Chief Information Security Officer

Chief Information Security Officer (00050028) 

Organization

: TEXAS EDUCATION AGENCY 

Primary Location

: Texas-Austin 

Work Locations

: Texas Education Agency 1701 NORTH CONGRESS AVENUE  Austin 78701 

  

Job

: Computer and Mathematical 

Employee Status

: Regular 

Schedule

: Full-time Standard Hours Per Week: 40.00 

Travel

: Yes, 5 % of the Time State Job Code: 0239  Salary Admin Plan: B Grade: 32  

Salary (Pay Basis)

: 11,298.08 - 13,714.10 (Monthly) 

Number of Openings

: 1 

Overtime Status

: Exempt 

Job Posting

: May 16, 2025, 8:46:15 PM 

Closing Date

: Ongoing 

Description

 

MISSION: The Texas Education Agency (TEA) will improve outcomes for all public-school students in the state by providing leadership, guidance, and support to school systems.
 
Core Values: 
· We are Determined: We are committed and intentional in the pursuit of our main purpose, to improve outcomes for students. 
· We are People-Centered: We strive to attract, develop, and retain the most committed talent, representing the diversity of Texas, each contributing to our common vision for students.
· We are Learners: We seek evidence, reflect on success and failure, and try new approaches in the pursuit of excellence for our students.
· We are Servant Leaders: Above all else, we are public servants working to improve opportunities for students and provide support to those who serve them.

New hires, re-hires, and internal hires will typically receive a starting salary between the posted minimum and the average pay of employees in their same classification. Offers will be commensurate with the candidate’s experience and qualifications and will thoughtfully consider internal pay equity for agency staff who perform similar duties and have similar qualifications. The top half of the posted salary range is generally reserved for candidates who exceed the requirements and qualifications for the role. The maximum salary range is reserved for candidates that far exceed the required and preferred qualifications for the role.

About the Office of IT

The Office of Information Technology works closely with all agency divisions to implement innovative technology solutions in a cost-efficient manner that supports the goals and priorities of the Texas Education Agency. The Office of IT provides efficient technology solutions and stellar customer services to internal staff, 20 Educational Service Centers, and 1,200-plus public-school districts and charter schools. The following services are provided by IT: leadership on IT initiatives; guidance on security/policy issues; new application development/enhancements; software acquisition; technical support; assistance with technical sections of purchasing documents such as Request for Information (RFI), Request for Offers (RFO), Request for Proposals (RFP); and oversight on the data collection process which helps to support and improve outcomes for all of Texas’ 5 million-plus students. 

​Position Overview 
​​
The Chief Information Security Officer (CISO) plays a vital role in leading and overseeing the Texas Education Agency’s information security program under the guidance of the Deputy Commissioner of Technology. As the agency’s primary security expert, the CISO is responsible for developing and maintaining robust cybersecurity initiatives, ensuring the protection of sensitive student, staff, and institutional data. 

This position is essential in upholding the confidentiality, integrity, and availability of information systems while mitigating cybersecurity threats. Additionally, the CISO will implement a comprehensive cybersecurity strategy, cultivate a culture of security awareness, and collaborate with local education agencies to strengthen the state’s educational technology infrastructure. 

Flexible work location within the state of Texas may be considered for qualified candidates. 

Please note that a resume and tailored cover letter are required attachments for applying to this position. Incomplete applications will not be considered. Applicants who are strongly being considered for employment must submit to a national criminal history background check.  

Essential Functions 
Job duties are not limited to the essential functions mentioned below. You may perform other functions as assigned.

1. Risk Management/Assessment and Compliance/Auditing:

Risk Management and Assessment: Identify, assess, and prioritize information security risks and vulnerabilities across the agency's IT infrastructure, applications, and data assets. Develop and implement risk mitigation strategies and monitor their effectiveness. Establish and implement a strategic, comprehensive enterprise information security and IT security risk management program which includes managing the security risks associated with third-party vendors and service providers. Identify potential threats and vulnerabilities to the organization’s information systems through ongoing monitoring and assessment.

Compliance and Auditing: Ensure compliance with all applicable federal and state laws, regulations, and contractual obligations related to information security and data privacy. Manage and oversee security audits and assessments. Conduct an annual information security risk assessment of TEA and brief TEA leadership on results of the assessment. Responsible for the remediations of the TAC 202 Audit as well as the 3rd party risk assessment. Manage security assessments of third-party vendors, applications, and services. Collaborate with appropriate parties to ensure compliance. Work with agency leadership to prioritize and ensure remediation of audits and risk assessments 
  
2. Security Policies and Governance: Establish and manage an Information Security Governance program to establish risk appetite and ensure information security efforts are aligned with the risk appetite. Identify, develop and implement information security policies, standards, procedures and guidelines. Establish and enforce information security policies, standards, procedures, and guidelines for the agency and where appropriate provide guidance in this area to local school systems.  Work directly with the TEA program areas to facilitate risk assessment and risk management processes. Ensure all security policies, procedures and technical controls are shared with the TEA program areas, Education Service Centers and Local Education Agencies when appropriate.

3. Management of Security Incident Response: Develop, implement, and test incident response plans and disaster recovery plans to ensure timely and effective handling of security breaches and business continuity. Oversee incident response and the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches. Ensure compliance with the changing laws and applicable regulations. Communicate with the Department of Information Resources on any breaches and assist where needed for the mitigation of the incident. Implement and oversee security monitoring tools and processes to detect and respond to security incidents proactively. Work with the Chief Technology Officer to adjust and develop strategies to mitigate strategic security vulnerabilities.

4. Information Security Analysis: Provide expert guidance on the security architecture of new and existing IT systems and applications, ensuring that security controls are integrated throughout the development lifecycle. Work with the Chief Technology Officer to adjust and develop strategies to mitigate strategic security vulnerabilities. Work with the Chief Technology Officer to mitigate any security vulnerabilities.  Direct the security requirements of information technology architecture to ensure compliance and risk mitigation for TEA. Identify potential threats and vulnerabilities to the organization’s information systems through ongoing monitoring and assessment. Keep informed of emerging cybersecurity threats, vulnerabilities, and trends. 

5. Team Management and Supervision-Leadership, Management, and Communication: Develop, implement, and maintain a statewide information security program aligned with the agency's mission, state and federal regulations, and industry best practices. Effectively communicate the agency's security posture, risks, and initiatives to executive leadership, educational stakeholders, and agency employees.  Foster strong collaborative relationships with IT teams, legal counsel, internal audit, and external partners. Inform the Chief Information Officer, Commissioner, and employees of information security risks and responsibilities as appropriate. Provide regular reporting on the status of the information security program to senior business leaders as directed by the CIO. Build, lead, and mentor a high-performing information security team. Manage the team to implement and document the strategy for enterprise security, risk management and security policy. This includes building TEA’s Information Security Program as well as implementing a strategy to build a stronger Information Security Program at ESCs and LEAs. 

 

Qualifications

 

Minimum Qualifications
• Education: Graduation from an accredited four-year college or university 
• Required Licenses: Certified Information Systems Security Professional (CISSP) required.     
• Experience: At least eight (​8​) years of experience in ​cybersecurity management. 5 years of experience in a management role. 

Other Qualifications
• Share the belief that all Texas students can achieve at high levels and are able to succeed in college, career, or the military 
• Certified Texas Contract Manager (CTCM) certification must be obtained within the first six (6) months of employment Demonstrated professional experience in preparing and presenting information effectively to internal and external stakeholders including non-technical executives, corporate officers, business colleagues, product and service vendors and external peers. 
• Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are preferred .
• Certified Texas Contract Manager (CTCM) certification must be obtained within the first six (6) months of employment 
• Excellent written and verbal communication skills
• Proven experience as a Chief Information Security Officer or similar level information security role
• Experience with IT risk management, threat modelling, and design reviews
• Proficiency in information security domains, including policies and procedures, risk management, compliance, and incident response
• Familiarity with security frameworks (ISO 27001, NIST, CIS, etc.)
• Ability to manage and coordinate an information security team
• Major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred.

As an equal opportunity employer, we hire without consideration to race, religion, color, national origin, sex, disability, age or veteran status, unless an applicant is entitled to the military employment preference. 

To review the Military Occupational Specialty (MOS) codes from each branch of the U.S. Armed Forces to each job classification series in the State’s Position Classification Plan (provided by the State Auditor's Office), please access the Military Crosswalk (occupational specialty code) Guide and click on the military “occupational category” that corresponds with the state classification in this job posting title.

This position requires the applicant to meet Agency standards and criteria which may include passing a pre-employment criminal background check, prior to being offered employment by the Agency. 

No phone calls or emails, please. Due to the high volume of applications, we do not accept telephone calls and cannot reply to all email inquiries. Only candidates selected for interview will be contacted. Please add "capps.recruiting@cpa.texas.gov" and "@tea.texas.gov" to your safe senders list to ensure you receive email notifications from our talent acquisition team and/or hiring division regarding your candidacy.