Information Security & Privacy Officer

The SCC only accepts applications directly through its career center website at .
Applications received through Jobs.Virginia.Gov will not be considered.

Title: Information Security & Privacy Officer

State Role Title:Salary Non-Specified

Hiring Range: $130,000 - $170,000

Pay Band: UG

Agency: State Corporation Commission

Location: Richmond, Virginia

Agency Website:;br>
Recruitment Type: General Public - G

The State Corporation Commission (SCC) seeks an Information Security & Privacy Officer to direct and manage our information security compliance program. The selected candidate will ensure that the SCC's information security compliance program complies with the Virginia Information Technology Agency (VITA) security polices and standards (SEC 530), and the National Institute of Standards and Technology (NIST) industry regulations. The Information Security & Privacy Officer will also perform privacy functions to ensure compliance with federal and state confidentiality regulations and privacy laws.

Essential Functions of the Information Security & Privacy Officer position include the following:

developing, maintaining, and updating SCC policies and standards applicable to information and IT security and the protection of personal data and data breach incident responses
overseeing a 3-year IT Security Audit Plan and Risk Assessment Plan for the SCC
managing and conducting risk assessments, risk treatment plans, risk assessment reports, and corrective action plans
updating and managing an information security awareness and training program for employees, contractors, and IT service providers
overseeing cybersecurity awareness campaigns and recommending privacy awareness campaigns, training, and orientation for all employees
serving as the SCC liaison with VITA and preparing applicable reports for VITA
collaborating with the SCC's Security Operations team to identify technology and processes that will protect the confidentiality, integrity, and availability of IT systems and data from unauthorized access and intrusion attempts
managing security audits, to include reviewing and approving all information security compliance audit reports for compliance
managing systems inventory and classification for data and IT systems to ensure they are classified appropriately for sensitivity
designing, developing, and implementing internal controls and procedures based on new and existing technologies, statutes, regulations, and administrative or VITA policies and procedures
collaborating with the SCC's Chief Administrative Counsel on information privacy matters
implementing and maintaining an internal reporting mechanism for intended personal data processing activities
monitoring for division adherence to the privacy program's requirements and identifying trends in privacy, regulatory requirements, and compliance enforcement
collaborating with and assisting SCC divisions and ITD technology areas to address security risks, determine potential privacy problems in new technologies, develop corrective action plans for identified privacy compliance issues, and to develop, implement, and maintain a privacy program
participating in artificial intelligence platform risk assessment and monitoring
working with the SCC's sourcing and supplier management team to ensure that supplier contracts and operating-level agreements meet privacy requirements
reporting agency security threats, risks, and privacy findings in a structural, transparent and business-relevant manner to SCC leadership, the CAO, and Chief Administrative Counsel
managing, coaching, developing, training, and evaluating staff
performing related work as required

Preferred Qualifications

8 or more years of relevant professional experience in information systems security management; familiarity with artificial intelligence platform risk assessment and monitoring; and management of professional staff
Bachelor's degree in a related field
COV ISO certification strongly preferred, Certified Information Privacy Manager (CIPM) or related data privacy certification is a plus
Thorough knowledge of cybersecurity and privacy principles including state and federal privacy regulations and laws, VITA Security policies and standards (SEC 530), and NIST industry regulations and standards
Thorough knowledge of system architecture concepts including on-premises, hybrid, and cloud computing models
Thorough knowledge of new and emerging IT and information security technologies
Thorough knowledge of operating systems and/or systems software in information security
Thorough knowledge of issue identification, problem resolution, privacy data breach incident response, vulnerabilities, risks, and risk management
Considerable knowledge in analyzing data to determine privacy protection
Strong leadership and performance management skills
Ability to manage, coach, develop, train, and evaluate staff
Ability to design secure solutions and apply appropriate Defense-in-Depth security controls for on premise, hybrid, and cloud solutions
Ability to prepare documentation, processes, and procedures
Ability to develop and maintain policies and standards for information and IT security
Ability to analyze systems, identify complex information security issues, and develop workable solutions
Ability to interpret and apply complex policies and standards relative to information security and risk management
Ability to detect major threats at all stages of attack (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining of access, network exploitation and in covering of tracks)
Ability to explain and present technical matters clearly and effectively in both a technical and non-technical manner
Excellent communication skills including the ability to express and understand ideas clearly, both orally and in writing
Excellent attention to detail, research abilities, and interpersonal skills
Highly self-motivated and proven analytical, evaluative, and problem-solving abilities.
Ability to establish and maintain effective working relationships with Commission staff, industry personnel, and the general public

Special Instructions

You will be provided a confirmation of receipt when your application and/or rsum is submitted successfully. Please refer to "Your Application" in your account to check the status of your application for this position.

The SCC only accepts applications directly through its career center website at . Applications received through Jobs.Virginia.Gov will not be considered.

Located in downtown Richmond, Virginia, the SCC is a state agency with regulatory authority over many business and economic interests in Virginia. More information about the SCC may be found on our website: .

The SCC offers rewarding, impactful public-service work; flexible telework options and work-life balance; and professional development opportunities. The SCC fosters a high-performing workforce with a commitment to diversity and inclusion, collaboration, and alignment with the SCC's mission and strategic goals. Core benefits provided to SCC employees include competitive health and life insurance programs, pre-tax spending accounts, leave programs, and paid holidays. Employees participate in a state retirement plan with options for tax-deferred retirement savings including employer matching. The state also funds a short and long-term disability program.
The SCC regulates various companies and industries in Virginia; therefore, to avoid any conflict, employees are required to sign a Conflict of Interest Form and must dispose of any stock they hold in a regulated company or dispose of any licenses or certificates they hold in any industry regulated by the SCC unless otherwise permitted. Employees also shall report employment of household members by a regulated company. An incumbent of this position is required to complete the Statement of Economic Interests Form.

The SCC does not provide employer sponsorship. We use the E-Verify system to confirm identity and work authorization.

The SCC is an Equal Opportunity Employer.

As a Virginia Values Veterans (V3) Certified Employer, we value and encourage veterans and members of the Reserves and National Guard to apply.

The information you submit must clearly demonstrate your experience and qualifications as they relate to this position. Interview consideration is based on the information submitted online.

If requested, the SCC will provide reasonable accommodation to applicants in need of accommodation in order to provide access to the application and interview process. A background investigation is conducted on the selected candidate as a condition of employment. This position is exempt from the provisions of the Fair Labor Standards Act.

This position is classified in the SCC Salary Structure as a Grade P-15 and is exempt from the provisions of the Fair Labor Standards Act (FLSA).

How to Apply
This position will remain open until filled. Qualified candidates are encouraged to apply directly to the SCC Career Center website careercenter.scc.virginia.gov . Please note: Applications received through Jobs.Virginia.Gov will not be considered.

Contact Information

Name: Whitney Mays, Recruitment Manager

Phone:

Email:

In support of the Commonwealth's commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.