Chief Information Services Security Officer

Metropolitan Council, Minneapolis

St. Paul, MN

JOB DETAILS
SALARY
$64.89–$105.35 Per Hour
SKILLS
Artificial Intelligence (AI), Auditing, Best Practices, Budget Management, Budgeting, Business Operations, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Coaching, Computer Science, Computer Security, Continuous Improvement, Contract Negotiation, Cross-Functional, Cryptography, Diversity, Emerging Technology, Employee Assistance Plan, Endpoint Security, Enterprise Protection, Event Management, FISMA - Federal Information Security Management Act, Facebook, Financial Planning, Firewalls, Fitness, Forensic Science, Government, HIPAA (Health Insurance Portability and Accountability Act), Health Plan, High School Diploma, Human Resources, Hybrid Cloud, ISO (International Organization for Standardization), IT Governance, Incident Response, Information Assets, Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Leadership, Legal, LinkedIn, Maintain Compliance, Mentoring, On Call, Operational Support, Operations Security (OPSEC), Organizational Culture, PCI-DSS, People Management, Performance Management, Performance Metrics, Policy Development, Project/Program Management, Regulations, Regulatory Compliance, Resource Management, Retirement Funds, Risk, Risk Analysis, Risk Management, Root Cause Analysis, Security Information and Event Management (SIEM), Service Level Agreement (SLA), Strategic Planning, System Operations, Team Building, Team Lead/Manager, Team Player, Technical Leadership, Technical Support, Tuition Reimbursement, Twitter, U.S. National Institute of Standards and Technology (NIST), User Groups, Vendor/Supplier Evaluation, Vendor/Supplier Selection
LOCATION
St. Paul, MN
POSTED
1 day ago

Chief Information Services Security Officer

Salary

$134,971.20 - $219,128.00 Annually

Location

390 Robert St. N St. Paul, MN

Job Type

Full-Time

Job Number

2026-00152

Division

Regional Administration

Department

IS-Admin

Opening Date

07/02/2026

Closing Date

7/23/2026 11:59 PM Central

  • Description
  • Benefits
  • Questions

WHO WE ARE

The Regional Administration Division is accepting applications for a Chief Information Services Security Officer.

We are the Metropolitan Council, the regional government for the seven-county Twin Cities metropolitan area. We plan 20 years ahead for the future of the metropolitan area and provide regional parks and trails, transportation, wastewater, and housing services.

More information about us on our website.

We are committed to hiring and supporting a diverse workforce that reflects the communities we serve.

Information Services is the central IT department supporting all divisions of the Metropolitan Council. Our 140 team members provide technology, practices, and innovative solutions that enable the core services of the Council.

How your work would contribute to our organization and the Twin Cities region:

The Chief Information Services Security Officer (CISO) provides strategic leadership and oversight for the Councils enterprise-wide information security strategy. The CISO is responsible for safeguarding all digital assets and information systems from internal and external threats. The CISO aligns cybersecurity programs to organizational goals, ensuring that risk management, compliance, and awareness efforts are proactive, robust, and effectively integrated into business operations. The CISO also leads the information security team, ensuring operational readiness, collaboration across divisions, and continuous improvement of security posture. Acts on behalf of the CIO as needed.

People Leadership

The CISO leads the Information Security team, ensuring high performance through clear expectations, accountability, and continuous learning. This leader cultivates a supportive, inclusive, and agile environment that embraces change and empowers staff to contribute their perspectives and challenge assumptions. Builds team capabilities by mentoring staff, developing future leaders, and promoting diversity and inclusion in hiring and development.

Strategic Leadership

Develops a long-term vision and roadmap for cybersecurity aligned to the Council's digital strategy and public mission. Partners with the CIO and IS Leadership Team to shape strategy across the Information Services department. Provides guidance and decision-making leadership in IT governance, risk mitigation, architecture, and service continuity.

Business Partner Engagement

Serves as a trusted advisor to executive leadership and division leaders on matters of cybersecurity, privacy, and risk for all divisions. Builds collaborative relationships across the enterprise, including Legal, Compliance, HR, and Operations, to embed security best practices and ensure consistent execution of policies. Translates technical security concepts into business value and risk reduction terms.

Risk Management & Compliance

Oversees the design and enforcement of security policies and standards. Ensures compliance with regulatory and industry frameworks such as NIST, HIPAA, GDPR, CJIS, PCI-DSS, and ISO 27001. Leads vulnerability and risk assessments, mitigation strategies, and incident response processes. Establishes and monitors key risk indicators (KRIs) and key performance indicators (KPIs).

Security Operations & Program Leadership

Directs the implementation and operations of security technologies and tools, including threat detection, SIEM, endpoint protection, IAM, encryption, firewalls, and cloud security. Provides executive oversight of the incident response lifecycle, forensics investigations, and remediation activities. Continuously evaluates system resilience and recommends improvements.

Budget, Vendor, and Resource Leadership

Leads cybersecurity budgeting and financial planning to ensure efficient allocation of resources. Oversees vendor selection, contract negotiations, and vendor performance for cybersecurity services. Guides resource planning to align with strategic priorities and support operational execution.

Security Awareness & Organizational Culture

Promotes a security-first culture through education, training, and engagement. Develops awareness programs tailored to different user groups. Ensures that every staff member understands their security responsibilities. Collaborates with HR, Legal, and Communications to increase organizational maturity in handling sensitive data.

What you would do in this job

  • Leads development and execution of the Council's enterprise security strategy and governance framework.
  • Serves as an advisor to the CIO, executive leadership, and Council members on cybersecurity trends, risks, and performance.
  • Builds and leads a high-performing Information Security team.
  • Ensures compliance with data privacy and cybersecurity laws and frameworks.
  • Evaluates emerging technologies, evolving threats, and recommend strategic improvements.
  • Oversees incident response planning and execution, including forensics and root cause analysis.
  • Develops and tracks service-level agreements (SLAs) and performance metrics.
  • Builds relationships with peer agencies, government entities, and cybersecurity organizations.
  • Prepares and presents risk reports and strategy updates to Council stakeholders.
  • Manages cybersecurity audits, assessments, and third-party evaluations.
  • Promotes an inclusive, diverse, and psychologically safe security work environment.

What education and experience are required for this job (minimum qualifications)

Education/Experience:

Any of the following combinations in completed education (degree in Information Security, Computer Science, Information Technology, or a related field) and experience (in cybersecurity/information security leadership roles).

  • Masters degree with seven (7) years of experience including five (5) years directly managing professional staff.
  • Bachelors degree with nine (9) years of experience including five (5) years directly managing professional staff.
  • Associate degree with eleven (11) years of experience including five (5) years directly managing professional staff.
  • High school diploma/GED with thirteen (13) years of experience including five (5) years directly managing professional staff.

What additional skills and experience would be helpful in this job (desired qualifications):

  • Masters degree.

  • CISSP/CISM/CISA certifications.

  • Experience and demonstrated ability to identify opportunities to integrate equity initiatives meaningfully into work products and processes.

  • Knowledge of:

  • Regulatory frameworks: HIPAA, GDPR, FISMA, CJIS, NIST, PCI-DSS, ISO.

  • Risk management, threat detection, and mitigation techniques.

  • Cloud, hybrid, and on-prem infrastructure security.

  • Enterprise security tools, systems, and operations.

  • Cybersecurity operations, risk frameworks, compliance.

  • High conceptual and organizational understanding of how security underpins business operations.

  • Skills in:

  • Strategic planning, budget development, and policy enforcement.

  • Communication and collaboration.

  • Project management and cross-functional team leadership.

  • Influencing across systems, divisions, and leadership.

  • Ability to:

  • Lead change and drive cultural transformation.

  • Mentor, coach, and build inclusive teams.

  • Handle confidential data and investigations with discretion.

  • Apply complex, conceptual thinking to stay ahead of evolving threats, and balance compliance, user needs, and innovation.

  • Use adaptive thinking and sound judgement to lead under pressure.

  • Hold a high level of accountability for maintaining the Councils security posture, regulatory compliance, and public trust.

What you can expect from us:

  • We offer the opportunity to make a difference and positively influence the Twin Cities metropolitan area.
  • We encourage and support staff in contributing to a dynamic work culture that improves the Councils ability to serve the region.
  • We encourage and support staff in bringing the full range of experiences and identities that define them to the workplace.
  • We encourage our employees to develop their skills through on-site training and tuition reimbursement.
  • We provide a competitive salary, excellent benefits and a good work/life balance.

More about why you should join us!

Additional information

Union/Grade: Non-Rep / Grade M

FLSA Status: Exempt

Safety Sensitive: No

Full Salary Range: $64.89 - $105.35 hourly / $134,971.20 - $219,128.00 annually

Working Conditions

  • Primarily office-based with hybrid work flexibility.
  • On-call availability required for security incidents or emergencies.
  • High-stress, high-responsibility role involving fast-paced decision making.

The responsibilities listed are typical of the positions included in the job classification; however, not all duties are necessarily performed by each specific position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties of the position. Regular attendance is an essential responsibility.

What steps the recruitment process involves:

  1. We review your minimum qualifications.

  2. We rate your education and experience.

  3. We conduct a structured panel interview.

  4. We conduct a selection interview.

Once you have successfully completed the steps above, then:

If you are new to the Metropolitan Council, you must pass a drug test (safety sensitive positions only), and a background check which verifies education, employment, and criminal history. A driving record check and/or physical may be conducted if applicable to the job. If you have a criminal conviction, you do not automatically fail. The Metropolitan Council considers felony, gross misdemeanor and misdemeanor convictions on a case-by-case basis, based on whether they are related to the job and whether the candidate has demonstrated adequate rehabilitation.

If you are already an employee of the Metropolitan Council, you must pass a drug test (if moving from a non-safety sensitive position to a safety sensitive position) and criminal background check if the job youre applying for is safety sensitive, is a supervisory or management job, is in the Finance, Information Services, Audit, or Human Resources departments, or has access to financial records, files/databases, cash, vouchers or transit fare cards. A driving record check and/or physical may be conducted if applicable to the position.

IMPORTANT: If you make false statements or withhold information, you may be barred from job consideration.

The Metropolitan Council is an Equal Opportunity, Affirmative Action, and veteran-friendly employer. The Council is committed to a workforce that reflects the diversity of the region and strongly encourages persons of color, members of the LGBTQ community, individuals with disabilities, women, and veterans to apply.

If you have a disability that requires accommodation during the selection process, please email HR-OCCHealth@metc.state.mn.us.

We believe our employees are a key to our agencys success! In order to attract and retain high quality employees, the Council provides a highly competitive benefits package both in choice and coverage levels. Some highlights about our benefits are listed below:

  • Guaranteed monthly retirement income through Minnesota State Retirement System pension fund
  • Opportunity to save additional funds for retirement on a tax-deferred basis through a voluntary deferred compensation (457) plan
  • Two or more medical plans from which to choose, with employer contribution towards premiums over 80%
  • Dental insurance, life insurance and vision insurance

The following benefits are provided to all employees as part of working for the Council. You will have access to free:

  • Well@Work clinic
  • bus/rail pass valued at over $1200 per year
  • parking at many job locations
  • fitness centers at many job locations
  • Employee Assistance Program
  • extensive health and wellness programs and resources

01

Applicant Instructions: It is important that your application shows all relevant education and experience you possess. The supplemental questions listed below are to further evaluate your education and experience and to determine your eligibility for this position. Answer each question completely, and please do not type "see resume." Otherwise, your application will be considered incomplete, and you will not receive further consideration for this position. The experience you indicate in your responses should also be consistent with the Work History section of this application. If you attach a resume and/or cover letter to your application, it will be reviewed at the education and experience review step. I have read and understand the above instructions regarding my application and supplemental questions.

  • Yes
  • No

02

How did you first hear about this job opening?

  • CareerForce Center
  • Community Event/Organization
  • Employee Referral
  • Facebook
  • Glassdoor
  • Indeed
  • Job Fair
  • LinkedIn
  • Metro Transit Bus Advertisement
  • X (formerly known as Twitter)
  • Website: governmentjobs.com
  • Website: metrocouncil.org
  • Website: metrotransit.org
  • Website: minnesotajobnetwork.com
  • Other

03

If you selected Other, please describe where you first heard about this job. If you selected Employee Referral please enter the employees first and last name, ID number (if known), and job title. Type N/A if not applicable.

04

Please select the option below that reflects your education and experience level.

  • Masters degree in information security, computer science, information technology, or a related field AND seven (7) years of experience including five (5) years directly managing professional staff.
  • Bachelors degree in information security, computer science, information technology, or a related field AND nine (9) years of experience including five (5) years directly managing professional staff.
  • Associate degree in information security, computer science, information technology, or a related field AND eleven (11) years of experience including five (5) years directly managing professional staff.
  • High school diploma/GED in information security, computer science, information technology, or a related field AND thirteen (13) years of experience including five (5) years directly managing professional staff.
  • Some experience in a cybersecurity/information security leadership role.
  • None of the above.

05

Please select the areas below with which you have work experience (select all that apply).

  • Masters degree in information security, computer science, information technology, or a related field.
  • CISSP/CISM/CISA certifications.
  • Regulatory frameworks: HIPAA, GDPR, FISMA, CJIS, NIST, PCI-DSS, ISO.
  • Risk management, threat detection, and mitigation techniques.
  • Cloud, hybrid, and on-prem infrastructure security.
  • Enterprise security tools, systems, and operations.
  • Cybersecurity operations, risk frameworks, compliance.
  • High conceptual and organizational understanding of how security underpins business operations.
  • Strategic planning, budget development, and policy enforcement.
  • Communication and collaboration.
  • Project management and cross-functional team leadership.
  • Influencing across systems, divisions, and leadership.
  • Lead change and drive cultural transformation.
  • Mentor, coach, and build inclusive teams.
  • Handle confidential data and investigations with discretion.
  • Apply complex, conceptual thinking to stay ahead of evolving threats, and balance compliance, user needs, and innovation.
  • Use adaptive thinking and sound judgement to lead under pressure.
  • Hold a high level of accountability for maintaining the Councils security posture, regulatory compliance, and public trust.
  • None of the above.

06

Describe your experience developing cybersecurity policies, standards, SLAs, and KPIs. How do you ensure accountability and continuous improvement? If you do not have this experience, type none or N/A.

07

In detail, please describe your experience working and collaborating in a diverse, multi-cultural, and inclusive environment. If this experience doesnt apply to you, please type N/A.

08

The Metropolitan Council recognizes that Artificial Intelligence (AI) and generative tools are increasingly used in application processes. While the Council permits the use of AI to assist in the preparation of application materials, all applicants must certify the following statement:

  • I affirm that all information provided in my application including any uploaded documentation is true and accurate. I further affirm that I have personally reviewed, verified, and approved all content, including any content generated with the assistance of AI. I will provide all interview responses directly and in real-time without unauthorized assistance. I will not use AI avatars, external assistance in answering including computer-generated suggestions, or any recording and transcription tools during the interview process unless I have received prior approval from Human Resources for a disability-related reasonable accommodation.

Required Question

Employer Metropolitan Council

Address 390 Robert St. N.

St. Paul, Minnesota, 55101

Website https://metrocouncil.org

About the Company

M

Metropolitan Council, Minneapolis