Overview
On Site
USD 160,000.00 - 170,000.00 per year
Full Time
Skills
FLSA
Recruiting
Innovation
Assembly
WAR
Information Technology
Internal Auditing
Computer Science
Information Security
CISSP
CISM
CISA
Security+
ITIL
Information Security Governance
IT Infrastructure
HR Management
Supervision
Security Engineering
NIST 800-53
ISO/IEC 27001:2005
PCI DSS
HIPAA
Gramm-Leach-Bliley Act
Internet Security
Security Controls
Security Architecture
Network
Identity Management
Higher Education
Research
Data Security
Threat Analysis
Risk Management
Risk Assessment
Vulnerability Management
IT Security
Firewall Administration
SIEM
Penetration Testing
Data Loss Prevention
DLP
Program Development
IT Governance
Audit Management
Auditing
Reporting
Cloud Security
Amazon Web Services
Microsoft Azure
Google Cloud
Google Cloud Platform
Virtualization
Endpoint Protection
Forensics
Team Building
Mentorship
Leadership Development
Succession Planning
Vendor Management
Regulatory Compliance
Procurement
Strategic Thinking
Stakeholder Engagement
Collaboration
Crisis Management
Conflict Resolution
Incident Management
Cyber Security
Articulate
Communication
Coaching
Change Management
Performance Management
Facilitation
Problem Solving
Critical Thinking
IBM Rational
Management
Strategic Management
Project Management
Leadership
Videoconferencing
System Integration Testing
Typing
Training
Professional Development
Job Details
Title: Chief Information Security Officer
Agency: VCCS-System Office
Location: Richmond (City) - 760
FLSA: Exempt
Hiring Range: $160,000 - $170,000
Full Time or Part Time: Full Time
Additional Detail
Job Description:
Virginia's community colleges have a 50-year track record of educational excellence and innovation to serve the needs of our citizens and strengthen the Commonwealth's economy. When Virginia's General Assembly established the Virginia Community College System in 1966, the need for a comprehensive system was well known. Over the two decades after the end of World War II, leaders in government, business, professional sectors, and academia had called for a new approach to providing educational opportunity. A key concern was Virginia's ability to develop a skilled and knowledgeable workforce to expand the state's economy. Today our community colleges give every Virginian the opportunity to gain a quality education. With 23 colleges on 40 campuses located throughout the state, Virginia's Community Colleges are committed to serving Virginia families, helping them acquire the knowledge and skills to seize the opportunities of today and tomorrow.
The Chief Information Security Officer (CISO) role at VCCS offers a unique opportunity to lead and inspire a single comprehensive cybersecurity strategy across 23 community colleges and 2 support organizations, ensuring the protection of vital educational and institutional assets while fostering a culture of security and resilience. The CISO collaborates with AVC for infrastructure security engineers, policy development, incident response, and regulatory compliance efforts across VCCS's enterprise-wide IT infrastructure. The role includes oversight of security risk assessments, audit response, security architecture, third-party risk management, and emerging cybersecurity threats. Additionally, the CISO collaborates with the AVC for Applications and Integration Technologies to ensure that software applications and integrated data across systems are seamless and that operations are secure throughout the VCCS network.
The CISO is responsible for aligning VCCS security practices with:
NIST 800-53 and NIST Cybersecurity Framework (CSF)
Center for Internet Security (CIS) Controls and Benchmarks
Commonwealth of Virginia Information Technology Agency (VITA) security policies
Higher education cybersecurity standards (e.g., EDUCAUSE, REN-ISAC)
Federal regulations, including FERPA, HIPAA, PCI-DSS, and GLBA compliance
The CISO supports the strategic direction established by the CIO, VCCS executive leadership, and relevant VCCS governance bodies. The role leads a team of staff members supporting cybersecurity responsibilities.
The role requires active collaboration with internal audit, college IT departments, faculty technology committees, and state cybersecurity leaders to strengthen security postures across the academic enterprise.
Minimum Qualifications:
Education and Experience
Faculty Equivalent position requires a Master's degree. (preferred Computer Science, Cybersecurity, Information Security, or a related field required and experience in cybersecurity leadership).
CISSP, CISM, or CISA certification required.
Other IT certifications preferred: Security+, ITIL.
Experience
10+ years of progressively responsible experience in cybersecurity leadership, security governance, enterprise risk management, IT security, IT infrastructure design and personnel management.
Proven experience leading enterprise cybersecurity programs in complex distributed organizations, including managing cybersecurity teams and supervising senior security professionals such as a Deputy CISO.
Higher education experience with understanding student data protection regulations and laws, academic IT security, research security concerns, and direct, hands-on experience managing and leading academic technology programs in higher education.
Experience managing large-scale cybersecurity programs in compliance with NIST, ISO 27001 (as we transition away from), and state IT security frameworks.
Hands-on experience with security engineering, SIEM solutions, IAM frameworks, and regulatory compliance.
Knowledge of Virginia IT Agency (VITA) governance structures and VITA security policies is preferred.
Knowledge
Cybersecurity Frameworks & Compliance: In-depth understanding of NIST 800-53, NIST Cybersecurity Framework (CSF), Center for Internet Security (CIS) Controls, ISO 27001 (as we transition away), PCI-DSS, FERPA, HIPAA, GLBA, and VITA security standards.
Center for Internet Security (CIS) Controls: Expertise in implementing CIS benchmarks and security controls to safeguard VCCS systems against cyber threats.
Enterprise Security Architecture: Knowledge of zero-trust security models, network segmentation, identity and access management (IAM), and cloud security best practices.
Cybersecurity vendors, products, and services: Knowledge of leading cybersecurity products and their potential role in a holistic cybersecurity architecture strategy.
Higher Education IT Security: Familiarity with academic IT environments, research security, student data protection (FERPA compliance), and cybersecurity risks unique to educational institutions.
Threat Intelligence & Risk Management: Strong foundation in threat detection, risk assessment methodologies, vulnerability management, and incident response strategies.
IT Security Operations & Engineering: Experience with firewall management, SIEM platforms, endpoint protection, penetration testing, and data loss prevention (DLP) strategies.
Skills
Security Program Development: Ability to develop, implement, and maintain a system-wide cybersecurity strategy that aligns with VCCS IT governance, NIST guidelines, CIS controls, and state security mandates.
Regulatory Compliance & Audit Management: Strong experience in audit preparation, compliance tracking, and reporting to state (VITA, JLARC, SCHEV), federal, and accrediting bodies.
Technical Proficiency: Skilled in cloud security (AWS, Azure, Google Cloud), virtualization, endpoint security, and hybrid infrastructure security.
Incident Response & Forensics: Proficient in developing incident response plans, leading forensic investigations, and ensuring rapid containment and remediation of security breaches.
Leadership & Team Development: Supervise, mentor, and provide professional development opportunities for the Deputy CISO and cybersecurity staff to build a high-performing security team. Foster a culture of continuous learning, leadership development, and succession planning to ensure long-term cybersecurity leadership continuity within VCCS.
Project & Vendor Management: Ability to assess, negotiate, and oversee security vendors, contracts, and technology procurements in compliance with state procurement policies.
Abilities
Strategic Thinking & Planning: Ability to align cybersecurity initiatives with VCCS's strategic IT objectives and statewide technology priorities.
Communication & Stakeholder Engagement: Capable of translating complex security concepts for executives, faculty, IT staff, and policymakers.
Cross-functional leadership: Proven ability to collaborate with college CIOs, faculty technology committees, and state agencies (VITA, SCHEV) to advance cybersecurity programs.
Crisis Management & Problem-Solving: Ability to make critical decisions in high-pressure situations and lead incident response efforts across multiple colleges.
Training & Awareness: Ability to design and deliver cybersecurity awareness programs, phishing simulations, and faculty/staff training.
Competencies
Communication: The ability to articulate thoughts and deliver information effectively using oral, written, visual, and non-verbal communication skills, as well as listening skills to gain understanding.
Coaching: The ability to facilitate skill development and improved performance by providing clear, specific feedback to others, understanding their goals, and working with them to achieve those goals.
Change Management: The ability to implement strategies for effecting change, delivering the message of change, and helping people adapt to change.
Managing Conflict: The ability to understand all sides of an issue, help others calmly move through emotional or tense situations, and achieve the best solution for everyone involved.
Performance Management: The ability to set realistic performance expectations, demonstrate awareness of others' work performance, provide regular feedback, and track performance progress.
Facilitating: The ability to impartially guide a group with an overall goal of reaching consensus, solving problems, or accomplishing tasks.
Diversity, Equity, and Inclusion: The ability to effectively manage and communicate across differences, identify and address barriers, and foster an inclusive, equitable work environment.
Critical Thinking: The ability to carefully consider multiple pieces of information, from a variety of sources and perspectives, to integrate into a rational and beneficial solution.
Interpersonal Skills: The ability to interact with others in a mutually respectful, genuine, direct, and supportive manner.
Strategic Management: The ability to formulate objectives and priorities and implement initiatives to bring value to the organization's long-term objectives.
Project Management: The ability to see the objective, the steps and resources needed to get there, ensure the timeline is followed, and provide the leadership necessary to impart the vision
Additional Considerations:
Ability to work at a computer workstation for extended periods up to eight hours per day.
Ability to speak on the telephone and/or communicate via video conference technology.
Ability to sit for extended periods without breaks.
Ability to perform repetitive movements, such as typing, and the use of commonly used office machines and supplies.
Ability to lift and move a minimum of 10 pounds.
Ability to communicate and present information in a clear manner.
Ability to travel independently.
Ability to travel within the Commonwealth of Virginia as needed for meetings and training.
Ability to travel outside the Commonwealth as necessary for conferences or professional development.
Agency: VCCS-System Office
Location: Richmond (City) - 760
FLSA: Exempt
Hiring Range: $160,000 - $170,000
Full Time or Part Time: Full Time
Additional Detail
Job Description:
Virginia's community colleges have a 50-year track record of educational excellence and innovation to serve the needs of our citizens and strengthen the Commonwealth's economy. When Virginia's General Assembly established the Virginia Community College System in 1966, the need for a comprehensive system was well known. Over the two decades after the end of World War II, leaders in government, business, professional sectors, and academia had called for a new approach to providing educational opportunity. A key concern was Virginia's ability to develop a skilled and knowledgeable workforce to expand the state's economy. Today our community colleges give every Virginian the opportunity to gain a quality education. With 23 colleges on 40 campuses located throughout the state, Virginia's Community Colleges are committed to serving Virginia families, helping them acquire the knowledge and skills to seize the opportunities of today and tomorrow.
The Chief Information Security Officer (CISO) role at VCCS offers a unique opportunity to lead and inspire a single comprehensive cybersecurity strategy across 23 community colleges and 2 support organizations, ensuring the protection of vital educational and institutional assets while fostering a culture of security and resilience. The CISO collaborates with AVC for infrastructure security engineers, policy development, incident response, and regulatory compliance efforts across VCCS's enterprise-wide IT infrastructure. The role includes oversight of security risk assessments, audit response, security architecture, third-party risk management, and emerging cybersecurity threats. Additionally, the CISO collaborates with the AVC for Applications and Integration Technologies to ensure that software applications and integrated data across systems are seamless and that operations are secure throughout the VCCS network.
The CISO is responsible for aligning VCCS security practices with:
NIST 800-53 and NIST Cybersecurity Framework (CSF)
Center for Internet Security (CIS) Controls and Benchmarks
Commonwealth of Virginia Information Technology Agency (VITA) security policies
Higher education cybersecurity standards (e.g., EDUCAUSE, REN-ISAC)
Federal regulations, including FERPA, HIPAA, PCI-DSS, and GLBA compliance
The CISO supports the strategic direction established by the CIO, VCCS executive leadership, and relevant VCCS governance bodies. The role leads a team of staff members supporting cybersecurity responsibilities.
The role requires active collaboration with internal audit, college IT departments, faculty technology committees, and state cybersecurity leaders to strengthen security postures across the academic enterprise.
Minimum Qualifications:
Education and Experience
Faculty Equivalent position requires a Master's degree. (preferred Computer Science, Cybersecurity, Information Security, or a related field required and experience in cybersecurity leadership).
CISSP, CISM, or CISA certification required.
Other IT certifications preferred: Security+, ITIL.
Experience
10+ years of progressively responsible experience in cybersecurity leadership, security governance, enterprise risk management, IT security, IT infrastructure design and personnel management.
Proven experience leading enterprise cybersecurity programs in complex distributed organizations, including managing cybersecurity teams and supervising senior security professionals such as a Deputy CISO.
Higher education experience with understanding student data protection regulations and laws, academic IT security, research security concerns, and direct, hands-on experience managing and leading academic technology programs in higher education.
Experience managing large-scale cybersecurity programs in compliance with NIST, ISO 27001 (as we transition away from), and state IT security frameworks.
Hands-on experience with security engineering, SIEM solutions, IAM frameworks, and regulatory compliance.
Knowledge of Virginia IT Agency (VITA) governance structures and VITA security policies is preferred.
Knowledge
Cybersecurity Frameworks & Compliance: In-depth understanding of NIST 800-53, NIST Cybersecurity Framework (CSF), Center for Internet Security (CIS) Controls, ISO 27001 (as we transition away), PCI-DSS, FERPA, HIPAA, GLBA, and VITA security standards.
Center for Internet Security (CIS) Controls: Expertise in implementing CIS benchmarks and security controls to safeguard VCCS systems against cyber threats.
Enterprise Security Architecture: Knowledge of zero-trust security models, network segmentation, identity and access management (IAM), and cloud security best practices.
Cybersecurity vendors, products, and services: Knowledge of leading cybersecurity products and their potential role in a holistic cybersecurity architecture strategy.
Higher Education IT Security: Familiarity with academic IT environments, research security, student data protection (FERPA compliance), and cybersecurity risks unique to educational institutions.
Threat Intelligence & Risk Management: Strong foundation in threat detection, risk assessment methodologies, vulnerability management, and incident response strategies.
IT Security Operations & Engineering: Experience with firewall management, SIEM platforms, endpoint protection, penetration testing, and data loss prevention (DLP) strategies.
Skills
Security Program Development: Ability to develop, implement, and maintain a system-wide cybersecurity strategy that aligns with VCCS IT governance, NIST guidelines, CIS controls, and state security mandates.
Regulatory Compliance & Audit Management: Strong experience in audit preparation, compliance tracking, and reporting to state (VITA, JLARC, SCHEV), federal, and accrediting bodies.
Technical Proficiency: Skilled in cloud security (AWS, Azure, Google Cloud), virtualization, endpoint security, and hybrid infrastructure security.
Incident Response & Forensics: Proficient in developing incident response plans, leading forensic investigations, and ensuring rapid containment and remediation of security breaches.
Leadership & Team Development: Supervise, mentor, and provide professional development opportunities for the Deputy CISO and cybersecurity staff to build a high-performing security team. Foster a culture of continuous learning, leadership development, and succession planning to ensure long-term cybersecurity leadership continuity within VCCS.
Project & Vendor Management: Ability to assess, negotiate, and oversee security vendors, contracts, and technology procurements in compliance with state procurement policies.
Abilities
Strategic Thinking & Planning: Ability to align cybersecurity initiatives with VCCS's strategic IT objectives and statewide technology priorities.
Communication & Stakeholder Engagement: Capable of translating complex security concepts for executives, faculty, IT staff, and policymakers.
Cross-functional leadership: Proven ability to collaborate with college CIOs, faculty technology committees, and state agencies (VITA, SCHEV) to advance cybersecurity programs.
Crisis Management & Problem-Solving: Ability to make critical decisions in high-pressure situations and lead incident response efforts across multiple colleges.
Training & Awareness: Ability to design and deliver cybersecurity awareness programs, phishing simulations, and faculty/staff training.
Competencies
Communication: The ability to articulate thoughts and deliver information effectively using oral, written, visual, and non-verbal communication skills, as well as listening skills to gain understanding.
Coaching: The ability to facilitate skill development and improved performance by providing clear, specific feedback to others, understanding their goals, and working with them to achieve those goals.
Change Management: The ability to implement strategies for effecting change, delivering the message of change, and helping people adapt to change.
Managing Conflict: The ability to understand all sides of an issue, help others calmly move through emotional or tense situations, and achieve the best solution for everyone involved.
Performance Management: The ability to set realistic performance expectations, demonstrate awareness of others' work performance, provide regular feedback, and track performance progress.
Facilitating: The ability to impartially guide a group with an overall goal of reaching consensus, solving problems, or accomplishing tasks.
Diversity, Equity, and Inclusion: The ability to effectively manage and communicate across differences, identify and address barriers, and foster an inclusive, equitable work environment.
Critical Thinking: The ability to carefully consider multiple pieces of information, from a variety of sources and perspectives, to integrate into a rational and beneficial solution.
Interpersonal Skills: The ability to interact with others in a mutually respectful, genuine, direct, and supportive manner.
Strategic Management: The ability to formulate objectives and priorities and implement initiatives to bring value to the organization's long-term objectives.
Project Management: The ability to see the objective, the steps and resources needed to get there, ensure the timeline is followed, and provide the leadership necessary to impart the vision
Additional Considerations:
Ability to work at a computer workstation for extended periods up to eight hours per day.
Ability to speak on the telephone and/or communicate via video conference technology.
Ability to sit for extended periods without breaks.
Ability to perform repetitive movements, such as typing, and the use of commonly used office machines and supplies.
Ability to lift and move a minimum of 10 pounds.
Ability to communicate and present information in a clear manner.
Ability to travel independently.
Ability to travel within the Commonwealth of Virginia as needed for meetings and training.
Ability to travel outside the Commonwealth as necessary for conferences or professional development.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.