The SCC only accepts applications directly through its career center website at https://careercenter.scc.virginia.gov.
Applications received through Jobs.Virginia.Gov will not be considered.
Title: Information Security & Privacy Officer
State Role Title: Salary Non-Specified
Hiring Range: $130,000 - $170,000
Pay Band: UG
Agency: State Corporation Commission
Location: Richmond, Virginia
Agency Website: www.scc.virginia.gov
Recruitment Type: General Public - G
The State Corporation Commission (SCC) seeks an Information Security & Privacy Officer to direct and manage our information security compliance program. The selected candidate will ensure that the SCC’s information security compliance program complies with the Virginia Information Technology Agency (VITA) security polices and standards (SEC 530), and the National Institute of Standards and Technology (NIST) industry regulations. The Information Security & Privacy Officer will also perform privacy functions to ensure compliance with federal and state confidentiality regulations and privacy laws.
Essential Functions of the Information Security & Privacy Officer position include the following:
• developing, maintaining, and updating SCC policies and standards applicable to information and IT security and the protection of personal data and data breach incident responses
• overseeing a 3-year IT Security Audit Plan and Risk Assessment Plan for the SCC
• managing and conducting risk assessments, risk treatment plans, risk assessment reports, and corrective action plans
• updating and managing an information security awareness and training program for employees, contractors, and IT service providers
• overseeing cybersecurity awareness campaigns and recommending privacy awareness campaigns, training, and orientation for all employees
• serving as the SCC liaison with VITA and preparing applicable reports for VITA
• collaborating with the SCC’s Security Operations team to identify technology and processes that will protect the confidentiality, integrity, and availability of IT systems and data from unauthorized access and intrusion attempts
• managing security audits, to include reviewing and approving all information security compliance audit reports for compliance
• managing systems inventory and classification for data and IT systems to ensure they are classified appropriately for sensitivity
• designing, developing, and implementing internal controls and procedures based on new and existing technologies, statutes, regulations, and administrative or VITA policies and procedures
• collaborating with the SCC’s Chief Administrative Counsel on information privacy matters
• implementing and maintaining an internal reporting mechanism for intended personal data processing activities
• monitoring for division adherence to the privacy program’s requirements and identifying trends in privacy, regulatory requirements, and compliance enforcement
• collaborating with and assisting SCC divisions and ITD technology areas to address security risks, determine potential privacy problems in new technologies, develop corrective action plans for identified privacy compliance issues, and to develop, implement, and maintain a privacy program
• participating in artificial intelligence platform risk assessment and monitoring
• working with the SCC’s sourcing and supplier management team to ensure that supplier contracts and operating-level agreements meet privacy requirements
• reporting agency security threats, risks, and privacy findings in a structural, transparent and business-relevant manner to SCC leadership, the CAO, and Chief Administrative Counsel
• managing, coaching, developing, training, and evaluating staff
• performing related work as required
Preferred Qualifications
• 8 or more years of relevant professional experience in information systems security management; familiarity with artificial intelligence platform risk assessment and monitoring; and management of professional staff
• Bachelor’s degree in a related field
• COV ISO certification strongly preferred, Certified Information Privacy Manager (CIPM) or related data privacy certification is a plus
• Thorough knowledge of cybersecurity and privacy principles including state and federal privacy regulations and laws, VITA Security policies and standards (SEC 530), and NIST industry regulations and standards
• Thorough knowledge of system architecture concepts including on-premises, hybrid, and cloud computing models
• Thorough knowledge of new and emerging IT and information security technologies
• Thorough knowledge of operating systems and/or systems software in information security
• Thorough knowledge of issue identification, problem resolution, privacy data breach incident response, vulnerabilities, risks, and risk management
• Considerable knowledge in analyzing data to determine privacy protection
• Strong leadership and performance management skills
• Ability to manage, coach, develop, train, and evaluate staff
• Ability to design secure solutions and apply appropriate Defense-in-Depth security controls for on premise, hybrid, and cloud solutions
• Ability to prepare documentation, processes, and procedures
• Ability to develop and maintain policies and standards for information and IT security
• Ability to analyze systems, identify complex information security issues, and develop workable solutions
• Ability to interpret and apply complex policies and standards relative to information security and risk management
• Ability to detect major threats at all stages of attack (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining of access, network exploitation and in covering of tracks)
• Ability to explain and present technical matters clearly and effectively in both a technical and non-technical manner
• Excellent communication skills including the ability to express and understand ideas clearly, both orally and in writing
• Excellent attention to detail, research abilities, and interpersonal skills
• Highly self-motivated and proven analytical, evaluative, and problem-solving abilities.
• Ability to establish and maintain effective working relationships with Commission staff, industry personnel, and the general public
Special Instructions
You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.
The SCC only accepts applications directly through its career center website at https://careercenter.scc.virginia.gov. Applications received through Jobs.Virginia.Gov will not be considered.
Located in downtown Richmond, Virginia, the SCC is a state agency with regulatory authority over many business and economic interests in Virginia. More information about the SCC may be found on our website: www.scc.virginia.gov.
The SCC offers rewarding, impactful public-service work; flexible telework options and work-life balance; and professional development opportunities. The SCC fosters a high-performing workforce with a commitment to diversity and inclusion, collaboration, and alignment with the SCC’s mission and strategic goals. Core benefits provided to SCC employees include competitive health and life insurance programs, pre-tax spending accounts, leave programs, and paid holidays. Employees participate in a state retirement plan with options for tax-deferred retirement savings including employer matching. The state also funds a short and long-term disability program.
The SCC regulates various companies and industries in Virginia; therefore, to avoid any conflict, employees are required to sign a Conflict of Interest Form and must dispose of any stock they hold in a regulated company or dispose of any licenses or certificates they hold in any industry regulated by the SCC unless otherwise permitted. Employees also shall report employment of household members by a regulated company. An incumbent of this position is required to complete the Statement of Economic Interests Form.
The SCC does not provide employer sponsorship. We use the E-Verify system to confirm identity and work authorization.
The SCC is an Equal Opportunity Employer.
As a Virginia Values Veterans (V3) Certified Employer, we value and encourage veterans and members of the Reserves and National Guard to apply.
The information you submit must clearly demonstrate your experience and qualifications as they relate to this position. Interview consideration is based on the information submitted online.
If requested, the SCC will provide reasonable accommodation to applicants in need of accommodation in order to provide access to the application and interview process. A background investigation is conducted on the selected candidate as a condition of employment. This position is exempt from the provisions of the Fair Labor Standards Act.
This position is classified in the SCC Salary Structure as a Grade P-15 and is exempt from the provisions of the Fair Labor Standards Act (FLSA).
How to Apply
This position will remain open until filled. Qualified candidates are encouraged to apply directly to the SCC Career Center website careercenter.scc.virginia.gov. Please note: Applications received through Jobs.Virginia.Gov will not be considered.
Contact Information
Name: Whitney Mays, Recruitment Manager
Phone: 804-371-9053
Email: whitney.mays@scc.virginia.gov
In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.
Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.