Chief Information Services Security Officer (Saint Paul)
The Metropolitan Council is the regional government for the seven‑county Twin Cities metropolitan area. It plans 20 years ahead and provides services such as parks and trails, transportation, wastewater, and housing. The Council’s central IT department, Information Services, supports all divisions with technology, practices, and innovative solutions.
The Chief Information Services Security Officer (CISO) provides strategic leadership and oversight for the Council’s enterprise‑wide information security strategy. The CISO safeguards all digital assets and information systems from internal and external threats, aligns cybersecurity programs with organizational goals, and acts on behalf of the CIO when needed.
Responsibilities- Lead the Information Security team, fostering high performance, accountability, continuous learning, and an inclusive culture.
- Develop a long‑term vision and roadmap for cybersecurity aligned with the Council’s digital strategy and public mission.
- Partner with the CIO and IS Leadership Team to shape strategy across the Information Services department and provide guidance in IT governance, risk mitigation, architecture, and service continuity.
- Serve as a trusted advisor to executive leadership and division leaders on cybersecurity, privacy, and risk, translating technical concepts into business value and risk reduction terms.
- Oversee the design and enforcement of security policies and standards, ensuring compliance with regulatory and industry frameworks such as NIST, HIPAA, GDPR, CJIS, PCI‑DSS, and ISO 27001.
- Lead vulnerability and risk assessments, mitigation strategies, incident response processes, and establish key risk and performance indicators.
- Direct the implementation and operations of security technologies and tools (e.g., threat detection, SIEM, endpoint protection, IAM, encryption, firewalls, cloud security).
- Provide executive oversight of the incident response lifecycle, forensics investigations, and remediation activities, continuously evaluating system resilience.
- Lead cybersecurity budgeting and financial planning, vendor selection, contract negotiations, and performance oversight.
- Promote a security‑first culture through education, training, and engagement, developing tailored awareness programs and ensuring staff understand their security responsibilities.
- Build collaboration with HR, Legal, Communications, and other departments to increase organizational maturity in handling sensitive data.
- Develop and track service‑level agreements (SLAs) and performance metrics.
- Build relationships with peer agencies, government entities, and cybersecurity organizations.
- Prepare and present risk reports and strategy updates to Council stakeholders.
- Manage cybersecurity audits, assessments, and third‑party evaluations.
- Promote an inclusive, diverse, and psychologically safe security work environment.
The CISO ensures operational readiness, collaboration across divisions, continuous improvement of security posture, and cultivates an environment that embraces change and empowers staff.
Skills and Experience- Minimum education and experience combinations:
- Master’s degree with seven years of experience, including five years directly managing professional staff.
- Bachelor’s degree with nine years of experience, including five years directly managing professional staff.
- Associate degree with eleven years of experience, including five years directly managing professional staff.
- High school diploma/GED with thirteen years of experience, including five years directly managing professional staff.
- Desired qualifications:
- Master’s degree (preferable).
- CISSP, CISM, or CISA certifications.
- Demonstrated ability to integrate equity initiatives into work products and processes.
- Deep knowledge of regulatory frameworks (HIPAA, GDPR, FISMA, CJIS, NIST, PCI‑DSS, ISO).
- Experience with risk management, threat detection, and mitigation techniques.
- Experience securing cloud, hybrid, and on‑prem infrastructure.
- Proficiency with enterprise security tools, systems, and operations.
- Strategic planning, budget development, and policy enforcement skills.
- Excellent communication, collaboration, project management, and cross‑functional leadership abilities.
- Strong influencing skills across systems and divisions.
- Leadership of change, cultural transformation, mentoring, coaching, and inclusive team building.
- Ability to handle confidential data with discretion and apply complex, conceptual thinking to stay ahead of evolving threats.
- Adaptive thinking, sound judgment, and high accountability for maintaining security posture, regulatory compliance, and public trust.
- Competitive salary range: $64.89 – $105.35 hourly ($134,971.20 – $219,128.00 annually).
- Comprehensive benefits package.
- Good work/life balance with hybrid work flexibility.
- Opportunities for professional development, on‑site training, and tuition reimbursement.
- Chance to make a difference and influence the Twin Cities metropolitan area.
- Primarily office‑based with hybrid work flexibility.
- On‑call availability required for security incidents or emergencies.
- High‑stress, high‑responsibility role involving fast‑paced decision making.
Union/Grade: Non‑Rep / Grade M
FLSA Status: Exempt
Safety Sensitive: No
Equal Opportunity StatementThe Metropolitan Council is an Equal Opportunity, affirmative action, and veteran‑friendly employer. The Council is committed to a workforce that reflects the diversity of the region and strongly encourages persons of color, members of the LGBTQ community, individuals with disabilities, women, and veterans to apply.