Senior Information Security Strategist

HireNetworks has partnered with Durham County, NC to find them a tenured Information Security professional to act as senior leader responsible for a growing information security and cybersecurity program. This role establishes the strategic vision, direction, and governance to ensure the confidentiality, integrity, and availability of information assets. The ISO provides executive-level guidance on cybersecurity risks, compliance, and incident response, and serves as a trusted advisor to leadership on emerging threats and technology security trends. This role will report to the CISO. The qualified candidate will have a strong understanding of security frameworks, some understanding of federal regulations & HIPAA, and ideally will have a CISSP or CISSM certification. Public sector experience is highly desired.

This is a direct-hire opportunity with comprehensive benefits and a target salary range of $109,621 - $165,000. Candidates must be within daily commutable distance to the Durham County office in downtown Durham, NC. Some on-call work and occasional local travel may be required. No relocation assistance, visa sponsorship, or subcontracting arrangements are available for this role.

Responsibilities of the Information Security Officer:

  • Function as the principal cybersecurity strategist and risk manager, holding broad decision-making authority for information security across all county departments, including frequent interaction with local government and administrative officials.
  • Provide leadership to technical and non-technical staff, as well as external partners, auditors, and regulators.
  • Ensure compliance with federal, state, and local mandates, including HIPAA, CJIS, IRS Pub. 1075, PCI-DSS, and other applicable frameworks.
  • Develop, implement, and maintain an information security strategy aligned with business objectives and regulatory requirements.
  • Establish and enforce security policies, standards, and procedures.
  • Direct risk assessments, security audits, penetration testing, and vulnerability management.
  • Oversee incident response, forensics, and coordination with law enforcement or regulatory agencies as needed.
  • Lead disaster recovery and business continuity planning related to IT security.
  • Provide regular reports and presentations to executive leadership, local government officials, and stakeholders on security posture and emerging threats.
  • Manage vendor and third-party risk assessments.
  • Supervise, mentor, and evaluate security staff; foster a culture of security awareness throughout the organization.
  • Coordinate cybersecurity training and awareness programs for all employees.
  • Serve as the liaison to state/federal agencies, peer jurisdictions, and cybersecurity consortiums.

Qualifications of the Information Security Officer:

  • Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a closely related field.
  • 8–10 years of progressively responsible IT and cybersecurity experience, with at least 5 years in a leadership role.
  • Demonstrated knowledge of security frameworks (NIST CSF, CIS Controls, ISO 27001).
  • Strong experience with risk management, policy development, and regulatory compliance.
  • Excellent communication skills, with the ability to convey technical concepts to executive and non-technical audiences.
  • Knowledge of the following:
  • Information security and cybersecurity principles, frameworks, and emerging trends.
  • Risk management methodologies and threat modeling.
  • Federal, state, and local regulatory compliance (HIPAA, CJIS, IRS Pub. 1075, PCI DSS).
  • Incident response, digital forensics, disaster recovery, and business continuity planning.
  • Security tools, technologies, and architectures (firewalls, SIEM, IAM, DLP, endpoint protection).
  • Vendor and third-party risk management best practices.
  • Skills in:
  • Strategic leadership and long-term planning for security programs.
  • Policy and standard development aligned with county objectives.
  • Communication and presentation to executive leadership, boards, and public sector stakeholders.
  • Supervising and mentoring staff, building effective teams.
  • Negotiation, collaboration, and consensus-building across departments.
  • Analyzing complex risks and prioritizing investments in security.
  • Ability to:
  • Lead an enterprise-wide information security program with professionalism and integrity.
  • Manage crises, respond effectively to cybersecurity incidents, and maintain composure under pressure.
  • Foster a culture of security awareness across the organization.
  • Balance security needs with operational and service delivery requirements.
  • Represent Durham County in meetings with external partners, agencies, and governing bodies.
  • Make informed, risk-based decisions in a dynamic and evolving threat landscape.

Preferred Qualifications of the Information Security Officer:

  • Master’s degree in Cybersecurity, Information Systems, IT Management, or Public Administration.
  • Professional certifications such as CISSP, CISM, CISA, CRISC, or comparable.
  • Prior experience in state or local government, higher education, or other public sector environments.
  • Experience leading cross-functional security initiatives involving multiple stakeholders.

HireNetworks is an Equal Opportunity Employer.

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...