IT Deputy Chief of Information Security

City of Virginia Beach - Virginia Beach, VA3.9

The City of Virginia Beach Information Technology (IT) Department is an award-winning organization committed to using technology to transform service delivery for residents, visitors and other stakeholders. We were named a 2018 CIO 100 winner and have been recognized three years in a row by the Center for Digital Government as #1 among " Digital Cities " in our population category. From apps to maps , we are building citizen-centric solutions to promote access, convenience and security.

Information security remains a top priority for City leadership and is deeply integrated with business goals. The IT Department seeks an experienced information security professional to proactively identify business risks, raise security awareness across the organization and implement effective cybersecurity practices and strategies to protect the City’s data, infrastructure and other critical assets.

Deputy Chief of Information Security:
The IT Deputy Chief of Information Security is responsible for establishing and maintaining the city-wide information security management program to ensure that information assets are adequately protected. Responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. Will proactively work with business units to implement practices that meet defined policies and standards for information security. Serves as the process owner of all assurance activities related to the availability, integrity, and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies.

A key element in this position's role is working with executive management to determine acceptable levels of risk for the organization. Must be highly knowledgeable about the environment and ensure that information systems are maintained in a fully functional, secure mode. Will provide security expertise of the City of Virginia Beach reporting directly to the Chief Information Officer. The position requires a broad knowledge of all facets of the security organization, work with minimal supervision, and the ability to coordinate with other Information System Security Officers, Systems Administrators, and project personnel.

Position Accountabilities:
Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk program to ensure the integrity, confidentiality and availability of information is owned, controlled, or processed by the organization.

Manage the enterprise's information security organization, consisting of direct reports, and indirect reports. This includes hiring, training, staff development, performance management, and annual performance reviews.

Develop, maintain, and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.

Create, communicate, and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.

Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.

Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders, and executive management.

Manage security incidents and events to protect IT assets, including intellectual property, regulated data and the City's reputation.

Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.

Development and implementation of business continuity and disaster recovery programs.

Implement physical security related to IT systems and hardware.

Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.

Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.

Facilitate metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of security.

Implementation of and compliance to Payment Card Industry Data Security Standard (PCI-DSS) requirements as necessary.

In-depth knowledge and extensive experience in computer networking, TCP/IP, routing, DNS, routers/firewalls/switches, IDS, VPN's, scripting languages, system admin functions, file systems, operating systems, programming languages, command line tools, and phishing exercises.

Excellent written and verbal communication skills, interpersonal and collaborative skills, the ability to communicate security and risk-related concepts to technical and nontechnical audiences, excellent analytical skills, the ability to manage multiple projects under strict timeline, the ability to work well in a demanding, dynamic environment while meeting overall objectives, excellent project management skills, financial/budget management, and scheduling and resource management.

CJIS/PREA Disclaimer: ***This position will provide direct support to the City’s Public Safety departments and will have physical access to public safety buildings and/or access to confidential and sensitive public safety databases. As such, and in compliance with federal regulations and guidelines, City of Virginia Beach IT staff and contractors must receive a Criminal Justice Information Systems (CJIS) and may require a Prison Rape Elimination Act (PREA) criminal background clearance prior to employment and annually thereafter while employed or under contract with the City of Virginia Beach. Automatic disqualifiers related to the CJIS and PREA criminal background checks apply, including but not limited to, US Citizenship and/or minimum ten (10) years US Residency requirements.

Official City Job Description:

Minimum Requirements:
MINIMUMS: Bachelor's Degree in Computer Science, Information Technology, or related field; AND ten (10) years of progressively responsible professional experience providing architecture design and deployment, systems lifecycle management and infrastructure planning and operations, with at least three (3) years of leadership experience in managing multiple, large cross-functional teams or projects, and influencing senior level management and key stakeholders; OR an equivalent combination of education, training and experience. Must have demonstrated experience managing teams and building relationships with people at a variety of levels and the ability to launch and deliver one or more IT project(s), process(s), or service(s) on time and within budget. SPECIAL REQUIREMENTS: All employees may be expected to work hours in excess of their normally scheduled hours in response to short-term department needs and/or City-wide emergencies.
Alpha I Status: Positions within this class have been designated as Alpha I positions requiring employees to work during inclement weather, regardless of the City?s operational status.

Additional Requirements:
DMV Transcript: Not Required
CDL: Not Required
DOT History: Not Required
CPS Check: Not Required
Physical: Not Required
Respirator: Not Required
Polygraph Review: Not Required
Psychological Screening: Not Required

Attachments Required: Resumes

  • 3 or more years in a senior level leadership role in an IT environment.
  • Two or more of the following professional certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Information Assurance Certification (GIAC)
  • In-depth experience and knowledge of common information security management frameworks such as Internal Organization for Standardization (ISO) 2700X, Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technologies (COBIT) Risk IT and National Institute of Standards and Technology (NIST).
  • Knowledge of Payment Card Industry Data Security Standard audit and remediation.
  • Experience in the audit and remediation of security risks.
  • Technical certifications such as: Cisco Certified Network Professional + Security (CCNP+S) or Cisco Certified Internetwork Expert (CCIE) preferred.
Special Instructions:
***Alpha I Status: Positions within this class have been designated as Alpha I positions requiring employees to work during inclement weather, regardless of the City’s operational status.

***Interview Exercise: Please note the interview process will include an exercise.

Please complete the application in its entirety. The application is the primary required document used to screen qualifications and years of experience. A resume does not replace a completed application. Fields on the application left blank, including but not limited to job duties, dates of employment, and hours worked, may cause your application to be incomplete.
You will not be able to access the details of this job ad once the closing date has passed. If you would like to retain this information, please take a screen shot or print using your browser's printing capability.
Your responses to any "Supplemental Questions", if attached to this requisition, must be supported by the information you give us in the work experience section of this application. Be sure you are thorough in describing your skills and duties as you complete the work experience section. If the information cannot be verified you will not receive credit.
Please provide a copy of any certifications or related professional licenses.

VRS Contribution: All full-time employees are required to contribute 5% of annual salary toward their retirement account; in accordance with VRS retirement provisions. This will be handled through a pre-tax payroll deduction.

Back Share
Apply Now