Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.
Functional Title: Chief Information Security Officer
Job Title: Director VI
Agency: Health & Human Services Comm
Department: CHIEF INFO SECURITY OFFICE
Posting Number: 19093
Closing Date: 09/14/2026
Posting Audience: Internal and External
Occupational Category: Computer and Mathematical
Salary Range: $10,271.00 - $16,853.13
Pay Frequency: Monthly
Salary Group: TEXAS-B-31
Shift: Day
Additional Shift: Days (First)
Telework:
Travel:
Regular/Temporary: Regular
Full Time/Part Time: Full time
FLSA Exempt/Non-Exempt: Exempt
Facility Location:
Job Location City: AUSTIN
Job Location Address: 4601 W GUADALUPE ST
Other Locations:
MOS Codes: 8003,8040,8041,8042,10C0,111X,112X,113X,114X,20C0,30C0,40C0,611X,612X,631X,641X,648X,90G0,91C0,91W0
97E0,SEI15
Brief Job Description:
This position is open to U.S. Citizens and permanent residents.
This onsite role requires the selected candidate to work from an HHS office in Austin, Texas.
The Texas Health and Human Services Commission (HHSC) is seeking an exceptional, forward-thinking Chief Information Security Officer (CISO) to lead cybersecurity for one of the largest and most mission-critical public-sector technology environments in Texas.
This role is responsible for protecting public trust, supporting continuity of essential services, enabling secure modernization, and preparing the agency for emerging cyber threats, including artificial intelligence, cloud transformation, third-party risk, and post-quantum cryptography.
The successful candidate will be a strategic security executive who can translate risk into business decisions, build strong partnerships across the organization, and lead a mature cybersecurity program that protects sensitive health, benefits, operational, and agency information throughout the HHS system.
Reporting to the Chief Information Officer, the CISO provides executive leadership and oversight for the HHS information security program. The CISO also serves as the agency’s Designated Information Security Officer for HHS information resources, with authority to administer enterprise information security requirements, coordinate agency-wide security governance, and report cybersecurity risk and control effectiveness to executive-level management consistent with Texas Government Code §2063.401 and TAC Chapter 202. Additional responsibilities include cybersecurity strategy, governance, risk management, security operations, incident response, security architecture, policy development, awareness initiatives, and executive reporting.
The CISO serves as a trusted advisor to executive leadership, business areas, technology teams, information owners, and agency partners. The position requires a collaborative leader who understands that effective cybersecurity enables, rather than impedes, the agency's mission. The CISO will advance cyber resilience, support secure modernization, strengthen identity and access management, promote zero trust principles, and drive risk-informed adoption of emerging technologies.
The next HHSC CISO will:
- Build trust with executive leadership through clear, measurable, and actionable risk reporting.
- Lead a mature cybersecurity program focused on governance, accountability, and continuous improvement.
- Strengthen cyber resilience to ensure critical services remain available during and after cyber incidents.
- Prepare the agency for emerging threats through post-quantum readiness, modernization planning, and technology risk management.
- Partner with business and technology leaders to integrate security into strategic, operational, and procurement decisions.
- Develop a high-performing cybersecurity workforce and foster a culture of shared responsibility for security.
- Coordinate on behalf of the Health and Human Services enterprise with the Texas Cyber Command and other governmental entities, as appropriate.
Essential Job Functions (EJFs):
1. Enterprise Cybersecurity Leadership and Strategy — 25%
Provides executive leadership for the HHS cybersecurity program, establishing strategy, governance, priorities, and performance measures aligned with HHSC's mission, regulatory requirements, the Texas Cybersecurity Framework, and NIST guidance. Leads enterprise security initiatives, including cyber resilience, zero trust, cloud security, identity management, data protection, and post-quantum readiness. Advises executive leadership on cybersecurity risks, emerging threats, compliance, and investment priorities.
2. Information Security Governance, Risk, and Compliance — 25%
Directs the development and maintenance of enterprise security policies, standards, and controls. Ensures compliance with applicable state and federal cybersecurity requirements and integrates security into technology planning, procurement, operations, and third-party relationships. Leads risk management, audits, corrective actions, and executive reporting on security posture while ensuring stakeholders fulfill their information security responsibilities.
3. Cybersecurity Operations, Incident Response, and Resilience — 20%
Provides strategic oversight of cybersecurity operations, threat detection, vulnerability management, incident response, and cyber resilience capabilities. Ensures the agency can effectively prevent, respond to, and recover from cyber incidents while maintaining critical services. Promotes continuous improvement through performance metrics, exercises, lessons learned, and risk-based security investments.
4. Emerging Technology, Post-Quantum Readiness, and Secure Modernization — 15%
Leads enterprise cybersecurity efforts supporting emerging technologies, secure modernization, and post-quantum preparedness. Guides security architecture, cryptographic modernization, cloud security, artificial intelligence security, and secure technology adoption. Ensures security requirements are integrated throughout procurement, system development, implementation, and operations.
5. Workforce, Culture, and Stakeholder Engagement — 10%
Builds and develops a high-performing cybersecurity workforce and promotes a culture of accountability, collaboration, and continuous improvement. Oversees security awareness and training programs and represents HHS on cybersecurity matters with state agencies, business partners, and external stakeholders.
6. Budget, Contracts, Metrics, and Executive Visibility — 5%
Oversees cybersecurity budgets, contracts, resource planning, and performance measures. Communicates cybersecurity risks, priorities, and outcomes to executive leadership through metrics, reporting, and strategic recommendations.
Knowledge, Skills and Abilities (KSAs):
-
Extensive knowledge of enterprise cybersecurity strategy, governance, risk management, security operations, incident response, and applicable regulatory requirements in a large public-sector environment.
-
Extensive federal and state knowledge of cybersecurity frameworks and standards, including NIST guidance, Texas Administrative Code Chapter 202, the Texas Cybersecurity Framework, and risk-based security controls.
-
Knowledge of emerging cybersecurity trends and technologies, including post-quantum cryptography, zero trust architecture, cloud security, identity and access management, data protection, artificial intelligence security, and cyber resilience.
-
Knowledge of business continuity, disaster recovery, vendor management, contract oversight, and third-party technology risk management.
-
Skill in leading large, complex cybersecurity programs and developing enterprise security strategies, governance structures, policies, and measurable outcomes.
-
Skill in translating cybersecurity risks into actionable business decisions and communicating effectively with executives, technical staff, public officials, auditors, and other stakeholders.
-
Skill in building collaborative relationships and leading security assessments, risk analyses, incident response efforts, audits, and remediation activities.
-
Skill in managing large-scale initiatives, budgets, contracts, competing priorities, and developing high-performing cybersecurity teams.
-
Ability to provide visionary leadership, exercise sound judgment, and foster a proactive, risk-informed, and mission-focused security culture.
-
Ability to balance security, compliance, operational needs, modernization efforts, and user experience while implementing effective solutions to complex challenges.
-
Ability to anticipate and address emerging cybersecurity threats, including post-quantum risks, and maintain the security and integrity of critical systems.
-
Ability to exercise independent judgment, manage confidential information, and uphold the highest standards of ethics and professionalism.
-
Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions
Registrations, Licensure Requirements or Certifications:
Preference for professional certification such as:
-
Certified Information Systems Security Professional (CISSP),
- Certified Information Security Manager (CISM),
- Certified Information Systems Auditor (CISA),
- Certified in Risk and Information Systems Control (CRISC),
- GIAC certification, or cloud security certification, or comparable advanced cybersecurity credentials.
Initial Screening Criteria:
-
Graduation from an accredited four-year college or university with major coursework in cybersecurity, computer science, information technology, management information systems, engineering, public administration, business administration, or a related field. Relevant senior-level experience may be considered as a substitution for education, consistent with HHSC Human Resources requirements.
-
At least 10 years of progressively responsible experience in cybersecurity, information security, technology risk management, security operations, enterprise technology leadership, or a closely related field.
-
Significant experience leading cybersecurity, information security, technology risk, or technical teams in a large, complex organization.
-
Experience advising executive leadership on cybersecurity strategy, risk, compliance, incident response, investment priorities, or enterprise security posture.
-
Experience with cybersecurity frameworks, regulatory compliance, audit coordination, risk management, or security governance in a public-sector, healthcare, financial, critical infrastructure, or similarly regulated environment.
Additional Information:
Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.
This is an onsite position, with 5 days in office required.
Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.
HHSC is an equal opportunity employer and is committed to hiring a diverse workforce that reflects the people of Texas.
#LI-IN1
Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.
Active Duty, Military, Reservists, Guardsmen, and Veterans:
Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.
ADA Accommodations:
In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
Pre-Employment Checks and Work Eligibility:
Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.
HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form
Telework Disclaimer:
This position may be eligible for telework. Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.