Information Security Officer (ISO)

IT & Security Olathe, Kansas


Description

Tyler Technologies’ NIC Division is looking to hire for a Information Security Officer (ISO) to join our team at our Corporate Headquarters in Kansas City, KS.  Acquired by Tyler Technologies (NYSE:TYL) on April 21, 2021, NIC is a leader in digital government solutions and payments, partnering with government to deliver user-friendly digital services that make it easier and more efficient to interact with government. NIC and Tyler are united in their mission to empower public sector entities to operate more efficiently and connected more transparently with their constituents and with each other.

Position Objective:

As our Information Security Officer, you will represent the security program of the NIC Division to potential and existing partners, division employees, internal and external auditors, and other audiences as needed, as well as advocating on behalf of the Division for improvements in Tyler-wide secure business operations. This role will drive the execution of division specific compliance and audit deliverables while aligning those activities to Tyler’s Enterprise Information Security Program and cyber risk management activities. This role will lead strategic and tactical security improvement initiatives for the Division. This role will be responsible for managing the Division’s response to applicable security incidents and vulnerabilities.


Principle Duties:

  • Represent the NIC Division and act on behalf of Division leadership and the Enterprise Security team to establish secure and compliant business operations with clients/partners, employees and auditors.
  • Serve as the initial point of contact for all Division security issues, facilitating the communication between the Enterprise Security Team and other Tyler teams, such as Legal, as necessary, while keeping Division leadership informed.
  • Responsible for ensuring the COO and other Division executives are informed of issues and consulted when significant financial or risk related decisions are necessary.
  • Provide senior leadership to NIC for the implementation of Enterprise Information Security policy, procedures, and standards throughout the business.
  • Direct the execution of all Division security processes to support business objectives; work between Enterprise Security and Division to ensure documentation completeness and quality of engineering work.
  • Approver for the acceptance of Division’s cyber risk with delegated authority from the Enterprise Security team.
  • Proactively identify information security deficiencies or opportunities for improvement to better enable business security. Facilitate the development of pragmatic solutions across the Division.
  • Provide communication or escalation path for information security issues identified by Enterprise Security or the Divisions themselves.
  • Provide regular, timely reporting on the information security status across the Division.
  • Support acquisition due diligence for information security risks and support control design for integration.
  • Participate in Division reporting requirements, monthly/quarterly status meetings and offsites as appropriate.
  • Assist Divisions in managing and preventing cyber incidents and providing incident coordination as required.
  • Provide subject matter expertise on various global cyber threats to Division leadership.
  • Facilitate and direct support to Division groups and growth initiatives including marketing engagements, sales proposals and short-term program support in all areas of cyber defense.
  • Manage the Division Security Team and budget, working with Division Leadership to establish staffing levels and types to meet Division Security objectives.
  • Coordinate with Division Leadership to establish acceptable Division risk levels.

Scope and Impact: 

  • The Division ISO has a leadership role in ongoing audit compliance, assists with steady state security operations, identifies organization improvement opportunities, and recommends appropriate solutions to Division management. The Division ISO will work with parties across the entire Division to ensure Enterprise Information Security policies and procedures are implemented correctly and consistently.
  • The Division ISO will be actively involved with internal and external teams in architecting existing and upcoming technologies across the Division ensuring a focus on compliance and security. The Division ISO will serve as a security proponent and leader throughout the business unit. The Division ISO will be at the forefront of any operational security issues/events, discussions, and used as a business unit resource to assist with configuration and compliance for mandated audit requirements as set forth by Tyler Technologies management and governing or regulatory entities.

 

The Division ISO must be able to:

  • Establish and build trust and confidence in the Division’s secure and compliant operations with clients/partners, employees and auditors.
  • Take responsibility for and help maintain audit compliance deliverables.
  • Manage a team capable of meeting the Division Security objectives.
  • Communicate effectively with a wide variety of audiences, including high level government officials and boards, having the ability to explain technical issues to a non-technical audience as necessary.
  • Manage the Division Security budget, driving the most efficient and effective use of allocated resources.
  • Manage multiple enterprise-driven projects with hard deadlines.
  • Work independently and with other team members having little management oversight.
  • Navigate policies and procedures to ensure compliance with audit and regulatory requirements (for example: SOX, SSAE18, PCI DSS, ISO, CJIS, FedRAMP, etc.).

 

Education / Experience: 

  • Bachelor’s degree with minimum 10 years of prior relevant experience in IT field, including Cybersecurity. Master’s degree is preferred.
  • Ability to evaluate the cyber risk of technical solutions through the analysis of architectural documents.
  • Experience evaluating the security controls/capabilities of full spectrum cyber security solutions.
  • Experience supporting US government or equivalent municipalities
  • Experience with systems engineering, system/software development and SecDevOps
  • Experience working at a leadership or executive level