Information Security Officer

Overview

On Site
Depends on Experience
Full Time
No Travel Required

Skills

comprehensive knowledge of relevant laws
best practices and principles governing information security
experience conducting risk assessments
performing audits
implementing security controls
monitoring security posture and compliance
and enforcing IT security policies and best practices
hands-on expertise with Microsoft security technologies
experience administering IAM solutions in Microsoft Azure

Job Details

The Virginia State Bar (VSB), an agency of the Supreme Court of Virginia, is seeking an Information Security Officer (ISO) to serve as the lead for information security and privacy-by-design. This role combines governance, risk, and compliance functions with hands-on cloud security engineering in a Microsoft-centric environment. The ISO will collaborate with VITA/Commonwealth of Virginia, the Supreme Court of Virginia, the VSB IT team, department leaders, and external partners to establish security policy in alignment with Commonwealth of Virginia standards; architect guardrails; monitor controls; and lead incident response. Key responsibilities include identifying and implementing comprehensive security measures; proactively assessing security risks; monitoring and notifying management of emerging threats; recommending security enhancements; educating users about security best practices; enforcing policy; developing incident response and recovery plans; and responding to security incidents. This position has a dotted-line relationship with the Executive Director and will integrate information security into all business processes and decision making. The ISO reports to the Director of Information Technology and will assist with other technical tasks and projects as assigned. The VSB operates an in-house IT team of five that directly supports 90 employees and indirectly serves Virginia s 50,000+ lawyers and the public with the reliable operation of digital platforms and services. This position is required to work in the Richmond office. Employees are eligible to telework one day per week after six months of employment.

The ideal candidate will have a bachelor s degree in information security, computer science, IT or equivalent experience; security certifications such as CISSP, CISM, and GIAC; and the following qualifications:

  • comprehensive knowledge of relevant laws, regulations, best practices and principles governing information security
  • experience developing, implementing, and enforcing IT security policies and best practices
  • experience conducting risk assessments, performing audits, implementing security controls, monitoring security posture and compliance, and responding to security incidents
  • hands-on expertise with Microsoft security technologies (Defender and Sentinel)
  • experience administering identity and access management solutions in Microsoft Azure, including Microsoft Entra ID and Microsoft 365
  • familiarity with Microsoft Purview
  • proven ability to communicate complex technical concepts effectively with a wide variety of stakeholders, both verbally and in writing
  • strong analytical and risk-based decision-making skills
  • service oriented, strong interpersonal and customer service skills
  • successful completion of criminal background check

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.