Virginia's Community College System
Chief Information Security Officer
Virginia's Community College System, Richmond, Virginia, United States, 23214
Overview
Join to apply for the
Chief Information Security Officer
role at
Virginia's Community College System . Working Title Chief Information Security Officer Location: Richmond, VA Employment type: Full-time Salary: $160,000 - $170,000 This is a full-time, 40 hours per week position, with additional hours required to address the organization’s needs. Responsibilities
Lead and inspire a single comprehensive cybersecurity strategy across 23 community colleges and 2 support organizations. Collaborate with AVC for infrastructure security engineers, policy development, incident response, and regulatory compliance across VCCS enterprise IT infrastructure. Oversee security risk assessments, audit response, security architecture, third-party risk management, and emerging cybersecurity threats. Collaborate with the AVC for Applications and Integration Technologies to ensure secure software applications and integrated data across systems. Align VCCS security practices with: NIST 800-53 and NIST CSF; CIS Controls and Benchmarks; VITA security policies; higher education cybersecurity standards (EDUCAUSE, REN-ISAC); and federal regulations (FERPA, HIPAA, PCI-DSS, GLBA). Lead security program governance, collaborate with internal audit, college IT departments, faculty technology committees, and state cybersecurity leaders to strengthen security postures. Provide leadership for the security team, including supervision of staff and deputy roles; participate in special assignments as needed. Qualifications
Education and Experience: Master’s degree (preferred in Computer Science, Cybersecurity, Information Security, or related field) and cybersecurity leadership experience; 10+ years of progressively responsible experience in cybersecurity leadership, governance, risk management, IT security, and infrastructure design. Certifications: CISSP, CISM, or CISA required; additional IT certifications (Security+, ITIL) preferred. Higher education experience with understanding student data protection regulations and academic IT security. Experience leading enterprise cybersecurity programs in complex distributed organizations; experience supervising senior security professionals (e.g., Deputy CISO). Knowledge of NIST, ISO 27001 (as we transition away), CIS Controls, FERPA, HIPAA, GLBA, PCI-DSS; familiarity with VITA governance and security policies preferred. Knowledge, Skills, and Abilities
Cybersecurity frameworks and compliance: NIST 800-53, NIST CSF, CIS Controls, ISO 27001 (as we transition away), PCI-DSS, FERPA, HIPAA, GLBA, VITA standards. Security architecture: Zero-trust, IAM, network segmentation, cloud security best practices. Regulatory and risk management: Experience with audits, compliance reporting to state (VITA, JLARC, SCHEV) and federal bodies. Technical proficiency: Cloud security (AWS, Azure, Google Cloud), virtualization, endpoint security, SIEM, DLP. Operations and incident response: Incident response planning, forensics, rapid containment and remediation. Leadership: Mentoring and developing cybersecurity staff; succession planning; cross-functional collaboration with CIOs and state agencies. Vendor and project management: Assessing, negotiating, and overseeing security vendors and procurements in line with state policies. Abilities
Strategic thinking and planning; align initiatives with IT objectives and statewide priorities. Communication and stakeholder engagement; translate security concepts for executives, faculty, IT staff, and policymakers. Cross-functional leadership; collaborate with college CIOs, faculty technology committees, and state agencies. Crisis management and problem-solving; lead incident response across multiple colleges. Training and awareness; design and deliver cybersecurity training and phishing simulations. Competencies
Communication, coaching, change management, conflict management, performance management, facilitation, diversity, equity, and inclusion, critical thinking, interpersonal skills, strategic management. Other Requirements
Ability to work at a computer workstation for extended periods. Ability to travel as needed within Virginia and to external conferences or professional development events. Additional Information
Background check required (criminal history, education verification, fingerprint checks, etc.). Statement of Economic Interest may be required. EOE, ADA, and E-Verify statements apply. Posting quicklink: https://jobs.vccs.edu/postings/89914 Note:
The description preserves the core responsibilities, qualifications, and context of the Chief Information Security Officer role as listed in the original material while removing unrelated boilerplate and preserving legally required notices.
#J-18808-Ljbffr
Join to apply for the
Chief Information Security Officer
role at
Virginia's Community College System . Working Title Chief Information Security Officer Location: Richmond, VA Employment type: Full-time Salary: $160,000 - $170,000 This is a full-time, 40 hours per week position, with additional hours required to address the organization’s needs. Responsibilities
Lead and inspire a single comprehensive cybersecurity strategy across 23 community colleges and 2 support organizations. Collaborate with AVC for infrastructure security engineers, policy development, incident response, and regulatory compliance across VCCS enterprise IT infrastructure. Oversee security risk assessments, audit response, security architecture, third-party risk management, and emerging cybersecurity threats. Collaborate with the AVC for Applications and Integration Technologies to ensure secure software applications and integrated data across systems. Align VCCS security practices with: NIST 800-53 and NIST CSF; CIS Controls and Benchmarks; VITA security policies; higher education cybersecurity standards (EDUCAUSE, REN-ISAC); and federal regulations (FERPA, HIPAA, PCI-DSS, GLBA). Lead security program governance, collaborate with internal audit, college IT departments, faculty technology committees, and state cybersecurity leaders to strengthen security postures. Provide leadership for the security team, including supervision of staff and deputy roles; participate in special assignments as needed. Qualifications
Education and Experience: Master’s degree (preferred in Computer Science, Cybersecurity, Information Security, or related field) and cybersecurity leadership experience; 10+ years of progressively responsible experience in cybersecurity leadership, governance, risk management, IT security, and infrastructure design. Certifications: CISSP, CISM, or CISA required; additional IT certifications (Security+, ITIL) preferred. Higher education experience with understanding student data protection regulations and academic IT security. Experience leading enterprise cybersecurity programs in complex distributed organizations; experience supervising senior security professionals (e.g., Deputy CISO). Knowledge of NIST, ISO 27001 (as we transition away), CIS Controls, FERPA, HIPAA, GLBA, PCI-DSS; familiarity with VITA governance and security policies preferred. Knowledge, Skills, and Abilities
Cybersecurity frameworks and compliance: NIST 800-53, NIST CSF, CIS Controls, ISO 27001 (as we transition away), PCI-DSS, FERPA, HIPAA, GLBA, VITA standards. Security architecture: Zero-trust, IAM, network segmentation, cloud security best practices. Regulatory and risk management: Experience with audits, compliance reporting to state (VITA, JLARC, SCHEV) and federal bodies. Technical proficiency: Cloud security (AWS, Azure, Google Cloud), virtualization, endpoint security, SIEM, DLP. Operations and incident response: Incident response planning, forensics, rapid containment and remediation. Leadership: Mentoring and developing cybersecurity staff; succession planning; cross-functional collaboration with CIOs and state agencies. Vendor and project management: Assessing, negotiating, and overseeing security vendors and procurements in line with state policies. Abilities
Strategic thinking and planning; align initiatives with IT objectives and statewide priorities. Communication and stakeholder engagement; translate security concepts for executives, faculty, IT staff, and policymakers. Cross-functional leadership; collaborate with college CIOs, faculty technology committees, and state agencies. Crisis management and problem-solving; lead incident response across multiple colleges. Training and awareness; design and deliver cybersecurity training and phishing simulations. Competencies
Communication, coaching, change management, conflict management, performance management, facilitation, diversity, equity, and inclusion, critical thinking, interpersonal skills, strategic management. Other Requirements
Ability to work at a computer workstation for extended periods. Ability to travel as needed within Virginia and to external conferences or professional development events. Additional Information
Background check required (criminal history, education verification, fingerprint checks, etc.). Statement of Economic Interest may be required. EOE, ADA, and E-Verify statements apply. Posting quicklink: https://jobs.vccs.edu/postings/89914 Note:
The description preserves the core responsibilities, qualifications, and context of the Chief Information Security Officer role as listed in the original material while removing unrelated boilerplate and preserving legally required notices.
#J-18808-Ljbffr