Information Security Officer - Governance, Risk, and Compliance

• https://iabcmg.fa.ocs.oraclegovcloud.com/hcmUI/CandidateExperience/en/sites/SCV/job/1252

• Richmond, Virginia, United States, 23219

• DJIT Technical Services Division

• Closing at: May 22 2026 - 01:00 EDT

• Supreme Court of Virginia

Job Duties

The Department of Judicial Information Technology (DJIT), a division of the Office of the Executive Secretary (OES) of the Supreme Court of Virginia, is seeking a qualified cybersecurity risk professional to serve as the Information Security Officer – Governance, Risk and Compliance (ISO-GRC). This role provides leadership for enterprise information security and oversight in a large, complex IT organization supporting Virginia’s statewide judicial system.

Reporting to the Chief Information Security Office (CISO), this role serves as the principal leader for GRC matters. This includes management of the agency’s security awareness training program, conducting risk assessments of IT systems, and overseeing a large number of IT compliance initiatives across the organization. This role focuses on IT security policy management and oversight of multiple IT security program areas. The ISO-GRC assists the CISO in partnering closely with IT leadership, agency executive leadership, and internal and external stakeholders to ensure that OES maintains secure, resilient, and compliant technology services that support the mission of the Virginia Judicial Branch of government.

Essential Duties & Responsibilities

• Manage GRC staff and the day-to-day enterprise information security risk management program in alignment with SEC530, NIST 800-53, and Judicial Branch standards

• Oversee all aspects of the Information Security Awareness Training Program

• Primary oversite of the development, implementation, and maintenance of security policies, standards, procedures, and exceptions

• Oversee the organization’s Third-Party IT Service Provider Oversite Program

• Participate in the review and approval of contracts and agreements to include security requirements, technical specifications, and statements of work to identify risks

• Conduct system risk assessments to identify, evaluate, prioritize, and monitor security risks, as well as recommend mitigation strategies

• Oversee GRC program-wide documentation, control testing, and reporting

• Manage systems inventory and data classification to ensure all IT systems are classified appropriately for sensitivity

• Assist CISO with planning for IT disaster recovery and continuity programs, including statewide coordination with IT system owners and various stakeholder groups

• Serve as key member of agency’s IT Incident Response Team

• Communicate security posture, risks, and mitigation strategies to IT system owners and stakeholders

• Ability to explain and present technical matters clearly and effectively in both a technical and non-technical manner

• Coordinates information requests and audit responses with CISO and external auditors

• Researches all aspects of information security to stay current on new and evolving security products, standards, policies, and risks.

• Keeps IT leadership up to date on potential security risks and mitigation strategies

Minimum Qualifications

The most competitive candidates will possess:

Minimum Qualifications

• 5+ years of progressive cybersecurity, risk management, or related experience in complex, multi-tier IT environments

• 7+ years of experience in the IT industry

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field; extensive work experience and professional certification in IT/security may be considered equivalent

• Strong written and oral communication skills, with the ability to convey complex technical and security concepts to diverse audiences

• Strong knowledge of cybersecurity frameworks and standards including the Commonwealth’s SEC530, NIST 800-53, etc.

• Experience in developing and reviewing information security guidelines, standards, policies, and procedures

• Experience leading cybersecurity professionals or projects

• Experience participating in disaster recovery, continuity planning, and incident response initiatives

• Experience participating in technology procurement, vendor management and oversite, or contract evaluation

• Knowledge of IT audit and IT compliance processes

• Prior leadership or program management experience in the public sector or other highly regulated environments

• Excellent strategic and communication capabilities to translate technical risks into business language

• Demonstrated understanding of IT infrastructure operations including data centers, networks, PC administration, and cloud computing

Preferred Qualifications

• More than 10 years of experience in a leadership role or role of substantial responsibility in an enterprise governance, risk and compliance program within courts, public sector, law firms, or similar organizations

• Master’s degree in information technology, cybersecurity, or a related field

• Active professional certifications such as CISSP, CISM, CRISC, CGRC, CISA, or a related credential

• Experience working in large organizations providing broad IT services (infrastructure, applications, network, data center, and support services)

• Experience coordinating with external auditors and regulatory entities on security matters

• Experience working in an environment with PCI-DSS, CJIS, HIPPA, or similar formal compliance requirements

Contact Information

Email: Humanresources@VACourts.gov