particularly complex and technical cybersecurity issues that necessitate constant adaptation of existing procedures to new and unusual problems involving frequent changes in program and technological requirements. Contains the damage being done by the cybersecurity incident, for example, by stopping it from spreading to other networks and devices both within HHSC and beyond the agency. Recovers systems, data, and connectivity to normal operation, confirms that the systems are functioning normally, and remediates vulnerabilities to prevent similar incidents occurring. Provide regular training sessions and mentorship opportunities to facilitate knowledge-sharing within the team. Hiring new staff members or contracting outside services to supplement team's capabilities when needed. Develop security policies by reviewing industry standards and working closely with other departments to understand their security needs. Improving incident response times Reducing false positives and other extraneous alerts and Enhancing threat detection capabilities. Provide reports and updates on the organization's security posture, emerging threats, and recommended security enhancements. Responsible for evaluating and implementing security technologies and tools and staying updated on the latest trends and advancements in cybersecurity. (40%)

Responsible for implementing a data loss prevention (DLP) program to detect and prevent loss, leakage, or misuse of data through breaches, exfiltration, transmissions, and unauthorized use.
Analyzes and architects’ complex solutions to Information Technology cybersecurity threats that relate to confidentiality, integrity and availability of agency data and systems.
Expedite incident response resulting from DLP and adhere to company policies by quickly identifying network anomalies and inappropriate user activity during routine networking monitoring. Plans/designs/deploys maintainable cybersecurity DLP architecture and solutions based on defined requirements in a large-scale multi-agency environment adhering to industry standards and frameworks. Develop strategies to improve data visibility across the entire network and all endpoints through a -degree view of the enterprise. Determines DLP requirements by evaluating business strategies and functional and non-functional requirements. Contributes system and network engineering knowledge and application development methodologies in improving the cybersecurity architecture in a complex, multi-project environment. Guides and confirms that cybersecurity designs are implemented as per the requirements. Develops, prepares, and maintains cybersecurity operating policies, procedures, and associated documentation. Assesses security threats and vulnerabilities using structured methodologies such as the NIST Cybersecurity Framework. Responsible for implementing a vulnerability management program to identify, evaluate, mitigate, and report security vulnerabilities in various systems and software across the enterprise. Identifies, documents, and tracks weak points in the cybersecurity architecture based on standardized methodologies and innovative analysis. Performs the functions of vulnerability assessments, defining risk prioritization, enabling continuous monitoring and detections. Also responsible for meeting compliance requirements. Partnering with IT and stakeholders in communicating vulnerabilities. Work on regularly assessing and monitoring security position of third-party vendors and contractors with access to HHS systems and network. (30%)

Leads Governance, Risk & Compliance team to develop and maintain information security policies and workforce training and awareness. Responsible for assessing and prioritizing information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics. Responsible for reducing information security and cybersecurity risk by helping to prioritize and drive remediation efforts throughout the organization through the following:
• Establishing and maintaining governance and compliance standards. Monitoring risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products. Creating, maintaining, communicating, and enforcing information security policies.
• Advising senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis. Develops and implements a data security risk reporting framework, aligned with NIST SP -53, for management teams and governance committees.
• Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that HHS meets both the requirements and intent of its regulatory and compliance obligations. Facilitates the remediation of control gaps and escalates critical issues to leadership. Manages an exception review and approval process, and assures exceptions are documented and periodically reviewed. Prepares for and facilitates examinations by qualified security assessors for regulations such as HIPAA.
• Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management. Identifies, analyzes, evaluates, and documents information security risks and controls based on established risk criteria. Recommends controls to mitigate security risks identified via risk assessment process.
Communicates risk findings and recommendations that are clear and actionable by business stakeholders. Supports workforce security activities including culture, awareness, and training. (20%)

Other duties as assigned. (10%) Knowledge Skills Abilities:
Ability to help establish department goals, objectives, and strategies.
Ability to estimate the financial impact of cybersecurity alternatives.
Wide breadth of knowledge across security products, tools, and industry trends.
Ability to create solutions using a pragmatic, risk-based approach.
Ability to understand legal and regulatory requirements, business drivers, and priorities, and integrate these requirements into overall security design.
Ability to quickly absorb new concepts and technologies and apply that knowledge to current efforts and plans.
Thorough knowledge of existing standards, frameworks, models, and methods for developing and implementing security architectures.
Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.
In-depth understanding of capabilities deployed in security infrastructures.
Ability to lead the development and maintenance of tools, procedure, and documentation.
Understanding of methodologies, architectures, and practices employed to design and implement information sharing environments for supporting agency and inter-agency sharing of cyber security information.
Ability to provide thought leadership to technical and managerial personnel including agency executives.
Thorough knowledge of existing strategies, policies, laws, and regulations related to cybersecurity.
Thorough knowledge of the security and privacy aspects of cloud computing solutions.
Thorough knowledge of TCP/IP and networking concepts.
Ability to prepare and maintain security operating procedures and associated documentation.
Strong interpersonal and problem solving skills.
Understanding of malware, emerging threats, attacks, and vulnerability management.
Skilled in project management and project delivery.
Strong oral and written communication skills including the ability to independently author a wide range of technical documents.
Strong service mentality skills including the resolution of stakeholder escalations and incident management.
Thorough knowledge of interrelationships between critical infrastructure protection and cyber security.
Thorough knowledge in technical proficiency surrounding CSOC tools and their use by the cybersecurity staff.
Ability to analyze work related problems, draw evidence-based conclusions, and devise innovative solutions.
Ability to analyze large data sets and unstructured data for the purpose of identifying trends and anomalies indicative of malicious activity, as well as demonstrated capability to learn and develop new techniques.
Ability to work in a fast-paced team environment.
Ability to develop detailed process and procedure documentation.
Ability to present complex solutions and methods to both technical and non-technical stakeholders.
Ability to collaborate well with others to solve problems.

---