Cybersecurity Architect - Governance, Risk & Compliance

Minimum Qualifications
Education and/or Equivalent Experience:

• Graduation with a Bachelor’s degree from an accredited college or university, plus four (4) years of related experience, including one (1) year of experience which were in personnel, project, or program management.
• Graduation with a Master’s degree from an accredited college or university may substitute for experience up to two (2) years.
• Experience may substitute for education up to four (4) years.
• Industry certifications may be considered as substitution for education.

Licenses and Certifications Required:

• None.

Notes to Applicants
The Information Security Office establishes, maintains, and directs the citywide Information Security Program and coordinates the City’s information and technology risk management efforts.
The Cybersecurity Architect - Governance, Risk, and Compliance ( GRC ) promotes and supports the City’s Information Security Program, Privacy Program, Risk Management Program, and their missions by managing complex projects, teams, and programs.
Successful applicants will have a high level of commitment and personal motivation and have demonstrated knowledge and understanding of IT and OT security controls and control models.

Application Instructions:
In your cover letter, please include any additional skills and interest you would like to share.
When completing the City of Austin employment application:
The City of Austin employment application is an official document; incomplete applications will not be considered. Please be sure that your application is a reflection of your entire work history.

• Please be sure to detail on the application all previous employment that you wish to be considered as part of your qualifications.
• A detailed, complete employment application is required. It helps us to better evaluate your qualifications and will be used to determine salary if you are selected for this position. Be sure to provide job titles and employment dates for all jobs you wish to be considered. Describe your specific experience for each position. Include all job duties, responsibilities, and employment dates.
• A résumé is required, but will not substitute for a complete employment application. Please include contact information from previous employers.

This position requires a Criminal Background Check.


Pay Range
$47.75 - $62.07
Hours
Monday - Friday.
8:00 a.m. - 5:00 p.m.
Hours may vary due to operational needs.
Evenings/weekends/holidays may be required.
Job Close Date 08/05/2024 Type of Posting External Department Information Security Office Regular/Temporary Regular Grant Funded or Pooled Position Not Applicable Category Professional Location Central Austin Preferred Qualifications
Preferred Experience:

• Experience working within the NIST Risk Management Framework (800-37, Rev. 2) and related guidance and special publications
• CISSP , CISM , CRISC , CAP or comparable information security or risk management certification or the ability to obtain one within 6 months of employment
• Experience leading and mentoring less-experienced personnel
• Experience with defense-in-depth enterprise security architectures and strategies
• Experience with risk management, including assessments and determining mitigation
• Experience managing teams, complex projects, and large-scale programs

Duties, Functions and Responsibilities
Essential duties and functions, pursuant to the Americans with Disabilities Act, may include the following. Other related duties may be assigned.
Provides leadership and manages the development and delivery of information security and privacy standards, architecture, and systems to provide information security and privacy guidance across one or more departments. Manages incident response and business continuity procedures to respond to and recover from information security and privacy incidents. Evaluates and selects information security applications and systems. Implements processes and methods for auditing and addressing non-compliance to information security and privacy standards; recommends mitigation of non-compliant environments. Manages and participates in the planning and implementation of security and privacy administration for all information security and privacy projects. Makes recommendations and oversees the implementation of changes to work methods and procedures to make them more effective or to strengthen information security and privacy measures. Aligns information security and privacy tasks to the priorities established by the City or the information security program; monitors assets to detect security and privacy vulnerabilities and incidents. Assists management in stakeholder engagements, resource acquisition, strategic planning, interdepartmental collaboration, and office development. Functions as business partner; builds business relationships with stakeholder representatives; and frequently interacts with representatives to discuss information security and privacy risk, incident response, policies, controls, and training. Establishes strategic goals that support the department’s or City-wide objectives by gathering pertinent business, financial, service, and operations information; identifying and evaluating trends and options; choosing a course of action; defining objectives; and evaluating outcomes. Oversees and manages contract compliance.

Responsibilities- Supervision and/or Leadership Exercised:

• May be responsible for the full range of supervisory activities: selection, training, evaluation, counseling, and recommendation for dismissal.

Knowledge, Skills and Abilities
Must possess required knowledge, skills, abilities, and experience and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.

• Knowledge of Federal, State, and Local laws and ordinances and other requirements governing technology, security, privacy, and risk.
• Knowledge of computer networks, hardware, and software, including applications and programming.
• Knowledge of the practical application of information security and/or privacy architecture and engineering, including applying principles, techniques, procedures, and tools to the design and implementation guidance of security and privacy controls.
• Knowledge of business and management principles involved in strategic planning, resource allocation, human resources modeling, leadership technique, production methods, and coordination of people and resources.
• Skill in handling multiple tasks and prioritizing.
• Skill in oral and written communication tailoring to stakeholder needs.
• Skill in planning and organizing.
• Skill in data analysis and problem solving.
• Skill in handling conflict and uncertain situations.
• Skill in using computers and related software applications.
• Skill in ensuring complex application, process, or configuration information is documented and maintained.
• Skill in installing and maintaining applications, operating systems, or equipment.
• Skill in providing technical support in a variety of work environments.
• Skill in adapting communication styles to maximize amount and quality of information.
• Ability to collaborate and compile clear and concise reports.
• Ability to take initiative and seek innovative solutions.
• Ability to communicate complex information clearly and effectively to various audiences.
• Ability to establish and maintain effective communication and working relationships with City personnel, vendors, contract service providers, and the public.
• Ability to cooperate with others by sharing information, presenting ideas and concerns, and asking and answering questions.
• Ability to work with frequent interruptions and changes in priorities.
• Ability to work, collaborate, and, when required, lead in a team environment.
• Ability to perform complex information security and privacy analysis, audits, reviews, and other logistics requirements and performance reporting.
• Ability to document and flowchart computer-based systems.
• Ability to understand audit data, documents, and reports.
• Ability to facilitate and deliver training.
• Ability to process information, commit to definite course of action, and maintain composure.
• Ability to perform self-management behaviors in conscious and productive way.
• Ability to provide exceptional customer service at all times.
• Ability to maintain highest standards of conduct, integrity, and professionalism in all matters.
• Ability to exercise tact, objective judgment, and effective conflict resolution skills when confronted with confrontational or adversarial situations.
• Ability to continuously learn and grow through the development of new skills, pursuit of applicable professional certifications, and involvement in professional organizations.

Criminal Background Investigation This position has been approved for a Criminal Background Investigation. EEO/ADA
City of Austin is committed to compliance with the Americans with Disabilities Act. If you require reasonable accommodation during the application process or have a question regarding an essential job function, please call (512) 974-3210 or Texas Relay by dialing 7-1-1.

The City of Austin will not discriminate against any applicant or employee based on race, creed, color, national origin, sex, gender identity, age, religion, veteran status, disability, or sexual orientation. In addition, the City will not discriminate in employment decisions on the basis of an individual’s AIDS , AIDS Related Complex, or HIV status; nor will the City discriminate against individuals who are perceived to be at risk of HIV infection, or who associate with individuals who are believed to be at risk.

Information For City Employees: If you are an employee within the department, are in good standing and meet both the minimum and preferred qualifications, then you will receive an initial interview.

Supplemental Questions

Required fields are indicated with an asterisk (*).
* The minimum qualifications for the Cybersecurity Architect position are: Graduation with a Bachelor’s degree from an accredited college or university, plus four (4) years of related experience, including one (1) year of experience which were in personnel, project, or program management. Graduation with a Master's degree from an accredited college or university may substitute for experience up to two (2) years. Experience may substitute for education up to four (4) years. Industry certifications may be considered as substitution for education. Do you meet these minimum qualifications?

• Yes
• No

* Please explain how you meet the minimum qualifications of this position.
(Open Ended Question)
* List all security, privacy, and/or technical certifications that you hold.
(Open Ended Question)
* Describe your experience leading security requirements and controls in alignment with NIST and other regulatory standards.
(Open Ended Question)
* With specific examples, describe your experience with risk management, including processes, assessments, and analysis.
(Open Ended Question)
* Describe your experience mentoring, training and leading others.
(Open Ended Question)
* This position requires a criminal background investigation (CBI). By selecting the following, you are acknowledging that you understand if you are selected as a top candidate for this position, you will need a successful Criminal Justice Information System (CJIS) to be hired.

• I acknowledge and understand this position requires a Criminal Justice Information System (CJIS-Criminal Background Investigation).

Optional & Required Documents

Required Documents Cover Letter Resume Optional Documents

Austin, Texas United States View Map