Title: Information Security Specialist

Hiring Range: $88,000 - $114,700

Pay Band: UG

Agency: Virginia Lottery

Location: Virginia Lottery

Agency Website: www.valottery.com

Recruitment Type: General Public - G

Job Duties

For more than three decades, the Virginia Lottery has worked to build a strong reputation, one synonymous with providing fun, entertaining experiences and doing so responsibly and with integrity. Proceeds from traditional Lottery games support K-12 public education in Virginia. Taxes generated by sports wagering and casino gaming, which are regulated by the Lottery, benefit other priorities of the Commonwealth.

The Virginia Lottery, an independent state agency, is currently seeking an Information Security Specialist to join our ITS and Operations Department. This position is located in Richmond, Virginia.

The Information Security Specialist will be responsible for ensuring the operational integrity, availability, and confidentiality of all Lottery data, networks, and computer systems supporting traditional lottery, iLottery, and Gaming Compliance operations, the protection of system data and operations from unauthorized modification or abuse. This is accomplished through policy, standards, and implementation of processes and controls through a variety of means, including testing systems and applications, monitoring system activity, coordinating system access control (physically and logically), creating\updating policies, third-party vendor risk management and analyzing system security architecture with other subject-matter experts in the Lottery Information Technology Security Committee (ITSC) and Security and Technical Architecture Review (STAR) teams that ensure we comply with the VITA Standards and §2.2-603 of the Code of Virginia. Actively collaborates with Lottery Leadership, VITA, and Information Security community to stay current with all trends, technology, and COV requirements.

The Information Security Specialist will:
• Periodically review policy and supporting processes and procedures to ensure that they align with risk management strategy objectives and priorities, COV policy and standards, as well as the high-level direction of the cybersecurity policy.
• Works with the Director of Information Security and Information Security Risk and Compliance Officer to complete, review, and update governance tasks such as risk assessments, system security plans, and data/system classification as needed.
• Collaborate with ITS on internal control requirements, best practices and compliance.
• Perform routine review, analysis, and testing of security controls to ensure alignment with IT security standards and ensure effectiveness.
• Develop and coordinate corrective action plans to internal and external audits and other information security assessments to ensure any gaps in security and compliance are corrected.
• Participate in the development and maintenance of the Lottery risk management program, part of the overall Lottery Information Security program, to include associated policies, procedures, and formalized application security testing processes.
• Coordinate with internal and external stakeholders to ensure Risk Assessments for sensitive systems are developed and reviewed in accordance with the Lottery Risk Assessment Plan.
• Coordinate risk analysis, assessment, and reporting activities.
• Perform updates and manage Lottery POA&M and compliance registers and assist with tracking remediation and closure of corrective actions.
• Implement cybersecurity supply chain risk management and third-party vendor risk management activities across the enterprise.
• Develop and maintain the Lottery Business Impact Analysis (BIA), Enterprise Business Continuity Plan, and documentation supporting the overall continuity program.
• Coordinate disaster recovery planning activities; disaster recovery training and exercise, IT disaster recovery exercise and updates.
• Perform prize verification process and supporting tasks as required.
• Perform duties as system administrator for raffle game(s) as required.

Other duties may be required based on supplementary assignments.

Note - This position requires in-office work three days per week including Tuesday and Wednesday.

Minimum Qualifications

The person selected for this position will have:

• Bachelor’s degree in information systems, computer science, or related field required.
• Five or more years of information security governance, risk, compliance and third-party vendor oversight activities.
• Knowledge of information security principles, policies and procedures, and Risk Management Frameworks. Working knowledge of business, applications, and technology as applied to information security. Knowledge of information assurance principles and organizational requirements that are relevant to confidentiality, integrity, and availability. Demonstrated ability to plan, develop, coordinate, and manage multiple security initiatives in a technologically diverse environment. Demonstrated ability to interact successfully with senior management, regulatory and compliance managers, and external vendors. Knowledge of new and emerging Information Technology and Security strategies. Knowledge of federal, state, agency, and other regulatory agents’ policies, regulations, and standards.
• Experience in developing and maintaining an enterprise information security program.
• Experience in working with internal and external stakeholders to develop and maintain Risk Assessments, System Security Plans, and other IT security governance, risk, and compliance documentation.
• Thorough understanding of IT security controls, specifically NIST 800-53 and Commonwealth of Virginia IT security policies and standards, SEC530, SEC20.
• Experience in business continuity planning.
• Excellent interpersonal and communications skills, both oral and written.
• Ability to develop and maintain policies and procedures.
• Ability to work independently and as part of a team.
• Expertise in effectively managing competing priorities.
• Ability to maintain strict confidentiality of sensitive material.

A comparable amount of training and experience may be substituted for the minimum qualifications

Additional Considerations

• Advanced degree in Computer Science, Information Technology or relevant field.
• Recognized certifications from CompTIA, ISC2, ISACA or SANS Global Information
Assurance Certification (GIAC) credentials.
• Lottery experience preferred.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

The selected candidate will be required to complete a background investigation and possess a valid Driver’s License. Minimum travel required. Must be willing to work some nights and weekends as needed. Requires in-person work three (3) days a week including Tuesday and Wednesday.

The Virginia Lottery is an independent state agency, and as such all positions are exempt from the Virginia Personnel Act, as well as most Executive Branch human resources policies. The Virginia Lottery is a fun place to work and values diversity in the workforce. We offer a competitive salary and excellent benefits. The Virginia Lottery is an Equal Opportunity Employer. Only online applications completed in their entirety will be accepted for this position. The Virginia Lottery will provide, if requested, reasonable accommodation to applicants in need of accommodation in order to provide access to the application and/or interview process. If any assistance is needed when applying online, please contact the Virginia Lottery’s Human Resources Department at (804) 692-7000. Applications will be accepted until a suitable pool of candidates is received. After 5 business days, this position may be closed at any time.

Contact Information

Name: Human Resources

Phone: 804-692-7000

Email: N/A

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.