Overview
On Site
USD 88,000.00 - 114,700.00 per year
Full Time
Skills
UG
Recruiting
Taxes
Access Control
IT Architecture
Leadership
Collaboration
Internal Control
Security Controls
Corrective And Preventive Action
Auditing
Software Security
Testing
Risk Analysis
Reporting
Cyber Security
Supply Chain Management
Impact Analysis
Disaster Recovery
Information Systems
Information Security Governance
Risk Management
Information Assurance
Information Security
Risk Assessment
System Security
Regulatory Compliance
Documentation
NIST 800-53
IT Security
SEC
Business Continuity Planning
Policies and Procedures
Management
Training
Computer Science
Information Technology
CompTIA
ISACA
SANS
Job Details
Title: Information Security Specialist
Hiring Range: $88,000 - $114,700
Pay Band: UG
Agency: Virginia Lottery
Location:Virginia Lottery
Agency Website:;br>
Recruitment Type: General Public - G
Job Duties
For more than three decades, the Virginia Lottery has worked to build a strong reputation, one synonymous with providing fun, entertaining experiences and doing so responsibly and with integrity. Proceeds from traditional Lottery games support K-12 public education in Virginia. Taxes generated by sports wagering and casino gaming, which are regulated by the Lottery, benefit other priorities of the Commonwealth.
The Virginia Lottery, an independent state agency, is currently seeking an Information Security Specialist to join our ITS and Operations Department. This position is located in Richmond, Virginia.
The Information Security Specialist will be responsible for ensuring the operational integrity, availability, and confidentiality of all Lottery data, networks, and computer systems supporting traditional lottery, iLottery, and Gaming Compliance operations, the protection of system data and operations from unauthorized modification or abuse. This is accomplished through policy, standards, and implementation of processes and controls through a variety of means, including testing systems and applications, monitoring system activity, coordinating system access control (physically and logically), creating\updating policies, third-party vendor risk management and analyzing system security architecture with other subject-matter experts in the Lottery Information Technology Security Committee (ITSC) and Security and Technical Architecture Review (STAR) teams that ensure we comply with the VITA Standards and 2.2-603 of the Code of Virginia. Actively collaborates with Lottery Leadership, VITA, and Information Security community to stay current with all trends, technology, and COV requirements.
The Information Security Specialist will:
Periodically review policy and supporting processes and procedures to ensure that they align with risk management strategy objectives and priorities, COV policy and standards, as well as the high-level direction of the cybersecurity policy.
Works with the Director of Information Security and Information Security Risk and Compliance Officer to complete, review, and update governance tasks such as risk assessments, system security plans, and data/system classification as needed.
Collaborate with ITS on internal control requirements, best practices and compliance.
Perform routine review, analysis, and testing of security controls to ensure alignment with IT security standards and ensure effectiveness.
Develop and coordinate corrective action plans to internal and external audits and other information security assessments to ensure any gaps in security and compliance are corrected.
Participate in the development and maintenance of the Lottery risk management program, part of the overall Lottery Information Security program, to include associated policies, procedures, and formalized application security testing processes.
Coordinate with internal and external stakeholders to ensure Risk Assessments for sensitive systems are developed and reviewed in accordance with the Lottery Risk Assessment Plan.
Coordinate risk analysis, assessment, and reporting activities.
Perform updates and manage Lottery POA&M and compliance registers and assist with tracking remediation and closure of corrective actions.
Implement cybersecurity supply chain risk management and third-party vendor risk management activities across the enterprise.
Develop and maintain the Lottery Business Impact Analysis (BIA), Enterprise Business Continuity Plan, and documentation supporting the overall continuity program.
Coordinate disaster recovery planning activities; disaster recovery training and exercise, IT disaster recovery exercise and updates.
Perform prize verification process and supporting tasks as required.
Perform duties as system administrator for raffle game(s) as required.
Other duties may be required based on supplementary assignments.
Note - This position requires in-office work three days per week including Tuesday and Wednesday.
Minimum Qualifications
The person selected for this position will have:
Bachelor's degree in information systems, computer science, or related field required.
Five or more years of information security governance, risk, compliance and third-party vendor oversight activities.
Knowledge of information security principles, policies and procedures, and Risk Management Frameworks. Working knowledge of business, applications, and technology as applied to information security. Knowledge of information assurance principles and organizational requirements that are relevant to confidentiality, integrity, and availability. Demonstrated ability to plan, develop, coordinate, and manage multiple security initiatives in a technologically diverse environment. Demonstrated ability to interact successfully with senior management, regulatory and compliance managers, and external vendors. Knowledge of new and emerging Information Technology and Security strategies. Knowledge of federal, state, agency, and other regulatory agents' policies, regulations, and standards.
Experience in developing and maintaining an enterprise information security program.
Experience in working with internal and external stakeholders to develop and maintain Risk Assessments, System Security Plans, and other IT security governance, risk, and compliance documentation.
Thorough understanding of IT security controls, specifically NIST 800-53 and Commonwealth of Virginia IT security policies and standards, SEC530, SEC20.
Experience in business continuity planning.
Excellent interpersonal and communications skills, both oral and written.
Ability to develop and maintain policies and procedures.
Ability to work independently and as part of a team.
Expertise in effectively managing competing priorities.
Ability to maintain strict confidentiality of sensitive material.
A comparable amount of training and experience may be substituted for the minimum qualifications
Additional Considerations
Advanced degree in Computer Science, Information Technology or relevant field.
Recognized certifications from CompTIA, ISC2, ISACA or SANS Global Information
Assurance Certification (GIAC) credentials.
Lottery experience preferred.
Special Instructions
You will be provided a confirmation of receipt when your application and/or rsum is submitted successfully. Please refer to "Your Application" in your account to check the status of your application for this position.
The selected candidate will be required to complete a background investigation and possess a valid Driver's License. Minimum travel required. Must be willing to work some nights and weekends as needed. Requires in-person work three (3) days a week including Tuesday and Wednesday.
The Virginia Lottery is an independent state agency, and as such all positions are exempt from the Virginia Personnel Act, as well as most Executive Branch human resources policies. The Virginia Lottery is a fun place to work and values diversity in the workforce. We offer a competitive salary and excellent benefits. The Virginia Lottery is an Equal Opportunity Employer. Only online applications completed in their entirety will be accepted for this position. The Virginia Lottery will provide, if requested, reasonable accommodation to applicants in need of accommodation in order to provide access to the application and/or interview process. If any assistance is needed when applying online, please contact the Virginia Lottery's Human Resources Department at . Applications will be accepted until a suitable pool of candidates is received. After 5 business days, this position may be closed at any time.
Contact Information
Name: Human Resources
Phone:
Email: N/A
In support of the Commonwealth's commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .
Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.
Hiring Range: $88,000 - $114,700
Pay Band: UG
Agency: Virginia Lottery
Location:Virginia Lottery
Agency Website:;br>
Recruitment Type: General Public - G
Job Duties
For more than three decades, the Virginia Lottery has worked to build a strong reputation, one synonymous with providing fun, entertaining experiences and doing so responsibly and with integrity. Proceeds from traditional Lottery games support K-12 public education in Virginia. Taxes generated by sports wagering and casino gaming, which are regulated by the Lottery, benefit other priorities of the Commonwealth.
The Virginia Lottery, an independent state agency, is currently seeking an Information Security Specialist to join our ITS and Operations Department. This position is located in Richmond, Virginia.
The Information Security Specialist will be responsible for ensuring the operational integrity, availability, and confidentiality of all Lottery data, networks, and computer systems supporting traditional lottery, iLottery, and Gaming Compliance operations, the protection of system data and operations from unauthorized modification or abuse. This is accomplished through policy, standards, and implementation of processes and controls through a variety of means, including testing systems and applications, monitoring system activity, coordinating system access control (physically and logically), creating\updating policies, third-party vendor risk management and analyzing system security architecture with other subject-matter experts in the Lottery Information Technology Security Committee (ITSC) and Security and Technical Architecture Review (STAR) teams that ensure we comply with the VITA Standards and 2.2-603 of the Code of Virginia. Actively collaborates with Lottery Leadership, VITA, and Information Security community to stay current with all trends, technology, and COV requirements.
The Information Security Specialist will:
Periodically review policy and supporting processes and procedures to ensure that they align with risk management strategy objectives and priorities, COV policy and standards, as well as the high-level direction of the cybersecurity policy.
Works with the Director of Information Security and Information Security Risk and Compliance Officer to complete, review, and update governance tasks such as risk assessments, system security plans, and data/system classification as needed.
Collaborate with ITS on internal control requirements, best practices and compliance.
Perform routine review, analysis, and testing of security controls to ensure alignment with IT security standards and ensure effectiveness.
Develop and coordinate corrective action plans to internal and external audits and other information security assessments to ensure any gaps in security and compliance are corrected.
Participate in the development and maintenance of the Lottery risk management program, part of the overall Lottery Information Security program, to include associated policies, procedures, and formalized application security testing processes.
Coordinate with internal and external stakeholders to ensure Risk Assessments for sensitive systems are developed and reviewed in accordance with the Lottery Risk Assessment Plan.
Coordinate risk analysis, assessment, and reporting activities.
Perform updates and manage Lottery POA&M and compliance registers and assist with tracking remediation and closure of corrective actions.
Implement cybersecurity supply chain risk management and third-party vendor risk management activities across the enterprise.
Develop and maintain the Lottery Business Impact Analysis (BIA), Enterprise Business Continuity Plan, and documentation supporting the overall continuity program.
Coordinate disaster recovery planning activities; disaster recovery training and exercise, IT disaster recovery exercise and updates.
Perform prize verification process and supporting tasks as required.
Perform duties as system administrator for raffle game(s) as required.
Other duties may be required based on supplementary assignments.
Note - This position requires in-office work three days per week including Tuesday and Wednesday.
Minimum Qualifications
The person selected for this position will have:
Bachelor's degree in information systems, computer science, or related field required.
Five or more years of information security governance, risk, compliance and third-party vendor oversight activities.
Knowledge of information security principles, policies and procedures, and Risk Management Frameworks. Working knowledge of business, applications, and technology as applied to information security. Knowledge of information assurance principles and organizational requirements that are relevant to confidentiality, integrity, and availability. Demonstrated ability to plan, develop, coordinate, and manage multiple security initiatives in a technologically diverse environment. Demonstrated ability to interact successfully with senior management, regulatory and compliance managers, and external vendors. Knowledge of new and emerging Information Technology and Security strategies. Knowledge of federal, state, agency, and other regulatory agents' policies, regulations, and standards.
Experience in developing and maintaining an enterprise information security program.
Experience in working with internal and external stakeholders to develop and maintain Risk Assessments, System Security Plans, and other IT security governance, risk, and compliance documentation.
Thorough understanding of IT security controls, specifically NIST 800-53 and Commonwealth of Virginia IT security policies and standards, SEC530, SEC20.
Experience in business continuity planning.
Excellent interpersonal and communications skills, both oral and written.
Ability to develop and maintain policies and procedures.
Ability to work independently and as part of a team.
Expertise in effectively managing competing priorities.
Ability to maintain strict confidentiality of sensitive material.
A comparable amount of training and experience may be substituted for the minimum qualifications
Additional Considerations
Advanced degree in Computer Science, Information Technology or relevant field.
Recognized certifications from CompTIA, ISC2, ISACA or SANS Global Information
Assurance Certification (GIAC) credentials.
Lottery experience preferred.
Special Instructions
You will be provided a confirmation of receipt when your application and/or rsum is submitted successfully. Please refer to "Your Application" in your account to check the status of your application for this position.
The selected candidate will be required to complete a background investigation and possess a valid Driver's License. Minimum travel required. Must be willing to work some nights and weekends as needed. Requires in-person work three (3) days a week including Tuesday and Wednesday.
The Virginia Lottery is an independent state agency, and as such all positions are exempt from the Virginia Personnel Act, as well as most Executive Branch human resources policies. The Virginia Lottery is a fun place to work and values diversity in the workforce. We offer a competitive salary and excellent benefits. The Virginia Lottery is an Equal Opportunity Employer. Only online applications completed in their entirety will be accepted for this position. The Virginia Lottery will provide, if requested, reasonable accommodation to applicants in need of accommodation in order to provide access to the application and/or interview process. If any assistance is needed when applying online, please contact the Virginia Lottery's Human Resources Department at . Applications will be accepted until a suitable pool of candidates is received. After 5 business days, this position may be closed at any time.
Contact Information
Name: Human Resources
Phone:
Email: N/A
In support of the Commonwealth's commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .
Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.