Information Security Manager
Austin, TX, US
Full Time Mid-level / Intermediate USD 106K - 170K
Texas Association of School Boards
Why Texas Association of School Boards (TASB)
We come from humble beginnings — picture a one-person organization created in 1949 to advocate for excellence in public education on behalf of Texas school board members. Flash forward to today, and we have over 500 employees working together to provide 1,024 school districts with purposeful resources so they can focus on what matters most — excellent and equitable education for all 5.4 million Texas students.
We feel privileged to work alongside talented team-members who are passionate about education and enjoy learning from new and different perspectives. We believe what makes our organization highly successful is the rich diversity our employees collectively bring to TASB with different backgrounds, skillsets, cultures and ethnicities, gender identities, interests, abilities, and work styles. And our passion for education and learning doesn’t end there. Our culture has always encouraged employees to grow and become their best selves both professionally and personally through a variety of innovative and collaborative development opportunities. You’re likely beginning to see why we’ve been regularly named by Austin Business Journal as a Top Ten Best Places to Work!
TASB offers competitive pay, rich benefits (including retirement matching of 2:1 up to 5% after one year. This means that if you contribute 5% to the plan, TASB will contribute 10%), onsite daycare, onsite gym, wellness program, tuition reimbursement, flexible schedules, and more.
Every role at TASB thoughtfully complements our mission and the educational impact being made in communities across Texas. If you consider your work exceptional and want to help drive our mission forward, keep reading!
About You
Acquire and manage the necessary resources, including leadership support, financial resources, tools, and key security personnel, to support information technology security goals and objectives, ensure organizational compliance with required security controls, and reduce overall organizational risk. Advise appropriate senior leadership of identified risks and changes affecting the organization's cybersecurity posture and work to effectively demonstrate the value of information technology security throughout all levels of the organization. This is a hybrid role requiring selected candidate to work from our headquarters in North Austin up to three days a week.
A Typical Day
- Manage day-to-day cybersecurity compliance activities (e.g., ensure that system security configuration guidelines are followed, and compliance monitoring occurs).
- Lead all investigations into problematic activity. Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to senior management.
- If you’re still reading, we’d love to meet you!
How You’ll Make an Impact
- Monitor and evaluate the effectiveness of the organization’s cybersecurity safeguards to ensure they provide the intended level of protection.
- Define and implement policies, procedures, and tools to ensure protection of critical infrastructure as appropriate.
- Keep appropriate leaders informed of identified risks, weaknesses, and/or patterns of non-compliance.
- Lead and oversee budget, staffing, and contracting for the Information Security department.
- Make certain that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
- Develop and enforce timely remediation plans for weaknesses identified during risk assessments, audits, inspections, scans etc.
- Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems.
- Manage the information security training and awareness program. Ensure that cybersecurity awareness, basics, literacy, and training are provided to personnel commensurate with their responsibilities.
- Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately defined and installed.
- Identify possible security violations and take appropriate action to report the incident, as required.
- Develop and maintain the role of “Security Champion” within applicable business units to extend the capabilities of the Information Security Department and create a cyber security culture.
- Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
- Identify information technology security program implications of new technologies or technology upgrades.
- Interpret and approve security requirements relative to the capabilities of new information technologies.
- Perform required vendor security assessments, ensure annual reviews for critical vendors, and report deficiencies to appropriate leadership.
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
Skills for Success
Education and Experience:
- Bachelor's degree in Computer Science.
- 3 years of hands on experience managing the implementation and effectiveness of cybersecurity controls or 5 years equivalent work experience required.
- CISSP, CISM, CISA, or similar certifications preferred.
- 3+ years' experience managing or supervising a team within Security Administration.
Knowledge, Skills, and Abilities:
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
- Strong Knowledge of controls related to the use, processing, storage, and transmission of data.
- Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
- In depth understanding of system and application security threats and vulnerabilities
- Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
- Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
- Knowledge of business continuity and disaster recovery continuity of operations plans.
- Knowledge of encryption algorithms and how they should be applied to protect data at rest and in motion.
- Understanding of API security best practices.
- Understanding of NIST cyber security framework.
- Skill in creating policies that reflect system security objectives.
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Skill in evaluating the trustworthiness of the supplier and/or product.
- Ability to explain complex security issues to analysts, engineers, managers, and executives.
- Good written, oral, and interpersonal communication skills.
- Keen attention to detail.
- Team-oriented and skilled in working within a cross-functional, collaborative environment.
The TASB Difference
- Enjoy competitive pay and rich benefit offerings.
- Be part of a collaborative environment where every contribution impacts Texas public schoolchildren.
- Thrive in a culture that promotes bringing your whole self to work every day and emphasizes healthy boundaries and work-life balance.
- Learn and grow individually and together through frequent professional development; diversity, equity, and inclusion panels; wellness seminars; and more.
- Work alongside transparent leaders with an open and consistent feedback approach.
- Celebrate as a team with meaningful (and fun) events and tokens of appreciation throughout the year.
Posting Notices
- The health and safety of our employees and members, is our top priority.
- TASB is an equal opportunity employer and will not discriminate on the basis of an individual's race, color, disability, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, age, marital status, veteran status, or any other personal characteristic protected by law.
- This position does not qualify for visa sponsorship.
- Any job offer is contingent upon receipt of results of a satisfactory background check.
#LI-Hybrid
Tags: APIs Application security Audits CISA CISM CISSP Compliance Computer Science Encryption Governance Intrusion detection Monitoring NIST Risk assessment Security assessment Vulnerabilities
Perks/benefits: Career development Competitive pay Equity / stock options Flex hours Health care Team events Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.