Information Security Risk and Compliance Officer

Title: Information Security Risk and Compliance Officer

Hiring Range: $110388 - $141297

Pay Band: UG

Agency: Virginia Lottery

Location: Richmond VA

Agency Website:

Recruitment Type: General Public - G

Job Duties

For more than three decades the Virginia Lottery has worked to build a strong reputation one synonymous with providing fun entertaining experiences and doing so responsibly and with integrity. Proceeds from traditional Lottery games support K-12 public education in Virginia. Taxes generated by sports wagering and casino gaming which are regulated by the Lottery benefit other priorities of the Commonwealth.

The Virginia Lottery an independent state agency is currently seeking an Information Security Risk and Compliance Officer to join our Information Security Department. This position is located in Richmond Virginia.

The Information Security Risk and Compliance Officer will be responsible for the agency information security risk management program which is compliant with Commonwealth of Virginia Risk Management Framework found in SEC520 and SEC530. This is accomplished through policy standards and implementation of processes and controls through a variety of means including System and Data inventory & classification Business Impact Analysis (BIA) Risk Assessments (RA) for sensitive systems and System Security Plans (SSP). It also includes testing systems and applications monitoring system activity coordinating system access control (physically and logically) creating/updating policies and analyzing system security architecture with other subject-matter experts in the Lottery Information Technology Security Committee (ITSC) and Security and Technical Architecture Review (STAR) teams that ensure we comply with the VITA Standards and 2.2-603 of the Code of Virginia. Actively collaborates with Lottery Leadership VITA and Information Security community to stay current with all trends technology and COV requirements.

The Information Security Risk Officer duties include:
IT Security Governance Framework Program:
Establish and maintain a robust governance framework including clear roles and responsibilities for risk management.
Facilitate communication and collaboration between different departments regarding risk and compliance matters.
Develop key performance indicators (KPIs) to measure the effectiveness of GRC initiatives.
Defines updates and enforces security policies to reduce risk.
Performs and approves security reviews and recommendations on proposed and new software and hardware solutions.
Develop and maintain the Lottery Information Security program to include policies and procedures.

IT Security and Risk Management Program:
Responsible and accountable for the development and maintenance of the Lottery risk management program of the overall Lottery Information Security program to include associated policies procedures and formalized application security testing processes.
Responsible to prioritize risks based on severity and likelihood and develop mitigation strategies.
Responsible and accountable to ensure Risk Assessments for sensitive systems are developed and reviewed in accordance with the Lottery Risk Assessment Plan.
Responsible and accountable to create with internal stakeholders System Security Plans (SSPs) for each sensitive system.
Coordinate risk analysis assessment and reporting activities with vendors and internal stakeholders.
Perform security reviews on Lottery systems to ensure CIA best practices are being followed and maintained.

Compliance Management:
Monitor compliance with applicable laws regulations and COV controls.
Develop and maintain compliance policies and standards.
Maintain a centralized repository for policies and standards and ensure regular reviews and updates are conducted in a timely manner.
Conduct compliance assessments and reviews to identify gaps and ensure adherence.
Conduct quality assurance reviews and assess compliance with policies and standards.
Coordinate the Security Teams response to audit request.
Oversee audit readiness including documentation workflows and remediation tracking. Proactively monitor potential audit points/findings and coordinate remediation activity before they become audit findings.
Perform security reviews on Lottery systems to ensure CIA best practices are being followed and maintained.

Develop and maintain Business Continuity Program:
Develop and maintain the Lottery Business Impact Analysis (BIA) Enterprise Business Continuity Plan and documents supporting the overall continuity program. Coordinate and maintain the IT Disaster Recovery Plan (IT-DRP).
Coordinates Disaster recovery planning activities; disaster recovery training and exercise IT disaster recovery exercise and updates.

General department tasks:
Supporting tasks as required.
Perform other duties as assigned.

Note - This position requires in-office work three days per week including Tuesday and Wednesday.

Minimum Qualifications

The person selected for this position will have:
Bachelors Degree from an accredited 4-year college or university with major studies in Information Systems Computer Science or related field.
Five or more years of information security instruction and risk assessment training and experience working on project teams and meeting project deadlines.
Considerable knowledge of information security principles policies and procedures and Risk Management Frameworks.
Working knowledge of business applications and technology as applied to information security.
Knowledge of information assurance principles and organizational requirements that are relevant to confidentiality integrity and availability.
Demonstrated ability to plan develop coordinate and manage multiple security initiatives in a technologically diverse environment.
Experience in business continuity planning.
Excellent interpersonal and communications skills both oral and written.
Demonstrated ability to interact successfully with senior management regulatory and compliance managers and external vendors.
Knowledge of new and emerging Information Technology and Security strategies.
Knowledge of federal state agency and other regulatory agents policies regulations and standards.
Excellent understanding of IT security controls specifically NIST 800-53 and Commonwealth of Virginia IT security policies and standards.
Ability to maintain strict confidentiality of sensitive material.
Strong organizational planning and project management skills a plus.

Additional Considerations

Certification in information security from CompTIA ISC2 ISACA or SANS Global Information Assurance Certification (GIAC) credentials preferred.

Special Instructions

You will be provided a confirmation of receipt when your application and/or rsum is submitted successfully. Please refer to Your Application in your account to check the status of your application for this position.

The selected candidate will be required to complete a background investigation and possess a valid Drivers License. Must be willing to work some nights and weekends as needed. Requires in-person work three (3) days a week including Tuesday and Wednesday.

The Virginia Lottery is an independent state agency and as such all positions are exempt from the Virginia Personnel Act as well as most Executive Branch human resources policies. The Virginia Lottery is a fun place to work and values diversity in the workforce. We offer a competitive salary and excellent benefits. The Virginia Lottery is an Equal Opportunity Employer. Only online applications completed in their entirety will be accepted for this position. The Virginia Lottery will provide if requested reasonable accommodation to applicants in need of accommodation in order to provide access to the application and/or interview process. If any assistance is needed when applying online please contact the Virginia Lotterys Human Resources Department at . Applications will be accepted until a suitable pool of candidates is received. After 5 business days this position may be closed at any time.

Contact Information

Name: Human Resources

Phone:

Email: N/A

In support of the Commonwealths commitment to inclusion we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS) or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation if applicable to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1 2022- February 29 2024 can still use that COD as applicable documentation for the Alternative Hiring Process.