Deputy Chief Information Security Officer (Hybrid Work Schedule)

Title: Deputy Chief Information Security Officer (Hybrid Work Schedule)

State Role Title: Technology

Hiring Range: $169,500 - $190,000

Pay Band: UG

Agency: Virginia Retirement System

Location: Virginia Retirement System

Agency Website: www.varetire.org/careers

Recruitment Type: General Public - G

Job Duties

The Virginia Retirement System (VRS) is seeking a Deputy Chief Information Security Officer to direct and oversee the information security (IS) operations program for the Investments organization within VRS, focusing on efforts to assure their security program allows their team to function with specific policies, procedures, and controls matched to their requirements.

Under the direction of the Chief Information Security Officer (CISO) this position will serve as a key advisor across the enterprise, including identifying key corporate security initiatives and standards. This position provides subject matter expertise to the VRS IS staff developing and implementing technology that will protect the confidentiality, integrity and availability of VRS IT systems and data from unauthorized access and intrusion attempts. In concert with the CISO, this position ensures IS staff act as expert resources for the agency and analyzes business needs for the purpose of providing enhanced security solutions and to support agency goals.

Additionally, this position will develop and direct all counter-intelligence operations in coordination with Satte and Federal authorities and collaborates with the agency Information Security Officer (ISO) to ensure timely reports to VITA and reconciliation of identified compliance gaps.

Essential functions include but are not limited to:

• Assists CISO with overseeing the Enterprise information technology security program and operations.
• Possesses and applies a broad range of advanced expertise of technology and security principles, best practices, policies and procedures to direct other technology staff in the completion of difficult and complex assignments crossing multiple functional areas.
• Coordinates and provides senior level technical guidance to security staff.
• Assists CISO and Chief Technology and Security Officer (CTSO) and other technology managers in project selection and scoping, project management, change management, technology evaluations and planning, procurements, and integration of various technologies for VRS.
• Mentors, and directs other technical staff with project selection and scoping, project management, change management, technology evaluations and planning, procurements, best practices and approaches for secure analysis/design, and integration of various technologies for VRS as required.
• Ensures that all components of the program work collaboratively to protect VRS data and systems and evolve as necessary to address emerging threats.
• Verifies all sensitive systems have documented/approved system security plans.
• Establishes the CRS counterintelligence program in concert with Local, State, and Federal Authorities
• Coordinates with the CISO and the ISO to ensure all VITA standards and expectations are operationalized.
• Manages all outsourced contracts in collaboration with the CISO, and ensures that procurement policies are updated and followed.
• With the CISO verifies VRS policies align with Commonwealth of Virginia’s security policies and standards.
• Collaborates with the CISO and engages with the agency’s cyber fraud analytics program to ensure fraud prevention and detection.
• Actively assists the CISO and the CTSO in leading the office and ensuring that technology and security is proactively applied to solve business problems and achieve business goals.
• Ensures that staff are focused on all aspects of security, especially protection of sensitive customer information.
• Oversees physical and logical building security.
• Stays abreast of security vulnerabilities, risk assessments and investigates suspicious activity. Monitors advancements in hacking/anti-hacking and other security technologies.
• Oversees, coordinates, and performs penetration testing and vulnerability risk assessments internally, externally and with third party business partners.
• Maintains 24x7x365 Security Operations Center functionality monitoring, reporting and responding to incidents.
• Collaborates with various auditors to remediate, respond, and coordinate responses to potential findings or observations.
• Directs and oversees business continuity planning, disaster recovery; exercising each plan, updating, and modifying with each business partner to ensure positive outcomes.
• Works collaboratively with technology management peers to ensure security is appropriately included in all development and maintenance activities.
• Provides input and review of material for security awareness program and training; reviews training material to ensure consistency with agency operations and serves as a subject matter expert to deliver components of in person activities.
• Implements and maintains a program of preventative, detective and corrective controls; collaborates with agency ISO to ensure timely reconciliation of identified compliance gaps.

Minimum Qualifications

Bachelor's degree in Computer Science or a closely related field.

Ten (10) years of experience in information technology security including 2 years of supervisory or lead experience or an equivalent combination of education and experience.

• Extensive specialized knowledge and expertise in IS tools, technologies, and techniques that can be applied to lead other staff to accomplish agency goals in a timely manner, with outstanding quality.
• Commercial software development environment servicing B2B and B2C.
• Technology experience with firewalls, intrusion detection, end-point protection, data networking, end user computing, virtualization, Microsoft technologies, and private/public cloud computing.

Additional Considerations

Proven ability in building highly productive teams. Proven ability to effectively build and sustain positive customer relationships and lead technical staff through substantial change.

Demonstrated ability to:

• Direct a highly complex information security operation
• Ascertain and meet customer expectations
• Work effectively and independently in a fast paced team environment where priorities can rapidly change
• Solve the most complex problems through discovery and analysis with minimal guidance
• Prioritize own work activities with minimal guidance and coaching
• Complete complex projects independently with minimal oversight and direction
• Manage competing priorities to meet goals
• Learn new technologies and assist others in learning new technologies
• Prioritize own work activities with minimal guidance and coaching
• Communicate effectively orally and in writing
• Develop and execute detailed and accurate work plans and appropriately communicate work plan risks and impacts to management
• Provide, maintain and follow technical documentation

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

Hybrid Work Schedule = all employees work two days (Tuesday & Wednesday) onsite and three days (Monday, Thursday and Friday) remotely. However, employees are expected to report to the office on any day required by the supervisor/manager.

Contact Information

Name: Human Resources

Phone: 804-775-3408

Email: careers@varetire.org

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their Certificate of Disability (COD) provided by a Vocational Rehabilitation Counselor within the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their Certificate of Disability. If you need to get a Certificate of Disability, use this link: Career Pathways for Individuals with Disabilities, or call DARS at 800-552-5019, or DBVI at 800-622-2155.