OAG - Enterprise Information Security | Chief ...

Please paste the following URL into a browser to view the entire job posting in the CAPPS Career Section: may apply to the job directly through the CAPPS Career Section. It is not necessary to apply both through Work In Texas and CAPPS Career SectionGENERAL DESCRIPTIONThe CISO leads the Office of the Attorney Generaland#8217;s (OAG) information security program, setting vision and strategy to protect information assets, systems, and infrastructure. This role partners with internal divisions, state and federal agencies, and vendors to implement best-in-class security practices aligned with policies and standards.Key responsibilities include:and#8226;Developing, maturing, and executing OAGand#8217;s cybersecurity strategy and program.and#8226;Advising the Office of the CIO on security risks and acceptable risk levels.and#8226;Overseeing cybersecurity operations, risk management, and incident response.and#8226;Embedding security into digital transformation initiatives, including cloud expansion and modernization.and#8226;Driving adoption and enforcement of security policies and procedures.and#8226;Leading a high-performing team of security professionals.The ideal candidate demonstrates servant leadership, fosters collaboration, and proactively addresses emerging threats. This position reports to the CIO and supports OAGand#8217;s mission to deliver secure, high-quality technology services for Texans.The OAG is a dynamic state agency with over 4,000 employees throughout the State of Texas, and is committed to providing innovative, modern, and value-driven IT services to the agency. We believe that having talented people in the right place while effectively utilizing new tools and technologies enables us to empower the agency to best serve the people of Texas. OAG employees enjoy excellent benefits (along with tremendous opportunities to do important work at a large, dynamic state agency making a positive difference in the lives of Texans.ESSENTIAL POSITION FUNCTIONSLeads the agencyand#8217;s information security function to ensure consistent, high-quality security management aligned with agency goals and the protection of information assets, technologies, applications, systems, infrastructure, and processes.Establishes and enforces cybersecurity standards, policies, and procedures to maintain service continuity during changes, security incidents, or disaster recovery events.Develops and oversees a strategic, comprehensive information security program ensuring confidentiality, integrity, availability, privacy and recovery of organizational information assets.Operates and manages the Security Operations Center (SOC) to monitor infrastructure for cyber threats, including external attacks and insider risks.Builds and leads a skilled team of security professionals responsible for risk reduction, incident response, and collaboration with business and technical stakeholders during cyber events.Directs threat intelligence collection, analysis, and dissemination to internal teams and partner organizations to strengthen cybersecurity posture.Conducts security assessments, risk analyses, and audits; defines and maintains security standards and compliance requirements.Represents the agency in internal and external forums on information security strategy and represents information security in IT and executive governance committee.Oversees security awareness, communication, and training programs to promote a strong security culture across the organization.Performs related work as assignedMaintains relevant knowledge necessary to perform essential job functionsAttends work regularly in compliance with agreed-upon work schedule. Telework schedules are permitted for employees based on the agencyand#8217;s approved Telework Plan (if schedule does not adversely affect operations and service levels, and stand rd hours of operation are maintained). Telework schedules are set by the Departments based on business needs.Ensures security and confidentiality of sensitive and/or protected informationComplies with all agency policies and procedures, including those pertaining to ethics and integrityQualifications: MINIMUM QUALIFICATIONSEducation: Graduation from high school or equivalentEducation: Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology, computer engineering, computer information systems, computer science, management information systems, or a related field is generally preferred; experience in the following (or closely related) fields may be substituted for the required education on a year-for-year basis: information security, information technology, or risk managementExperience: 10 years of full-time experience working in the following (or closely related) fields: information security, information technology, or risk managementExperience and technical mastery in cybersecurity analysis work, with emphasis on security operations, incident management, intrusion detection, information protection, security systems deployment, and security event analysisExperience in building and/or maturing a Security Operations Center, including the integration of monitoring, threat intelligence, forensic analysis, and incident responseKnowledge of local, state, and federal laws and regulations relevant to information security, privacy, and computer crime; of the principles and practices of public administration and management; of the limitations and capabilities of computer systems; of technology across all network layers and computer platforms; of operational support of networks, operating systems, Internet technologies, databases, and security applications; of cybersecurity controls, procedures, and regulations; and of incident response program practices and proceduresSkill in the use of a computer and applicable software; and in configuring, deploying, and monitoring security infrastructureAbility to manage and oversee the development, monitoring, and maintenance of security processes and controls; to identify problems, evaluate alternatives, and implement effective solutions; to develop and evaluate policies and procedures; to prepare reports; to implement security best practices and awareness; to communicate effectively; and to supervise the work of othersAbility to provide excellent customer serviceAbility to arrange for personal transportation for business-related travelAbility to work more than 40 hours as needed and in compliance with the FLSAAbility to lift and relocate 10 lbs.Ability to travel (including overnight travel) up to 10%PREFERRED QUALIFICATIONSCertifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC)TO APPLYTo apply for a job with the OAG, electronic applications can be submitted through CAPPS Recruit. A State of Texas application must be completed to be considered, and paper applications are not accepted. Your application for this position may subject you to a criminal background check pursuant to the Texas Government Code. Military Crosswalk information can be accessed at OAG IS AN EQUAL OPPORTUNITY EMPLOYER

Created: 2026-01-23