Employer Active
Job Alert
You will be updated with latest job alerts via emailJob Alert
You will be updated with latest job alerts via emailThe SCC only accepts applications directly through its career center website at .
Applications received through will not be considered.
Title: Information Security & Privacy Officer
State Role Title:Salary Non-Specified
Hiring Range: $130000 - $170000
Pay Band: UG
Agency: State Corporation Commission
Location: Richmond Virginia
Agency Website:
Recruitment Type: General Public - G
The State Corporation Commission (SCC) seeks an Information Security & Privacy Officer to direct and manage our information security compliance program. The selected candidate will ensure that the SCCs information security compliance program complies with the Virginia Information Technology Agency (VITA) security polices and standards (SEC 530) and the National Institute of Standards and Technology (NIST) industry regulations. The Information Security & Privacy Officer will also perform privacy functions to ensure compliance with federal and state confidentiality regulations and privacy laws.
Essential Functions of the Information Security & Privacy Officer position include the following:
developing maintaining and updating SCC policies and standards applicable to information and IT security and the protection of personal data and data breach incident responses
overseeing a 3-year IT Security Audit Plan and Risk Assessment Plan for the SCC
managing and conducting risk assessments risk treatment plans risk assessment reports and corrective action plans
updating and managing an information security awareness and training program for employees contractors and IT service providers
overseeing cybersecurity awareness campaigns and recommending privacy awareness campaigns training and orientation for all employees
serving as the SCC liaison with VITA and preparing applicable reports for VITA
collaborating with the SCCs Security Operations team to identify technology and processes that will protect the confidentiality integrity and availability of IT systems and data from unauthorized access and intrusion attempts
managing security audits to include reviewing and approving all information security compliance audit reports for compliance
managing systems inventory and classification for data and IT systems to ensure they are classified appropriately for sensitivity
designing developing and implementing internal controls and procedures based on new and existing technologies statutes regulations and administrative or VITA policies and procedures
collaborating with the SCCs Chief Administrative Counsel on information privacy matters
implementing and maintaining an internal reporting mechanism for intended personal data processing activities
monitoring for division adherence to the privacy programs requirements and identifying trends in privacy regulatory requirements and compliance enforcement
collaborating with and assisting SCC divisions and ITD technology areas to address security risks determine potential privacy problems in new technologies develop corrective action plans for identified privacy compliance issues and to develop implement and maintain a privacy program
participating in artificial intelligence platform risk assessment and monitoring
working with the SCCs sourcing and supplier management team to ensure that supplier contracts and operating-level agreements meet privacy requirements
reporting agency security threats risks and privacy findings in a structural transparent and business-relevant manner to SCC leadership the CAO and Chief Administrative Counsel
managing coaching developing training and evaluating staff
performing related work as required
Preferred Qualifications
8 or more years of relevant professional experience in information systems security management; familiarity with artificial intelligence platform risk assessment and monitoring; and management of professional staff
Bachelors degree in a related field
COV ISO certification strongly preferred Certified Information Privacy Manager (CIPM) or related data privacy certification is a plus
Thorough knowledge of cybersecurity and privacy principles including state and federal privacy regulations and laws VITA Security policies and standards (SEC 530) and NIST industry regulations and standards
Thorough knowledge of system architecture concepts including on-premises hybrid and cloud computing models
Thorough knowledge of new and emerging IT and information security technologies
Thorough knowledge of operating systems and/or systems software in information security
Thorough knowledge of issue identification problem resolution privacy data breach incident response vulnerabilities risks and risk management
Considerable knowledge in analyzing data to determine privacy protection
Strong leadership and performance management skills
Ability to manage coach develop train and evaluate staff
Ability to design secure solutions and apply appropriate Defense-in-Depth security controls for on premise hybrid and cloud solutions
Ability to prepare documentation processes and procedures
Ability to develop and maintain policies and standards for information and IT security
Ability to analyze systems identify complex information security issues and develop workable solutions
Ability to interpret and apply complex policies and standards relative to information security and risk management
Ability to detect major threats at all stages of attack (e.g. reconnaissance scanning enumeration gaining access escalation of privileges maintaining of access network exploitation and in covering of tracks)
Ability to explain and present technical matters clearly and effectively in both a technical and non-technical manner
Excellent communication skills including the ability to express and understand ideas clearly both orally and in writing
Excellent attention to detail research abilities and interpersonal skills
Highly self-motivated and proven analytical evaluative and problem-solving abilities.
Ability to establish and maintain effective working relationships with Commission staff industry personnel and the general public
Special Instructions
You will be provided a confirmation of receipt when your application and/or rsum is submitted successfully. Please refer to Your Application in your account to check the status of your application for this position.
The SCC only accepts applications directly through its career center website at . Applications received through will not be considered.
Located in downtown Richmond Virginia the SCC is a state agency with regulatory authority over many business and economic interests in Virginia. More information about the SCC may be found on our website: .
The SCC offers rewarding impactful public-service work; flexible telework options and work-life balance; and professional development opportunities. The SCC fosters a high-performing workforce with a commitment to diversity and inclusion collaboration and alignment with the SCCs mission and strategic goals. Core benefits provided to SCC employees include competitive health and life insurance programs pre-tax spending accounts leave programs and paid holidays. Employees participate in a state retirement plan with options for tax-deferred retirement savings including employer matching. The state also funds a short and long-term disability program.
The SCC regulates various companies and industries in Virginia; therefore to avoid any conflict employees are required to sign a Conflict of Interest Form and must dispose of any stock they hold in a regulated company or dispose of any licenses or certificates they hold in any industry regulated by the SCC unless otherwise permitted. Employees also shall report employment of household members by a regulated company. An incumbent of this position is required to complete the Statement of Economic Interests Form.
The SCC does not provide employer sponsorship. We use the E-Verify system to confirm identity and work authorization.
The SCC is an Equal Opportunity Employer.
As a Virginia Values Veterans (V3) Certified Employer we value and encourage veterans and members of the Reserves and National Guard to apply.
The information you submit must clearly demonstrate your experience and qualifications as they relate to this position. Interview consideration is based on the information submitted online.
If requested the SCC will provide reasonable accommodation to applicants in need of accommodation in order to provide access to the application and interview process. A background investigation is conducted on the selected candidate as a condition of employment. This position is exempt from the provisions of the Fair Labor Standards Act.
This position is classified in the SCC Salary Structure as a Grade P-15 and is exempt from the provisions of the Fair Labor Standards Act (FLSA).
How to Apply
This position will remain open until filled. Qualified candidates are encouraged to apply directly to the SCC Career Center website . Please note: Applications received through will not be considered.
Contact Information
Name: Whitney Mays Recruitment Manager
Phone:
Email:
In support of the Commonwealths commitment to inclusion we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS) or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation if applicable to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .
Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1 2022- February 29 2024 can still use that COD as applicable documentation for the Alternative Hiring Process.
Required Experience:
Unclear Seniority
Full-Time