Deputy Chief Information Security Officer

Job no: 535944
Position type: Administrative & Professional
Location: Blacksburg, Virginia
Division/Equivalent: Vice President-Info Technology
School/Unit: IT Security
Department/Office: 049300-IT Security
Categories: Information Systems / Technology

Apply now

Applications and Nominations

Virginia Tech has retained Next Generation Leadership Partners to support this search.
For full consideration, applicants should submit their original cover letters and resumes here by May 15th.

Inquiries and nominations should be directed to Phil Goldstein - phil@nextgenpartnersllc.com.

Position Overview

Virginia Tech seeks an experienced information security leader with a track record for helping large, complex organizations protect the privacy, availability and security of their digital assets.  The Deputy CISO supports the strategic direction, operational execution, and continuous improvement of the university’s cybersecurity program, ensuring the protection of institutional data, systems, research, and academic missions. The position oversees all aspects of security operations and incident response, supports the work of a peer leader overseeing identity services.

 

The Deputy CISO Position

The Deputy Chief Information Security Officer (Deputy CISO) serves as a senior leader within the institution’s information security program and reports to the Associate Vice President and Chief Information Security Officer (CISO).  The Deputy CISO will partner with the CISO to define and execute the institution’s cybersecurity strategy, roadmap, and priorities. This role will lead day-to-day operations of the information security program, ensuring alignment with institutional goals and academic values, and serve as acting CISO in the absence of the CISO.

Virginia Tech is in the midst of implementing an institutional technology plan that is enhancing administrative applications, data platforms, the IT customer experience, and data protections and uses.  Likewise, working with campus partners, the Division of IT is expanding support for research and instruction and enabling effective and ethical adoption of AI.  Effective information security is a foundational element of all dimensions of the strategy.

Position Responsibilities

This role bridges strategy and operations, translating institutional risk tolerance, policy, and regulatory requirements into effective security practices across academic, research, and administrative environments.

 

Cybersecurity Operations & Incident Response

  • Provide oversight of security operations, including monitoring, detection, vulnerability management, and incident response.
  • Help establish metrics and reporting to measure program effectiveness and risk posture.
  • Help oversee institutional cybersecurity risk management activities, including risk assessments, risk acceptance, and mitigation planning.
  • Contribute to enterprise risk management (ERM) efforts and executive-level risk reporting.
  • Help ensure incident response plans are maintained, tested, and integrated with campus emergency management and communications.
  • Support response to significant cybersecurity incidents, including coordination with internal and external stakeholders.
  • Oversee post-incident reviews and continuous improvement efforts.

Research, Compliance, & Regulatory Support

  • Support security requirements for regulated and sensitive data, including FERPA, PHI, PCI-DSS, GLBA, export controls, and sponsored research (e.g., NIST 800-171 / CMMC where applicable).
  • Collaborate with research administration to enable secure research computing environments.
  • Assist with audits, assessments, and compliance reporting.
  • Provide guidance on third-party risk management and vendor security reviews.
  • Oversee the IT Security Lab, supporting hands on security research, testing and workforce development.

Awareness, Training, & Community Engagement

  • Lead and support the development and delivery of cybersecurity awareness and education programs for faculty, staff, students, and researchers.
  • Promote a culture of shared responsibility for security across the institution.
  • Communicate risk and security concepts clearly to non-technical audiences.
  • Represent the institution in higher-education cybersecurity communities and consortia.

Team Leadership & Development

  • Manage and mentor information security staff and leaders.
  • Foster a collaborative, inclusive, and service-oriented team culture.
  • Support professional development and succession planning within the security organization.
  • Help recruit, retain, and develop diverse cybersecurity talent.
 

Required Qualifications

• Master’s degree in Information Security, computer science, Information Systems, STEM, or a related field OR bachelor's degree plus training and work experience that equates to a master's degree.
• Significant years of progressively responsible experience in information security, IT risk management, or related areas.
• Demonstrated experience leading cybersecurity programs or teams.
• Strong knowledge of security frameworks and standards (e.g., NIST CSF, NIST SP 800-53, CIS Critical Security Controls).
• Experience with incident response, risk assessment, and security operations.
• Ability to communicate effectively with technical and non-technical stakeholders.
• Experience working in or supporting complex, decentralized organizations.
• Demonstrated ability to successfully handle sensitive discussions, maintain confidentiality, strong personal ethics commitment, strong personal integrity, and demonstrated sound judgment.

Preferred Qualifications

• Experience in higher education, research institutions, or public sector environments.
• Familiarity with higher-education regulatory and compliance requirements.
• Relevant professional certifications (e.g., CISSP, CISM, CRISC).
• Experience supporting research computing and federally funded research security requirements.
• Experience with shared governance and consensus-driven environments

Overtime Status

Exempt: Not eligible for overtime

Appointment Type

Regular

Salary Information

Commensurate with experience

Hours per week

40

Review Date

05/15/2026

Additional Information

No visa sponsorship is available for this position.

The successful candidate will be required to have a criminal conviction check.

 

About Virginia Tech

Dedicated to its motto, Ut Prosim (That I May Serve), Virginia Tech pushes the boundaries of knowledge by taking a hands-on, transdisciplinary approach to preparing scholars to be leaders and problem-solvers. A comprehensive land-grant institution that enhances the quality of life in Virginia and throughout the world, Virginia Tech is an inclusive community dedicated to knowledge, discovery, and creativity. The university offers more than 280 majors to a diverse enrollment of more than 36,000 undergraduate, graduate, and professional students in eight undergraduate colleges, a school of medicine, a veterinary medicine college, Graduate School, and Honors College. The university has a significant presence across Virginia, including Blacksburg, the greater Washington, D.C. area, the Health Sciences and Technology Campus in Roanoke, sites in Newport News and Richmond, and numerous Extension offices and research institutes. A leading global research institution, Virginia Tech conducts more than $650 million in research annually.

Virginia Tech endorses and encourages participation in professional development opportunities and university shared governance.  These valuable contributions to university shared governance provide important representation and perspective, along with opportunities for unique and impactful professional development.

Virginia Tech does not discriminate against employees, students, or applicants on the basis of age, color, disability, sex (including pregnancy), gender, gender identity, gender expression, genetic information, ethnicity or national origin, political affiliation, race, religion, sexual orientation, or military status, or otherwise discriminate against employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants, or on any other basis protected by law.

If you are an individual with a disability and desire an accommodation, please contact IT Human Resources at ithr@vt.edu during regular business hours at least 10 business days prior to the event.

Advertised: Eastern Daylight Time
Application close: Eastern Daylight Time

Apply now

Back to list Refer a friend