Overview
On Site
USD 130,000.00 - 170,000.00 per year
Full Time
Skills
Information Technology
SEC
IT Security
IT Security Audit
Cyber Security
Security Operations
Intrusion Detection
Information Security
Auditing
Inventory
Internal Control
Policies and Procedures
Data Processing
Corrective And Preventive Action
Regulatory Compliance
Artificial Intelligence
Risk Assessment
Sourcing
Supplier Relationship Management
Reporting
Privacy
Leadership
Management
Coaching
Telecommuting
Professional Development
Training
Job Details
Additional Detail
Information Security & Privacy Officer
Anticipated Starting Salary Range: $130,000 - $170,000
Starting Salary Commensurate with Qualifications and Experience
The State Corporation Commission (SCC) seeks an Information Security & Privacy Officer to direct and manage our information security compliance program. The selected candidate will ensure that the SCC's information security compliance program complies with the Virginia Information Technology Agency (VITA) security polices and standards (SEC 530), and the National Institute of Standards and Technology (NIST) industry regulations. The Information Security & Privacy Officer will also perform privacy functions to ensure compliance with federal and state confidentiality regulations and privacy laws.
Essential Functions of the Information Security & Privacy Officer position include the following:
developing, maintaining, and updating SCC policies and standards applicable to information and IT security and the protection of personal data and data breach incident responses
overseeing a 3-year IT Security Audit Plan and Risk Assessment Plan for the SCC
managing and conducting risk assessments, risk treatment plans, risk assessment reports, and corrective action plans
updating and managing an information security awareness and training program for employees, contractors, and IT service providers
overseeing cybersecurity awareness campaigns and recommending privacy awareness campaigns, training, and orientation for all employees
serving as the SCC liaison with VITA and preparing applicable reports for VITA
collaborating with the SCC's Security Operations team to identify technology and processes that will protect the confidentiality, integrity, and availability of IT systems and data from unauthorized access and intrusion attempts
managing security audits, to include reviewing and approving all information security compliance audit reports for compliance
managing systems inventory and classification for data and IT systems to ensure they are classified appropriately for sensitivity
designing, developing, and implementing internal controls and procedures based on new and existing technologies, statutes, regulations, and administrative or VITA policies and procedures
collaborating with the SCC's Chief Administrative Counsel on information privacy matters
implementing and maintaining an internal reporting mechanism for intended personal data processing activities
monitoring for division adherence to the privacy program's requirements and identifying trends in privacy, regulatory requirements, and compliance enforcement
collaborating with and assisting SCC divisions and ITD technology areas to address security risks, determine potential privacy problems in new technologies, develop corrective action plans for identified privacy compliance issues, and to develop, implement, and maintain a privacy program
participating in artificial intelligence platform risk assessment and monitoring
working with the SCC's sourcing and supplier management team to ensure that supplier contracts and operating-level agreements meet privacy requirements
reporting agency security threats, risks, and privacy findings in a structural, transparent and business-relevant manner to SCC leadership, the CAO, and Chief Administrative Counsel
managing, coaching, developing, training, and evaluating staff
performing related work as required
This position offers a hybrid work schedule (some in-office and telework days each week) as well as a variety of professional development and training opportunities.
Please Note: SCC only accepts applications received through its career center site. Applications submitted through Virginia Jobs site directly will not be considered.
For more information and to apply for this position directly on the SCC Career Center website, click the Additional Detail button on this page.
To view all current SCC job openings, visit the SCC Career Center website and click the Search button under Job Search.
Information Security & Privacy Officer
Anticipated Starting Salary Range: $130,000 - $170,000
Starting Salary Commensurate with Qualifications and Experience
The State Corporation Commission (SCC) seeks an Information Security & Privacy Officer to direct and manage our information security compliance program. The selected candidate will ensure that the SCC's information security compliance program complies with the Virginia Information Technology Agency (VITA) security polices and standards (SEC 530), and the National Institute of Standards and Technology (NIST) industry regulations. The Information Security & Privacy Officer will also perform privacy functions to ensure compliance with federal and state confidentiality regulations and privacy laws.
Essential Functions of the Information Security & Privacy Officer position include the following:
developing, maintaining, and updating SCC policies and standards applicable to information and IT security and the protection of personal data and data breach incident responses
overseeing a 3-year IT Security Audit Plan and Risk Assessment Plan for the SCC
managing and conducting risk assessments, risk treatment plans, risk assessment reports, and corrective action plans
updating and managing an information security awareness and training program for employees, contractors, and IT service providers
overseeing cybersecurity awareness campaigns and recommending privacy awareness campaigns, training, and orientation for all employees
serving as the SCC liaison with VITA and preparing applicable reports for VITA
collaborating with the SCC's Security Operations team to identify technology and processes that will protect the confidentiality, integrity, and availability of IT systems and data from unauthorized access and intrusion attempts
managing security audits, to include reviewing and approving all information security compliance audit reports for compliance
managing systems inventory and classification for data and IT systems to ensure they are classified appropriately for sensitivity
designing, developing, and implementing internal controls and procedures based on new and existing technologies, statutes, regulations, and administrative or VITA policies and procedures
collaborating with the SCC's Chief Administrative Counsel on information privacy matters
implementing and maintaining an internal reporting mechanism for intended personal data processing activities
monitoring for division adherence to the privacy program's requirements and identifying trends in privacy, regulatory requirements, and compliance enforcement
collaborating with and assisting SCC divisions and ITD technology areas to address security risks, determine potential privacy problems in new technologies, develop corrective action plans for identified privacy compliance issues, and to develop, implement, and maintain a privacy program
participating in artificial intelligence platform risk assessment and monitoring
working with the SCC's sourcing and supplier management team to ensure that supplier contracts and operating-level agreements meet privacy requirements
reporting agency security threats, risks, and privacy findings in a structural, transparent and business-relevant manner to SCC leadership, the CAO, and Chief Administrative Counsel
managing, coaching, developing, training, and evaluating staff
performing related work as required
This position offers a hybrid work schedule (some in-office and telework days each week) as well as a variety of professional development and training opportunities.
Please Note: SCC only accepts applications received through its career center site. Applications submitted through Virginia Jobs site directly will not be considered.
For more information and to apply for this position directly on the SCC Career Center website, click the Additional Detail button on this page.
To view all current SCC job openings, visit the SCC Career Center website and click the Search button under Job Search.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.