Information Security Officer

HireNetworks has partnered with Durham County, NC to find them a tenured Information Security professional to act as senior leader responsible for a growing information security and cybersecurity program. This role establishes the strategic vision, direction, and governance to ensure the confidentiality, integrity, and availability of information assets. The ISO provides executive-level guidance on cybersecurity risks, compliance, and incident response, and serves as a trusted advisor to leadership on emerging threats and technology security trends. This role will report to the CISO. The qualified candidate will have a strong understanding of security frameworks, some understanding of federal regulations & HIPAA, and ideally will have a CISSP or CISSM certification. Public sector experience is highly desired.

This is a direct-hire opportunity with comprehensive benefits and a target salary range of $150,000 - $200,000. Candidates must be within daily commutable distance to the Durham County office in downtown Durham, NC. Some on-call work and occasional local travel may be required. Relocation assistance may be provided for folks moving to the Triangle. No visa sponsorship or subcontracting arrangements are available for this role.

Responsibilities of the Information Security Officer:

• Function as the principal cybersecurity strategist and risk manager, holding broad decision-making authority for information security across all county departments, including frequent interaction with local government and administrative officials.
• Provide leadership to technical and non-technical staff, as well as external partners, auditors, and regulators.
• Ensure compliance with federal, state, and local mandates, including HIPAA, CJIS, IRS Pub. 1075, PCI-DSS, and other applicable frameworks.
• Develop, implement, and maintain an information security strategy aligned with business objectives and regulatory requirements.
• Establish and enforce security policies, standards, and procedures.
• Direct risk assessments, security audits, penetration testing, and vulnerability management.
• Oversee incident response, forensics, and coordination with law enforcement or regulatory agencies as needed.
• Lead disaster recovery and business continuity planning related to IT security.
• Provide regular reports and presentations to executive leadership, local government officials, and stakeholders on security posture and emerging threats.
• Manage vendor and third-party risk assessments.
• Supervise, mentor, and evaluate security staff; foster a culture of security awareness throughout the organization.
• Coordinate cybersecurity training and awareness programs for all employees.
• Serve as the liaison to state/federal agencies, peer jurisdictions, and cybersecurity consortiums.

Qualifications of the Information Security Officer:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a closely related field.
• 8–10 years of progressively responsible IT and cybersecurity experience, with at least 5 years in a leadership role.
• Demonstrated knowledge of security frameworks (NIST CSF, CIS Controls, ISO 27001).
• Strong experience with risk management, policy development, and regulatory compliance.
• Excellent communication skills, with the ability to convey technical concepts to executive and non-technical audiences.
• Knowledge of the following:
• Information security and cybersecurity principles, frameworks, and emerging trends.
• Risk management methodologies and threat modeling.
• Federal, state, and local regulatory compliance (HIPAA, CJIS, IRS Pub. 1075, PCI DSS).
• Incident response, digital forensics, disaster recovery, and business continuity planning.
• Security tools, technologies, and architectures (firewalls, SIEM, IAM, DLP, endpoint protection).
• Vendor and third-party risk management best practices.
• Skills in:
• Strategic leadership and long-term planning for security programs.
• Policy and standard development aligned with county objectives.
• Communication and presentation to executive leadership, boards, and public sector stakeholders.
• Supervising and mentoring staff, building effective teams.
• Negotiation, collaboration, and consensus-building across departments.
• Analyzing complex risks and prioritizing investments in security.
• Ability to:
• Lead an enterprise-wide information security program with professionalism and integrity.
• Manage crises, respond effectively to cybersecurity incidents, and maintain composure under pressure.
• Foster a culture of security awareness across the organization.
• Balance security needs with operational and service delivery requirements.
• Represent Durham County in meetings with external partners, agencies, and governing bodies.
• Make informed, risk-based decisions in a dynamic and evolving threat landscape.

Preferred Qualifications of the Information Security Officer:

• Master’s degree in Cybersecurity, Information Systems, IT Management, or Public Administration.
• Professional certifications such as CISSP, CISM, CISA, CRISC, or comparable.
• Prior experience in state or local government, higher education, or other public sector environments.
• Experience leading cross-functional security initiatives involving multiple stakeholders.

When looking for a job, have you ever heard the phrase… it is not about what you know, it is who you know?

At HireNetworks, it really is all about who we know.

Whether your current contract is coming to a close, you’re looking to advance your career or are a company on the hunt for new talent and wanting to expand…let HireNetworks put our networks to work for you.

HireNetworks is an Equal Opportunity Employer.