Chief Information Security Officer
Hello, we’re Metro! Metro is dedicated to shaping a better future for the greater Portland region. The work the people of Metro do every day benefits the lives of the people who live here, today, and tomorrow.
The Information Technology and Records Management (IT) department is looking for a Chief Information Security Officer (CISO) to lead Metro’s enterprise-wide cybersecurity strategy. This role provides strategic direction, oversight and leadership for information security, cyber risk management and compliance across the organization.
The CISO partners with departments across Metro to build a culture of shared responsibility for security. Rather than acting as a gatekeeper, this leader works collaboratively with business units to implement practical, risk-based security solutions that support innovation and operational resilience.
This is an opportunity to shape the future of cybersecurity at a regional government, implement modern security frameworks such as the NIST Cybersecurity Framework 2.0, and lead transformative initiatives including Zero Trust Architecture and phishing-resistant authentication.
As the Chief Information Security Officer you will
• Lead the development and execution of Metro’s enterprise cybersecurity strategy.
• Establish and maintain a risk-based approach to information security and cyber risk management.
• Develop, implement and oversee Metro-wide information security policies, standards and procedures.
• Partner with business units to align security practices with operational needs and regulatory requirements.
• Implement and mature the NIST Cybersecurity Framework (version 2.0).
• Lead Zero Trust Architecture initiatives and strengthen identity and access management controls.
• Oversee phishing-resistant authentication strategies.
• Direct incident response, business continuity and disaster recovery planning and testing.
• Manage and supervise the Information Security division, including staff development and performance management.
• Report on security posture, risks and improvement progress to executive leadership.
Attributes for success
• Strong strategic leadership and ability to influence at the executive level.
• Collaborative mindset with the ability to build trust across diverse departments.
• Experience implementing risk-based security frameworks.
• Strong understanding of modern cybersecurity principles including Zero Trust and identity management.
• Ability to translate complex technical issues into clear business language.
• Strong analytical and critical thinking skills.
• Experience leading and developing high-performing teams.
• Commitment to continuous improvement and operational resilience.
• Ability to remain calm and effective under pressure.
• High level of integrity and ability to maintain confidentiality.
DIVERSITY AND INCLUSION
At Metro, we strive to cultivate diversity, advance equity, and practice inclusion in all of its work. This means attracting and empowering a workforce that is inclusive of a broad range of human qualities. Workplace diversity is both a moral imperative and a business strength, essential to providing quality support and services to our region. Metro’s goal is to hire, develop and retain highly skilled and talented individuals across all departments and programs who best reflect the diversity of our community.
Learn more about Metro’s Diversity Action Plan
TO QUALIFY
We will consider any combination of relevant work experience, volunteering, education, and transferable skills as qualifying unless an item or section is labeled required. Please be clear and specific in your application materials on how your background is relevant.
Minimum qualifications
• Bachelor’s degree from an accredited college or university with major coursework in cybersecurity, computer science, engineering or a related field, and
• Seven (7) years of experience in data security management and overseeing security systems and practices, including demonstrated success in information security methodology, concepts and analyzing/monitoring, and
• Five (5) years of experience in a leadership or supervisory role, or
• Any combination of education, professional experience and training that provides the equivalent knowledge, skills and abilities necessary to perform the essential duties of the position.
If this statement is true for you, then you may be ineligible to apply
If you were terminated for cause during any employment with Metro, or resigned in lieu of termination, you may be ineligible for rehire for a minimum of 3 years.
Hybrid Telework
This position is designated as “hybrid telework.” You will be required to work onsite and at times have the option to work away from your assigned work location. The specific schedule and balance of onsite and telework will be discussed with the hiring manager at the time of offer. Employees must reside in Oregon or Washington to work at Metro. Please note, the designation of hybrid telework may be subject to change at a future time.
Like to have qualifications
You do not need to have the following preferred qualifications/transferable skills to qualify. However, keep in mind we may consider them when identifying the most qualified candidates. Your transferable skills are any skills you have gained through education, work experience, including the military, or life experience that are relevant for this position.
• Experience implementing the NIST Cybersecurity Framework (version 2.0).
• Professional certifications such as CISSP, CISM, CCISO or other recognized cybersecurity certifications.
• Experience leading Zero Trust Architecture initiatives.
• Experience in public sector or government environments.
• Experience with Governance, Risk and Compliance (GRC) programs.
• Experience overseeing Security Information and Event Management (SIEM) systems.
• Knowledge of PCI and Personally Identifiable Information (PII) regulatory requirements.
• Experience leading enterprise-wide identity management modernization efforts.
• Experience managing cybersecurity programs in complex, multi-department organizations.
• Previous experience working in a union environment.
SCREENING AND EVALUATION
The application packet: The application packet consists of the following required documents. Please ensure that you upload these documents in your online application. Make sure your application is complete, missing any part of these items could result in an incomplete application and will not be moved forward in the recruitment.
• A completed resume that includes the following details for each employer:
• Name of employer, working title
• Dates of employment; including if the work was full-time or part-time your title,
• Number of employees supervised
• Summary of your responsibilities
• A cover letter detailing why you are interested in the Chief Information Security Officer role and how your qualifications align with the position.
The selection process: We expect to evaluate candidates for this recruitment as follows. The selection process is subject to change.
• Initial review of minimum qualifications
• In-depth evaluation of application materials to identify the most qualified candidates
• Consideration of top candidates/interviews
• Testing/assessments
• Reference check
• Background and driving records check for finalist candidate
COMPENSATION, BENEFITS AND REPRESENTATON
The full-salary range for this position is step 1: $144,384.33 to step 6. $184,274.91. However, unless a candidate’s qualifications justify, based on the Oregon Pay Equity Act requirements and Metro’s internal equity review process, the appointment will likely be made between step 1: $144,384.33 to the equity range step 3: $159,183.67.
This position is not eligible for overtime and is non-represented. It is classified as a Senior Information Technology Security Manager position. Classification descriptions are typically written broadly and do not include the specific duties and responsibilities of the positions. View the classification description.
Questions?
Recruiter: Carrie Gundermann
Email: [email protected]
Equal employment opportunity
All qualified persons will be considered for employment without regard to race, color, religion, sex, national origin, age, marital status, familial status, gender identity and expression, sexual orientation, disability for which a reasonable accommodation can be made, or any other status protected by law.
Accommodation
Metro will gladly provide a reasonable accommodation to anyone whose specific disability prevents them from completing this application or participating in this recruitment process. Please contact the recruiter outlined in the job announcement in advance to request assistance.
Veterans' preference
Under Oregon Law, qualified veterans may be eligible for veterans' preference when applying for Metro positions. If you are a veteran and would like to be considered for a veterans' preference for this job, please provide qualifying documents as instructed during the application process.
Hybrid Telework
Positions designated as “hybrid telework,” meaning you will have the option to work away from the office, although there may be times that coming into the office will be required. The designation of Hybrid Telework may be subject to change at a future time. All employees must reside in Oregon or Washington; Metro cannot support ongoing telework from other locations.
Pay equity at Metro
No matter who you are or where you work at Metro, you deserve to be paid fairly for the work you do. Every worker must get equal pay for equal work regardless of your gender, race, age, or other protected characteristics. Metro has established processes and conducts routine pay equity reviews as part of the hiring process to ensure compliance with the 2017 Oregon Pay Equity Act.
Online applications
Metro accepts job applications online. If you need assistance or accommodation with your application, or access to a computer, please contact the recruiter outlined in the job announcement in advance to request assistance.
How to Apply
For tips on how to apply and more information on what the application process looks like, visit Metro’s “How to apply” page.
Government Jobs
For assistance with your account or to reset your password please visit GovernmentJobs "Help and Support" page.
Metro
Led by an elected council, this unique government gives all residents of greater Portland a voice in shaping the future and provides parks, venues, services, and tools at a regional scale. We find solutions for our area’s garbage and recycling that protect clean air and water; help plan land use and development to provide jobs and safe transportation; manage local venues that provide a connection to arts and culture and help keep the economy growing; protect 17,000 acres of parks and natural areas, and run the Oregon Zoo, to keep nature close to home.
Apply tot his job
Apply To this Job
The Information Technology and Records Management (IT) department is looking for a Chief Information Security Officer (CISO) to lead Metro’s enterprise-wide cybersecurity strategy. This role provides strategic direction, oversight and leadership for information security, cyber risk management and compliance across the organization.
The CISO partners with departments across Metro to build a culture of shared responsibility for security. Rather than acting as a gatekeeper, this leader works collaboratively with business units to implement practical, risk-based security solutions that support innovation and operational resilience.
This is an opportunity to shape the future of cybersecurity at a regional government, implement modern security frameworks such as the NIST Cybersecurity Framework 2.0, and lead transformative initiatives including Zero Trust Architecture and phishing-resistant authentication.
As the Chief Information Security Officer you will
• Lead the development and execution of Metro’s enterprise cybersecurity strategy.
• Establish and maintain a risk-based approach to information security and cyber risk management.
• Develop, implement and oversee Metro-wide information security policies, standards and procedures.
• Partner with business units to align security practices with operational needs and regulatory requirements.
• Implement and mature the NIST Cybersecurity Framework (version 2.0).
• Lead Zero Trust Architecture initiatives and strengthen identity and access management controls.
• Oversee phishing-resistant authentication strategies.
• Direct incident response, business continuity and disaster recovery planning and testing.
• Manage and supervise the Information Security division, including staff development and performance management.
• Report on security posture, risks and improvement progress to executive leadership.
Attributes for success
• Strong strategic leadership and ability to influence at the executive level.
• Collaborative mindset with the ability to build trust across diverse departments.
• Experience implementing risk-based security frameworks.
• Strong understanding of modern cybersecurity principles including Zero Trust and identity management.
• Ability to translate complex technical issues into clear business language.
• Strong analytical and critical thinking skills.
• Experience leading and developing high-performing teams.
• Commitment to continuous improvement and operational resilience.
• Ability to remain calm and effective under pressure.
• High level of integrity and ability to maintain confidentiality.
DIVERSITY AND INCLUSION
At Metro, we strive to cultivate diversity, advance equity, and practice inclusion in all of its work. This means attracting and empowering a workforce that is inclusive of a broad range of human qualities. Workplace diversity is both a moral imperative and a business strength, essential to providing quality support and services to our region. Metro’s goal is to hire, develop and retain highly skilled and talented individuals across all departments and programs who best reflect the diversity of our community.
Learn more about Metro’s Diversity Action Plan
TO QUALIFY
We will consider any combination of relevant work experience, volunteering, education, and transferable skills as qualifying unless an item or section is labeled required. Please be clear and specific in your application materials on how your background is relevant.
Minimum qualifications
• Bachelor’s degree from an accredited college or university with major coursework in cybersecurity, computer science, engineering or a related field, and
• Seven (7) years of experience in data security management and overseeing security systems and practices, including demonstrated success in information security methodology, concepts and analyzing/monitoring, and
• Five (5) years of experience in a leadership or supervisory role, or
• Any combination of education, professional experience and training that provides the equivalent knowledge, skills and abilities necessary to perform the essential duties of the position.
If this statement is true for you, then you may be ineligible to apply
If you were terminated for cause during any employment with Metro, or resigned in lieu of termination, you may be ineligible for rehire for a minimum of 3 years.
Hybrid Telework
This position is designated as “hybrid telework.” You will be required to work onsite and at times have the option to work away from your assigned work location. The specific schedule and balance of onsite and telework will be discussed with the hiring manager at the time of offer. Employees must reside in Oregon or Washington to work at Metro. Please note, the designation of hybrid telework may be subject to change at a future time.
Like to have qualifications
You do not need to have the following preferred qualifications/transferable skills to qualify. However, keep in mind we may consider them when identifying the most qualified candidates. Your transferable skills are any skills you have gained through education, work experience, including the military, or life experience that are relevant for this position.
• Experience implementing the NIST Cybersecurity Framework (version 2.0).
• Professional certifications such as CISSP, CISM, CCISO or other recognized cybersecurity certifications.
• Experience leading Zero Trust Architecture initiatives.
• Experience in public sector or government environments.
• Experience with Governance, Risk and Compliance (GRC) programs.
• Experience overseeing Security Information and Event Management (SIEM) systems.
• Knowledge of PCI and Personally Identifiable Information (PII) regulatory requirements.
• Experience leading enterprise-wide identity management modernization efforts.
• Experience managing cybersecurity programs in complex, multi-department organizations.
• Previous experience working in a union environment.
SCREENING AND EVALUATION
The application packet: The application packet consists of the following required documents. Please ensure that you upload these documents in your online application. Make sure your application is complete, missing any part of these items could result in an incomplete application and will not be moved forward in the recruitment.
• A completed resume that includes the following details for each employer:
• Name of employer, working title
• Dates of employment; including if the work was full-time or part-time your title,
• Number of employees supervised
• Summary of your responsibilities
• A cover letter detailing why you are interested in the Chief Information Security Officer role and how your qualifications align with the position.
The selection process: We expect to evaluate candidates for this recruitment as follows. The selection process is subject to change.
• Initial review of minimum qualifications
• In-depth evaluation of application materials to identify the most qualified candidates
• Consideration of top candidates/interviews
• Testing/assessments
• Reference check
• Background and driving records check for finalist candidate
COMPENSATION, BENEFITS AND REPRESENTATON
The full-salary range for this position is step 1: $144,384.33 to step 6. $184,274.91. However, unless a candidate’s qualifications justify, based on the Oregon Pay Equity Act requirements and Metro’s internal equity review process, the appointment will likely be made between step 1: $144,384.33 to the equity range step 3: $159,183.67.
This position is not eligible for overtime and is non-represented. It is classified as a Senior Information Technology Security Manager position. Classification descriptions are typically written broadly and do not include the specific duties and responsibilities of the positions. View the classification description.
Questions?
Recruiter: Carrie Gundermann
Email: [email protected]
Equal employment opportunity
All qualified persons will be considered for employment without regard to race, color, religion, sex, national origin, age, marital status, familial status, gender identity and expression, sexual orientation, disability for which a reasonable accommodation can be made, or any other status protected by law.
Accommodation
Metro will gladly provide a reasonable accommodation to anyone whose specific disability prevents them from completing this application or participating in this recruitment process. Please contact the recruiter outlined in the job announcement in advance to request assistance.
Veterans' preference
Under Oregon Law, qualified veterans may be eligible for veterans' preference when applying for Metro positions. If you are a veteran and would like to be considered for a veterans' preference for this job, please provide qualifying documents as instructed during the application process.
Hybrid Telework
Positions designated as “hybrid telework,” meaning you will have the option to work away from the office, although there may be times that coming into the office will be required. The designation of Hybrid Telework may be subject to change at a future time. All employees must reside in Oregon or Washington; Metro cannot support ongoing telework from other locations.
Pay equity at Metro
No matter who you are or where you work at Metro, you deserve to be paid fairly for the work you do. Every worker must get equal pay for equal work regardless of your gender, race, age, or other protected characteristics. Metro has established processes and conducts routine pay equity reviews as part of the hiring process to ensure compliance with the 2017 Oregon Pay Equity Act.
Online applications
Metro accepts job applications online. If you need assistance or accommodation with your application, or access to a computer, please contact the recruiter outlined in the job announcement in advance to request assistance.
How to Apply
For tips on how to apply and more information on what the application process looks like, visit Metro’s “How to apply” page.
Government Jobs
For assistance with your account or to reset your password please visit GovernmentJobs "Help and Support" page.
Metro
Led by an elected council, this unique government gives all residents of greater Portland a voice in shaping the future and provides parks, venues, services, and tools at a regional scale. We find solutions for our area’s garbage and recycling that protect clean air and water; help plan land use and development to provide jobs and safe transportation; manage local venues that provide a connection to arts and culture and help keep the economy growing; protect 17,000 acres of parks and natural areas, and run the Oregon Zoo, to keep nature close to home.
Apply tot his job
Apply To this Job