Virginia Community College System
Chief Information Security Officer
Virginia Community College System, Richmond, Virginia, United States, 23214
Overview
Virginia's community colleges have a 50-year track record of educational excellence and innovation to serve the needs of our citizens and strengthen the Commonwealth's economy. When Virginia's General Assembly established the Virginia Community College System in 1966, the need for a comprehensive system was well known. Today our community colleges give every Virginian the opportunity to gain a quality education. With 23 colleges on 40 campuses located throughout the state, Virginia's Community Colleges are committed to serving Virginia families, helping them acquire the knowledge and skills to seize the opportunities of today and tomorrow. The Chief Information Security Officer (CISO) at VCCS
offers a unique opportunity to lead and inspire a single comprehensive cybersecurity strategy across 23 community colleges and 2 support organizations, ensuring the protection of vital educational and institutional assets while fostering a culture of security and resilience. The CISO collaborates with AVC for infrastructure security engineers, policy development, incident response, and regulatory compliance efforts across VCCS's enterprise-wide IT infrastructure. The role includes oversight of security risk assessments, audit response, security architecture, third-party risk management, and emerging cybersecurity threats. Additionally, the CISO collaborates with the AVC for Applications and Integration Technologies to ensure that software applications and integrated data across systems are seamless and that operations are secure throughout the VCCS network. Responsibilities (high level)
include aligning security practices with applicable standards and leading the security program across the enterprise. The CISO is responsible for aligning VCCS security practices with: NIST 800-53 and NIST Cybersecurity Framework (CSF) Center for Internet Security (CIS) Controls and Benchmarks Commonwealth of Virginia Information Technology Agency (VITA) security policies Higher education cybersecurity standards (e.g., EDUCAUSE, REN-ISAC) Federal regulations, including FERPA, HIPAA, PCI-DSS, and GLBA compliance The CISO supports the strategic direction established by the CIO, VCCS executive leadership, and relevant VCCS governance bodies. The role leads a team of staff members supporting cybersecurity responsibilities. The role requires active collaboration with internal audit, college IT departments, faculty technology committees, and state cybersecurity leaders to strengthen security postures across the academic enterprise. Special Assignments
May be required to perform other duties as assigned. May be required to assist the agency or state government generally in the event of an emergency declaration by the Governor. Qualifications
Education and Experience Faculty Equivalent position requires a Master's degree (preferred: Computer Science, Cybersecurity, Information Security, or related field) and experience in cybersecurity leadership. CISSP, CISM, or CISA certification required. Other IT certifications preferred: Security+, ITIL. Experience 10+ years of progressively responsible experience in cybersecurity leadership, security governance, enterprise risk management, IT security, IT infrastructure design and personnel management. Proven experience leading enterprise cybersecurity programs in complex distributed organizations, including managing cybersecurity teams and supervising senior security professionals (e.g., Deputy CISO). Higher education experience with understanding student data protection regulations and laws, academic IT security, research security concerns, and hands-on experience managing and leading academic technology programs in higher education. Experience managing large-scale cybersecurity programs in compliance with NIST, ISO 27001 (as we transition away from), and state IT security frameworks. Hands-on experience with security engineering, SIEM solutions, IAM frameworks, and regulatory compliance. Knowledge of Virginia IT Agency (VITA) governance structures and VITA security policies preferred. Knowledge Cybersecurity Frameworks & Compliance: In-depth understanding of NIST 800-53, NIST CSF, CIS Controls, ISO 27001 (as we transition away), PCI-DSS, FERPA, HIPAA, GLBA, and VITA standards. Center for Internet Security (CIS) Controls: Expertise in implementing CIS benchmarks and security controls. Enterprise Security Architecture: Knowledge of zero-trust, network segmentation, IAM, and cloud security best practices. Cybersecurity vendors, products, and services: Knowledge of leading cybersecurity products and their role in a holistic architecture. Higher Education IT Security: Familiarity with academic IT environments, student data protection, and research security risks. Threat Intelligence & Risk Management: Threat detection, risk assessment, vulnerability management, and incident response. IT Security Operations & Engineering: Firewall management, SIEM, endpoint protection, pen testing, and DLP. VITA governance and policy familiarity preferred. Skills Security Program Development: Develop and maintain a system-wide cybersecurity strategy aligned with governance and guidelines. Regulatory Compliance & Audit Management: Experience with audit prep, compliance tracking, and reporting to state and federal bodies. Technical Proficiency: Cloud security (AWS, Azure, Google Cloud), virtualization, endpoint security, and hybrid infrastructure security. Incident Response & Forensics: Develop IR plans and lead investigations. Leadership & Team Development: Supervise and develop deputy and security staff; foster learning and succession planning. Project & Vendor Management: Manage security vendors, contracts, and procurements per state policy. Abilities Strategic Thinking & Planning Communication & Stakeholder Engagement Cross-functional Leadership Crisis Management & Problem-Solving Training & Awareness Competencies Communication Coaching Change Management Managing Conflict Performance Management Facilitating Diversity, Equity, and Inclusion Critical Thinking Interpersonal Skills Strategic Management Project Management Additional Considerations
Ability to work at a computer workstation for extended periods up to eight hours per day. Ability to speak on the telephone or use video conference technology. Ability to sit for extended periods without breaks. Ability to perform repetitive movements, typing, and use of office equipment. Ability to lift and move a minimum of 10 pounds. Ability to travel independently within and outside Virginia as needed for meetings, conferences, and professional development. Operation of a State Vehicle: Yes Supervises Employees: Yes Posting Details
Posting Number FAC_1753P Recruitment Type General Public - G Number of Vacancies 1 Job Open Date 10/21/2025 Job Close Date 11/04/2025 Open Until Filled No Contact & Application
Agency Website: https://www.vccs.edu/ Contact Name: Patsy Rose Phone Number: 804-819-4938 Special Instructions to Applicants: The selected candidate’s offer is contingent upon successful completion of a criminal background investigation, which may include fingerprint checks, background checks, employment verification, education verification, and credit checks where applicable. The Commonwealth’s Statement of Economic Interest may be required. For more information, see ethics link. EEO Statement: The Virginia Community College System provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type. ADA Statement: VCCS is an Equal Employment Opportunity employer and provides reasonable accommodations in accessibility, interviewing, and selection processes. E-Verify Statement: VCCS uses E-Verify to check eligibility to work in the United States; an I-9 will be required. Notes: We are directing you to the original job posting. Please apply directly at the employer’s website.
#J-18808-Ljbffr
Virginia's community colleges have a 50-year track record of educational excellence and innovation to serve the needs of our citizens and strengthen the Commonwealth's economy. When Virginia's General Assembly established the Virginia Community College System in 1966, the need for a comprehensive system was well known. Today our community colleges give every Virginian the opportunity to gain a quality education. With 23 colleges on 40 campuses located throughout the state, Virginia's Community Colleges are committed to serving Virginia families, helping them acquire the knowledge and skills to seize the opportunities of today and tomorrow. The Chief Information Security Officer (CISO) at VCCS
offers a unique opportunity to lead and inspire a single comprehensive cybersecurity strategy across 23 community colleges and 2 support organizations, ensuring the protection of vital educational and institutional assets while fostering a culture of security and resilience. The CISO collaborates with AVC for infrastructure security engineers, policy development, incident response, and regulatory compliance efforts across VCCS's enterprise-wide IT infrastructure. The role includes oversight of security risk assessments, audit response, security architecture, third-party risk management, and emerging cybersecurity threats. Additionally, the CISO collaborates with the AVC for Applications and Integration Technologies to ensure that software applications and integrated data across systems are seamless and that operations are secure throughout the VCCS network. Responsibilities (high level)
include aligning security practices with applicable standards and leading the security program across the enterprise. The CISO is responsible for aligning VCCS security practices with: NIST 800-53 and NIST Cybersecurity Framework (CSF) Center for Internet Security (CIS) Controls and Benchmarks Commonwealth of Virginia Information Technology Agency (VITA) security policies Higher education cybersecurity standards (e.g., EDUCAUSE, REN-ISAC) Federal regulations, including FERPA, HIPAA, PCI-DSS, and GLBA compliance The CISO supports the strategic direction established by the CIO, VCCS executive leadership, and relevant VCCS governance bodies. The role leads a team of staff members supporting cybersecurity responsibilities. The role requires active collaboration with internal audit, college IT departments, faculty technology committees, and state cybersecurity leaders to strengthen security postures across the academic enterprise. Special Assignments
May be required to perform other duties as assigned. May be required to assist the agency or state government generally in the event of an emergency declaration by the Governor. Qualifications
Education and Experience Faculty Equivalent position requires a Master's degree (preferred: Computer Science, Cybersecurity, Information Security, or related field) and experience in cybersecurity leadership. CISSP, CISM, or CISA certification required. Other IT certifications preferred: Security+, ITIL. Experience 10+ years of progressively responsible experience in cybersecurity leadership, security governance, enterprise risk management, IT security, IT infrastructure design and personnel management. Proven experience leading enterprise cybersecurity programs in complex distributed organizations, including managing cybersecurity teams and supervising senior security professionals (e.g., Deputy CISO). Higher education experience with understanding student data protection regulations and laws, academic IT security, research security concerns, and hands-on experience managing and leading academic technology programs in higher education. Experience managing large-scale cybersecurity programs in compliance with NIST, ISO 27001 (as we transition away from), and state IT security frameworks. Hands-on experience with security engineering, SIEM solutions, IAM frameworks, and regulatory compliance. Knowledge of Virginia IT Agency (VITA) governance structures and VITA security policies preferred. Knowledge Cybersecurity Frameworks & Compliance: In-depth understanding of NIST 800-53, NIST CSF, CIS Controls, ISO 27001 (as we transition away), PCI-DSS, FERPA, HIPAA, GLBA, and VITA standards. Center for Internet Security (CIS) Controls: Expertise in implementing CIS benchmarks and security controls. Enterprise Security Architecture: Knowledge of zero-trust, network segmentation, IAM, and cloud security best practices. Cybersecurity vendors, products, and services: Knowledge of leading cybersecurity products and their role in a holistic architecture. Higher Education IT Security: Familiarity with academic IT environments, student data protection, and research security risks. Threat Intelligence & Risk Management: Threat detection, risk assessment, vulnerability management, and incident response. IT Security Operations & Engineering: Firewall management, SIEM, endpoint protection, pen testing, and DLP. VITA governance and policy familiarity preferred. Skills Security Program Development: Develop and maintain a system-wide cybersecurity strategy aligned with governance and guidelines. Regulatory Compliance & Audit Management: Experience with audit prep, compliance tracking, and reporting to state and federal bodies. Technical Proficiency: Cloud security (AWS, Azure, Google Cloud), virtualization, endpoint security, and hybrid infrastructure security. Incident Response & Forensics: Develop IR plans and lead investigations. Leadership & Team Development: Supervise and develop deputy and security staff; foster learning and succession planning. Project & Vendor Management: Manage security vendors, contracts, and procurements per state policy. Abilities Strategic Thinking & Planning Communication & Stakeholder Engagement Cross-functional Leadership Crisis Management & Problem-Solving Training & Awareness Competencies Communication Coaching Change Management Managing Conflict Performance Management Facilitating Diversity, Equity, and Inclusion Critical Thinking Interpersonal Skills Strategic Management Project Management Additional Considerations
Ability to work at a computer workstation for extended periods up to eight hours per day. Ability to speak on the telephone or use video conference technology. Ability to sit for extended periods without breaks. Ability to perform repetitive movements, typing, and use of office equipment. Ability to lift and move a minimum of 10 pounds. Ability to travel independently within and outside Virginia as needed for meetings, conferences, and professional development. Operation of a State Vehicle: Yes Supervises Employees: Yes Posting Details
Posting Number FAC_1753P Recruitment Type General Public - G Number of Vacancies 1 Job Open Date 10/21/2025 Job Close Date 11/04/2025 Open Until Filled No Contact & Application
Agency Website: https://www.vccs.edu/ Contact Name: Patsy Rose Phone Number: 804-819-4938 Special Instructions to Applicants: The selected candidate’s offer is contingent upon successful completion of a criminal background investigation, which may include fingerprint checks, background checks, employment verification, education verification, and credit checks where applicable. The Commonwealth’s Statement of Economic Interest may be required. For more information, see ethics link. EEO Statement: The Virginia Community College System provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type. ADA Statement: VCCS is an Equal Employment Opportunity employer and provides reasonable accommodations in accessibility, interviewing, and selection processes. E-Verify Statement: VCCS uses E-Verify to check eligibility to work in the United States; an I-9 will be required. Notes: We are directing you to the original job posting. Please apply directly at the employer’s website.
#J-18808-Ljbffr