Senior Information Security Strategist

HireNetworks has partnered with Durham County, NC to find them a tenured Information Security professional to act as senior leader responsible for a growing information security and cybersecurity program. This role establishes the strategic vision, direction, and governance to ensure the confidentiality, integrity, and availability of information assets. The ISO provides executive-level guidance on cybersecurity risks, compliance, and incident response, and serves as a trusted advisor to leadership on emerging threats and technology security trends. This role will report to the CISO. The qualified candidate will have a strong understanding of security frameworks, some understanding of federal regulations & HIPAA, and ideally will have a CISSP or CISSM certification. Public sector experience is highly desired.

This is a direct-hire opportunity with comprehensive benefits and a target salary range of $109,621 - $165,000. Candidates must be within daily commutable distance to the Durham County office in downtown Durham, NC. Some on-call work and occasional local travel may be required. No relocation assistance, visa sponsorship, or subcontracting arrangements are available for this role.

Responsibilities of the Information Security Officer:

  • Function as the principal cybersecurity strategist and risk manager, holding broad decision-making authority for information security across all county departments, including frequent interaction with local government and administrative officials.
  • Provide leadership to technical and non-technical staff, as well as external partners, auditors, and regulators.
  • Ensure compliance with federal, state, and local mandates, including HIPAA, CJIS, IRS Pub. 1075, PCI-DSS, and other applicable frameworks.
  • Develop, implement, and maintain an information security strategy aligned with business objectives and regulatory requirements.
  • Establish and enforce security policies, standards, and procedures.
  • Direct risk assessments, security audits, penetration testing, and vulnerability management.
  • Oversee incident response, forensics, and coordination with law enforcement or regulatory agencies as needed.
  • Lead disaster recovery and business continuity planning related to IT security.
  • Provide regular reports and presentations to executive leadership, local government officials, and stakeholders on security posture and emerging threats.
  • Manage vendor and third-party risk assessments.
  • Supervise, mentor, and evaluate security staff; foster a culture of security awareness throughout the organization.
  • Coordinate cybersecurity training and awareness programs for all employees.
  • Serve as the liaison to state/federal agencies, peer jurisdictions, and cybersecurity consortiums.

Qualifications of the Information Security Officer:

  • Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a closely related field.
  • 8–10 years of progressively responsible IT and cybersecurity experience, with at least 5 years in a leadership role.
  • Demonstrated knowledge of security frameworks (NIST CSF, CIS Controls, ISO 27001).
  • Strong experience with risk management, policy development, and regulatory compliance.
  • Excellent communication skills, with the ability to convey technical concepts to executive and non-technical audiences.
  • Knowledge of the following:
  • Information security and cybersecurity principles, frameworks, and emerging trends.
  • Risk management methodologies and threat modeling.
  • Federal, state, and local regulatory compliance (HIPAA, CJIS, IRS Pub. 1075, PCI DSS).
  • Incident response, digital forensics, disaster recovery, and business continuity planning.
  • Security tools, technologies, and architectures (firewalls, SIEM, IAM, DLP, endpoint protection).
  • Vendor and third-party risk management best practices.
  • Skills in:
  • Strategic leadership and long-term planning for security programs.
  • Policy and standard development aligned with county objectives.
  • Communication and presentation to executive leadership, boards, and public sector stakeholders.
  • Supervising and mentoring staff, building effective teams.
  • Negotiation, collaboration, and consensus-building across departments.
  • Analyzing complex risks and prioritizing investments in security.
  • Ability to:
  • Lead an enterprise-wide information security program with professionalism and integrity.
  • Manage crises, respond effectively to cybersecurity incidents, and maintain composure under pressure.
  • Foster a culture of security awareness across the organization.
  • Balance security needs with operational and service delivery requirements.
  • Represent Durham County in meetings with external partners, agencies, and governing bodies.
  • Make informed, risk-based decisions in a dynamic and evolving threat landscape.

Preferred Qualifications of the Information Security Officer:

  • Master’s degree in Cybersecurity, Information Systems, IT Management, or Public Administration.
  • Professional certifications such as CISSP, CISM, CISA, CRISC, or comparable.
  • Prior experience in state or local government, higher education, or other public sector environments.
  • Experience leading cross-functional security initiatives involving multiple stakeholders.

HireNetworks is an Equal Opportunity Employer.

Back to blog