Virginia's Community College System
Chief Information Security Officer
Virginia's Community College System, Richmond, Virginia, United States, 23214
Job Overview
Apply for the
Chief Information Security Officer
role at
Virginia's Community College System . This is a full‑time, 40‑hour per week position located in Richmond (City) - 760. The role requires a 12‑month admin/assoc profile with a pay band of 00, salary range $160,000 - $170,000. Telework is available, subject to business needs. The CISO will lead the enterprise cybersecurity strategy across 23 community colleges and 2 support organizations, protecting institutional assets while fostering a culture of security and resilience.
Responsibilities
Lead and inspire a single comprehensive cybersecurity strategy across the system.
Collaborate with the AVC for infrastructure security engineers, policy development, incident response, and regulatory compliance.
Oversee security risk assessments, audit response, security architecture, third‑party risk management, and emerging threats.
Align security practices with NIST 800‑53, NIST Cybersecurity Framework, CIS Controls, VITA security policies, and higher‑education standards such as EDUCAUSE and REN‑ISAC.
Ensure compliance with federal regulations (FERPA, HIPAA, PCI‑DSS, GLBA) and state IT security frameworks.
Support the strategic direction from the CIO, executive leadership, and governance bodies.
Lead a team of cybersecurity staff and collaborate with internal audit, college IT departments, faculty technology committees, and state cybersecurity leaders.
Assist the agency or state government during emergency declarations as needed.
Qualifications
Education and Experience:
Master’s degree (preferred Computer Science, Cybersecurity, or related field) and 10+ years of progressively responsible cybersecurity leadership experience.
Certifications:
CISSP, CISM, or CISA required; Security+ and ITIL preferred.
Higher Education Experience:
Understanding of student data protection, academic IT security, research security concerns, and direct leadership of academic technology programs.
Compliance:
Proven experience managing large‑scale cybersecurity programs in compliance with NIST, ISO 27001, and state IT security frameworks.
Technical Background:
Hands‑on experience with security engineering, SIEM solutions, IAM frameworks, and regulatory compliance.
Knowledge of VITA:
Preferred knowledge of Virginia IT Agency governance structures and security policies.
Knowledge, Skills and Abilities
Cybersecurity Frameworks & Compliance:
In‑depth understanding of NIST 800‑53, CSF, CIS Controls, ISO 27001, PCI‑DSS, FERPA, HIPAA, GLBA, and VITA security standards.
Enterprise Security Architecture:
Zero‑trust security models, network segmentation, IAM, and cloud security best practices.
Security Operations:
Firewall management, SIEM platforms, endpoint protection, penetration testing, and DLP strategies.
Strategic Planning & Communication:
Ability to align initiatives with system objectives, engage stakeholders, and translate complex concepts for executive audiences.
Leadership & Team Development:
Supervise, mentor, and build a high‑performing cybersecurity team; foster continuous learning, leadership development, and succession planning.
Project & Vendor Management:
Assess, negotiate, and oversee security vendors, contracts, and technology procurements in compliance with procurement policies.
Crisis Management:
Make critical decisions in high‑pressure situations and lead incident response across multiple colleges.
Training & Awareness:
Design and deliver cybersecurity awareness programs, phishing simulations, and faculty/staff training.
Additional Considerations
Ability to work at a computer workstation for extended periods up to eight hours per day.
Ability to communicate via telephone and/or video conference technology.
Ability to perform repetitive movements, such as typing, and use common office equipment.
Ability to lift and move a minimum of 10 pounds.
Ability to travel independently within the Commonwealth of Virginia and outside for conferences or professional development.
Required travel: independent travel, travel within the Commonwealth for meetings and training, travel outside Virginia as needed.
Contact Contact Name: Patsy Rose Phone Number: 804‑819‑4938 Email: prose@vccs.edu
EEO & ADA Statements The Virginia Community College System (VCCS) provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, political affiliation, veteran status, sexual orientation, gender identity or other non‑merit factors. VCCS is an Equal Employment Opportunity employer and complies with the ADA and ADAAA, providing reasonable accommodations to applicants with disabilities. VCCS uses E‑Verify to check employee eligibility to work in the United States. You will be required to complete an I‑9 form and provide identity documentation for employment purposes.
Background Check The selected candidate’s offer is contingent upon the successful completion of a criminal background investigation, which may include fingerprint checks, local agency checks, employment verification, and education verification. Selected candidates may also be required to complete the Commonwealth’s Statement of Economic Interest. For more information, please follow this link:
http://ethics.dls.virginia.gov/
Application Applications will remain open until filled. For more details or to apply, visit:
https://jobs.vccs.edu/postings/89914
#J-18808-Ljbffr
Chief Information Security Officer
role at
Virginia's Community College System . This is a full‑time, 40‑hour per week position located in Richmond (City) - 760. The role requires a 12‑month admin/assoc profile with a pay band of 00, salary range $160,000 - $170,000. Telework is available, subject to business needs. The CISO will lead the enterprise cybersecurity strategy across 23 community colleges and 2 support organizations, protecting institutional assets while fostering a culture of security and resilience.
Responsibilities
Lead and inspire a single comprehensive cybersecurity strategy across the system.
Collaborate with the AVC for infrastructure security engineers, policy development, incident response, and regulatory compliance.
Oversee security risk assessments, audit response, security architecture, third‑party risk management, and emerging threats.
Align security practices with NIST 800‑53, NIST Cybersecurity Framework, CIS Controls, VITA security policies, and higher‑education standards such as EDUCAUSE and REN‑ISAC.
Ensure compliance with federal regulations (FERPA, HIPAA, PCI‑DSS, GLBA) and state IT security frameworks.
Support the strategic direction from the CIO, executive leadership, and governance bodies.
Lead a team of cybersecurity staff and collaborate with internal audit, college IT departments, faculty technology committees, and state cybersecurity leaders.
Assist the agency or state government during emergency declarations as needed.
Qualifications
Education and Experience:
Master’s degree (preferred Computer Science, Cybersecurity, or related field) and 10+ years of progressively responsible cybersecurity leadership experience.
Certifications:
CISSP, CISM, or CISA required; Security+ and ITIL preferred.
Higher Education Experience:
Understanding of student data protection, academic IT security, research security concerns, and direct leadership of academic technology programs.
Compliance:
Proven experience managing large‑scale cybersecurity programs in compliance with NIST, ISO 27001, and state IT security frameworks.
Technical Background:
Hands‑on experience with security engineering, SIEM solutions, IAM frameworks, and regulatory compliance.
Knowledge of VITA:
Preferred knowledge of Virginia IT Agency governance structures and security policies.
Knowledge, Skills and Abilities
Cybersecurity Frameworks & Compliance:
In‑depth understanding of NIST 800‑53, CSF, CIS Controls, ISO 27001, PCI‑DSS, FERPA, HIPAA, GLBA, and VITA security standards.
Enterprise Security Architecture:
Zero‑trust security models, network segmentation, IAM, and cloud security best practices.
Security Operations:
Firewall management, SIEM platforms, endpoint protection, penetration testing, and DLP strategies.
Strategic Planning & Communication:
Ability to align initiatives with system objectives, engage stakeholders, and translate complex concepts for executive audiences.
Leadership & Team Development:
Supervise, mentor, and build a high‑performing cybersecurity team; foster continuous learning, leadership development, and succession planning.
Project & Vendor Management:
Assess, negotiate, and oversee security vendors, contracts, and technology procurements in compliance with procurement policies.
Crisis Management:
Make critical decisions in high‑pressure situations and lead incident response across multiple colleges.
Training & Awareness:
Design and deliver cybersecurity awareness programs, phishing simulations, and faculty/staff training.
Additional Considerations
Ability to work at a computer workstation for extended periods up to eight hours per day.
Ability to communicate via telephone and/or video conference technology.
Ability to perform repetitive movements, such as typing, and use common office equipment.
Ability to lift and move a minimum of 10 pounds.
Ability to travel independently within the Commonwealth of Virginia and outside for conferences or professional development.
Required travel: independent travel, travel within the Commonwealth for meetings and training, travel outside Virginia as needed.
Contact Contact Name: Patsy Rose Phone Number: 804‑819‑4938 Email: prose@vccs.edu
EEO & ADA Statements The Virginia Community College System (VCCS) provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, political affiliation, veteran status, sexual orientation, gender identity or other non‑merit factors. VCCS is an Equal Employment Opportunity employer and complies with the ADA and ADAAA, providing reasonable accommodations to applicants with disabilities. VCCS uses E‑Verify to check employee eligibility to work in the United States. You will be required to complete an I‑9 form and provide identity documentation for employment purposes.
Background Check The selected candidate’s offer is contingent upon the successful completion of a criminal background investigation, which may include fingerprint checks, local agency checks, employment verification, and education verification. Selected candidates may also be required to complete the Commonwealth’s Statement of Economic Interest. For more information, please follow this link:
http://ethics.dls.virginia.gov/
Application Applications will remain open until filled. For more details or to apply, visit:
https://jobs.vccs.edu/postings/89914
#J-18808-Ljbffr