Please paste the following URL into a browser to view the entire job posting in the CAPPS Career Section: https://capps.taleo.net/careersection/ex/jobdetail.ftl?job=00046290 You may apply to the job directly through the CAPPS Career Section. It is not necessary to apply both through Work In Texas and CAPPS Career Section

This posting is for internal DPS employees only PLEASE NOTE:All applications must contain complete job histories, which includes job title, dates of employment, name of employer, supervisor's name and phone number and a description of duties performed. If this information is not submitted, your application may be rejected because it is incomplete. Resumes do not take the place of this required information. SUBMITTED THROUGH WORK IN TEXAS: Work In Texas (WIT) applicants must complete the supplemental questions to be considered for the posting. In order to complete the supplemental questions please go to CAPPS Recruit to register or login and access your profile. Go to CAPPS Recruit to Sign In https://capps.taleo.net/careersection/ex/jobsearch.ftl?lang=en GENERAL DESCRIPTION:Performs advanced and/or managerial (senior-level) information security analysis work. Responsible for overall leadership, coordination, governance and mitigation of DPS risk strategy for cybersecurity; includes developing, implementing and maintaining a cybersecurity risk management framework and establishing processes and procedures for risk identification, analysis and monitoring including remediation planning and reporting. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment. The following Military Occupational Specialty codes are generally applicable to this position. https://hr.sao.texas.gov/Compensation/MilitaryCrosswalk/MOSC_InformationTechnology.pdf Applicants must fully complete the summary of experience to determine if minimum qualifications are met. ESSENTIAL DUTIES / RESPONSIBILITIES: Perform and/or oversee Cyber Risk Management processes including risk assessments and vulnerability management across DPS. Perform and/or oversee cybersecurity risk analysis and manage security programs. Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed and elevate them for Deputy CISO review. Provide input for plans, roadmaps, and prioritization for projects in order to drive down organizational risks. Submit recommendations to Deputy CISO for exception or waiver approvals. Ensure residual risk is evaluated and formally documented on a corrective action plan if/when a system is approved to operate that does not meet all the security requirements for operation. Ensure all risks not mitigated are documented for Deputy CISO acceptance, and that plan of actions and milestones (POAM) are created. Ensure each system is evaluated based on its environment and sensitivity levels. Evaluate complex business and technical requirements and communicate inherent security risks and solutions to technical and non-technical business workers. Collaborate with IT to manage security vulnerabilities. Ensure the NIST-based risk management process is followed and ensure utilization of best practices. Attend work regularly and observe approved work hours in accordance with agency leave and attendance policies. Perform other duties as assigned. Qualifications: GENERAL QUALIFICATIONS and REQUIREMENTS: Education Graduation from an accredited four-year college or university with a major in Business, Science, Computer Science, Technology, Homeland Security, Cybersecurity, Law, or Auditing or related. Experience Minimum of three (3) years experience developing a Cybersecurity Risk Management team or in a Cybersecurity role that included governance, risk, and compliance. Previous experience managing or overseeing Cybersecurity Risk, Governance, and Compliance teams is preferred. Proficient in the use of governance, risk, and control frameworks and proce s improvement models. Substitution Note: Additional work experience of the type described or other related education may be substituted for one another on a year-for-year basis. Licensure and/or Certification CRISC certification is preferred. Must obtain CRISC within one year of hire. If driving is required, must possess a valid driver license from state of residence. Regulatory knowledge Working knowledge of, or the ability to rapidly assimilate information related to DPS, State and Federal regulations, legislation, guidelines, policies and procedures. Comprehensive and in-depth understanding of cybersecurity risk management, governance, compliance, and regulatory requirements. Leadership skills Strong knowledge of leadership methods and practices with the ability to lead, coordinate, and motivate others, especially those outside of a direct reporting relationship. Ability to understand how a business/entity functions and to balance security needs with organizational goals. Must be comfortable and effective leading a rapidly changing environment while maintaining focus under pressure. Able to develop plans, policies, and procedures for efficient workflow and overall effectiveness, and provide clear direction to subordinates; promote teamwork and be able to motivate others to accomplish goals. Interpersonal Skills Must demonstrate an ability to exercise poise, tact, diplomacy and an ability to establish and maintain positive, working/professional relationships with internal/external customers. Must be able to perform effectively and rationally under stress and must exercise appropriate judgement in what and how communications and/or interactions occur. Must demonstrate DPS core values: Integrity, Excellence, Accountability, and Teamwork. Organizational and Prioritization Skills Must be organized, flexible, and able to effectively handle high-volume workloads, interruptions and distractions, and prioritize in a multi-demand and constantly changing environment; able to meet multiple and sometimes conflicting demands and deadlines without sacrificing accuracy, timeliness or professionalism. Presentation/Communication Skills Must be able to construct and deliver clear, concise, and professional presentations and training, documents, and reports to a variety of audiences and/or individuals. Research and Comprehension Must demonstrate ability to quickly and efficiently access relevant information, and be able to utilize and/or present research and conclusions in a clear and concise manner. Must demonstrate a solid ability to accurately identify issues and problems, and determine optimal courses of action and outcomes. Analytical Reasoning/Attention to Detail Must be able to assess complex systems, processes, and analyze data discern variations/similarities, and be able identify trends, relationships and causal factors, as well as grasp issues, draw accurate conclusions, and solve problems. Must possess strong critical thinking skills in developing and testing hypotheses and drawing logical conclusions. Ability to demonstrate strong methodologies and best practices as it relates to a cybersecurity program (experience in audits, processes/procedures, and documentation). Technology (computers/hardware/software/operating systems) Demonstrated proficiency with Microsoft Office Suite (Word, Excel, PowerPoint, and Outlook), and appropriate levels of proficiency with utilized software and systems and be able to learn new software/systems. Confidentiality and Protected Information Must demonstrate an ability to responsibly handle sensitive and confidential information and situations, and adhere to applicable laws/statutes/policies