Posted: Oct 30, 2025
APPLY

Chief Information Security Officer (#5094206)

Department of Behavioral Health and Developmental Services (DBHDS) - Richmond, VA
Full-time
Salary: $100,000.00 - $185,000.00 Annually
Application Deadline: Nov 11, 2025
Health Services

The Department of Behavioral Health and Developmental Services (DBHDS) is seeking a dynamic and experienced information security and privacy leader to serve as the Chief Information Security Officer (CISO). This position is responsible for developing, managing and ensuring an efficient and effective information security and privacy program that safeguards the agency’s information assets and supports the compliance with all applicable federal and Commonwealth laws and regulations. This position oversees the agency’s security policies, risk management, compliance, and cybersecurity operations to ensure protection, detection, and corrective controls for all IT systems.

Additional responsibilities include:

  • Providing strategic leadership for enterprise-wide cybersecurity, privacy, and IT governance, risk, and compliance (GRC) programs.
  • Designing and implementing policies, standards, and risk management frameworks aligned with Commonwealth security standards, and HIPAA requirements.
  • Overseeing the agency’s incident response, vulnerability management, and cloud security, ensuring protection, detection, and corrective controls for all IT systems and cloud environments.
  • Leading the agency’s initiatives in AI governance and emerging technology oversight, establishing responsible AI policies, risk assessments, and controls to ensure ethical, secure, and compliant adoption of artificial intelligence and automation technologies across DBHDS systems.
  • Supervising professional staff responsible for implementing technical safeguards, conducting risk assessments, managing investigations, and delivering security and privacy awareness training to maintain a secure, compliant, and resilient technology environment.
  • Advising the Executive Leadership Team on cybersecurity, privacy, and risk posture.
  • Developing data protection strategies and ensuring business continuity and incident recovery plans align with enterprise risk tolerance.

Qualifications:  

  • Considerable experience in information security, information systems review, or related technology fields.
  • Demonstrated knowledge of information security and privacy practices, IT governance, risk management, and compliance frameworks (e.g., NIST, ISO 27001, HIPAA, ARMICS, VITA SEC-530)
  • Proven experience implementing and managing cloud security controls in cloud environments, including IAM, monitoring, and shared responsibility compliance.
  • Ability to lead enterprise cybersecurity operations, manage incident response, and oversee vulnerability and threat management programs.
  • Knowledge of cloud security architectures, shared responsibility models, and cloud-native risk mitigation strategies.
  • Experience establishing or managing AI governance frameworks or oversight committees related to data ethics, model transparency, and security of AI systems.
  • Proven ability to lead teams and supervise staff performing cybersecurity and risk management functions.
  • Strong communication, analytical, and problem-solving skills, with the ability to interact effectively with technical, executive stakeholders, and oversight entities.

Additional Considerations:

  • Certification as an Information Systems Security Professional (CISSP), Information Security Manager (CISM), or Information Systems Auditor (CISA).
  • Experience working in state or public sector information security programs.
  • Familiarity with HIPAA, ARMICS, and NIST security standards.
  • Experience building or maturing governance, risk, and compliance (GRC) programs and reporting metrics to executive leadership or board-level committees.

DBHDS is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, gender identity, sexual orientation, national origin, political affiliation, disability, genetic information, age, retaliation, parental status, pregnancy, military service/status, or other non-merit factor.    We commit to a diverse and inclusive workforce that is reflective of the Commonwealth of Virginia.

In addition, the Commonwealth of Virginia/DBHDS offers excellent health and life insurance benefits, access to Short-Term (STD) and Long-Term (LTD) Disability benefits, thirteen (13) paid holidays and other leave benefits, and a state retirement plan with options for tax-deferred retirement savings including employer matching.