The Virginia Economic Development Partnership (VEDP) is seeking a strategic and experienced Information Security Officer to lead VEDP’s Information Security Program. The successful candidate will be responsible for developing, implementing, and maintaining a comprehensive information security program that protects the confidentiality, integrity, and availability of VEDP's information assets and technology resources. This role serves as the designated Information Security Officer (ISO) and provides leadership in cybersecurity governance, risk management, compliance, security operations, incident response, and security awareness across the organization. The position works closely with executive leadership, business units, technology teams, auditors, and external partners to ensure VEDP maintains a mature and effective security posture.
Responsibilities:
-
Serve as VEDP's designated Information Security Officer (ISO)
-
Develop and manage an information security program that meets or exceeds the requirements of Commonwealth of Virginia (COV) IT security policies and standards in a manner commensurate with risk
-
Develop and maintain information security policies, standards, procedures, and guidelines
-
Develop and maintain an information security awareness and training program for agency staff, including contractors and IT service providers
-
Implement and maintain the appropriate balance of preventative, detective and corrective controls for VEDP IT systems commensurate with data sensitivity, risk and systems criticality in conjunction with IT leadership
-
Lead system audit and assessment activities by coordinating with internal and external partners, managing audit requests through completion
-
Lead cybersecurity governance, risk management, privacy, and compliance initiatives
-
Oversee third-party security reviews, vendor risk assessments, and security-related contractual requirements
-
Partner with IT leadership and technology teams to implement security operations, change management, threat management, vulnerability management, and incident response
-
Coordinate with leadership on business continuity, disaster recovery, and cyber resilience planning efforts
-
Develop and deliver executive-level reporting for the leadership and metrics on cybersecurity risks and program effectiveness
Skills:
-
Experience implementing and managing cybersecurity controls aligned with NIST-based frameworks, including COV SEC530 or similar
-
Ability to balance security requirements with business objectives
-
Experience developing and enforcing security policies, standards, and procedures
-
Experience with security awareness and organizational change management initiatives
-
Knowledge of security operations, threat management, vulnerability management, and incident response
-
Strong analytical and problem-solving skills
-
Excellent written and verbal communication skills
-
Ability to communicate technical risks to executive and non-technical audiences
-
Strong leadership, project management, and stakeholder engagement skills
Experience:
-
Minimum of 8-10 years of progressive experience in information security, cybersecurity, or IT risk management
-
Minimum of 3-5 years of security leadership experience managing enterprise security programs
-
Experience working within public-sector or regulated environments preferred
-
Professional security certification(s) such as CISSP, CISM, CISA, or equivalent
-
Experience conducting risk assessments, security audits, and compliance reviews
Being authorized to work in the U.S. is a precondition of employment. VEDP uses the E-Verify system and does not provide sponsorship.
All candidates must apply through our website https://www.vedp.org/careers. A valid Virginia driver’s license is required. Salary Range: $120,000-$160,000. Application deadline: July 17, 2026.
VEDP is an Equal Opportunity Employer. All applicants are considered for employment without regard to race, sex, color, national origin, religion, sexual orientation, gender identity or expression, age, veteran status, political affiliation, genetics, or against otherwise qualified individuals with disabilities. It is VEDP’s intent that its employment and personnel policies and practices conform to all applicable federal, state, and local laws and regulations regarding non-discrimination and affirmative action. Applicants requiring more information or requiring assistance may contact VEDP Human Resources at 1-804-545-5634 or [email protected]. TDD 1-800-828-1120.