Chief Information Security Officer (CISO)

Title: Chief Information Security Officer (CISO)

State Role Title:Info Technology Manager II

Hiring Range: Up to $185000

Pay Band: 7

Agency: Dept Behavioral Health/Develop

Location:Central Office

Agency Website:

Recruitment Type: General Public - G

Job Duties

The Department of Behavioral Health and Developmental Services (DBHDS) is seeking a dynamic and experienced information security and privacy leader to serve as the Chief Information Security Officer (CISO). This position is responsible for developing managing and ensuring an efficient and effective information security and privacy program that safeguards the agencys information assets and supports the compliance with all applicable federal and Commonwealth laws and regulations. This position oversees the agencys security policies risk management compliance and cybersecurity operations to ensure protection detection and corrective controls for all IT systems.

Additional responsibilities include:
Providing strategic leadership for enterprise-wide cybersecurity privacy and IT governance risk and compliance (GRC) programs.
Designing and implementing policies standards and risk management frameworks aligned with Commonwealth security standards and HIPAA requirements.
Overseeing the agencys incident response vulnerability management and cloud security ensuring protection detection and corrective controls for all IT systems and cloud environments.
Leading the agencys initiatives in AI governance and emerging technology oversight establishing responsible AI policies risk assessments and controls to ensure ethical secure and compliant adoption of artificial intelligence and automation technologies across DBHDS systems.
Supervising professional staff responsible for implementing technical safeguards conducting risk assessments managing investigations and delivering security and privacy awareness training to maintain a secure compliant and resilient technology environment.
Advising the Executive Leadership Team on cybersecurity privacy and risk posture.
Developing data protection strategies and ensuring business continuity and incident recovery plans align with enterprise risk tolerance.

Minimum Qualifications

Considerable experience in information security information systems review or related technology fields.
Demonstrated knowledge of information security and privacy practices IT governance risk management and compliance frameworks (e.g. NIST ISO 27001 HIPAA ARMICS VITA SEC-530)
Proven experience implementing and managing cloud security controls in cloud environments including IAM monitoring and shared responsibility compliance.
Ability to lead enterprise cybersecurity operations manage incident response and oversee vulnerability and threat management programs.
Knowledge of cloud security architectures shared responsibility models and cloud-native risk mitigation strategies.
Experience establishing or managing AI governance frameworks or oversight committees related to data ethics model transparency and security of AI systems.
Proven ability to lead teams and supervise staff performing cybersecurity and risk management functions.
Strong communication analytical and problem-solving skills with the ability to interact effectively with technical executive stakeholders and oversight entities.

Additional Considerations

Certification as an Information Systems Security Professional (CISSP) Information Security Manager (CISM) or Information Systems Auditor (CISA).
Experience working in state or public sector information security programs.
Familiarity with HIPAA ARMICS and NIST security standards.
Experience building or maturing governance risk and compliance (GRC) programs and reporting metrics to executive leadership or board-level committees.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to Your Application in your account to check the status of your application for this position.

This position is eligible however not guaranteed for telework opportunities; availability hours and duration of telework shall be approved as outlined in the Commonwealth telework policy.

For consideration interested applicants must apply by completing the online application. A resume may also be included with your submission. However emailed faxed and hand-delivered applications and/or resumes will not be accepted. This position is open until filled; however applications/resumes will begin to be reviewed within seven (7) business days of the date of this posting. Reasonable accommodations are available to persons with disabilities during application and/or interview processes per the Americans with Disabilities Act.

DBHDS welcomes all applicants authorized to work in the U.S. For more information on how to seek this authorization please refer to Working in the United States or contact the U.S. Citizenship and Immigration Services office directly.

For any technical assistance with the website please contact

Contact Information

Name: ShaKiera Miles

Phone: N/A

Email: - Inquiries Only/No Submissions to include resumes.

In support of the Commonwealths commitment to inclusion we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS) or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation if applicable to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1 2022- February 29 2024 can still use that COD as applicable documentation for the Alternative Hiring Process.