Share this Job

Title:  Chief Information Security Officer - Exempt

Application Deadline Date:  Open Until Filled
Req ID:  2407
Department:  Digital Services Agency

Montpelier, VT, US

Position Type:  Exempt
Schedule Type:  Full Time
Hourly Rate:  $48.07-$55.29

The Agency of Digital Services is seeking to hire a Chief Information Security Officer (CISO). This is a full-time, appointed position located in Montpelier, Vermont.

Reporting to the Secretary of Digital Services and State CIO, the Chief Information Security Officer (CISO) will oversee and direct security programs and security efforts within the executive branch of state government.  The CISO provides vision and leadership for developing and supporting security initiatives, and oversees all phases of computer security incident response for the enterprise, including planning. S/he also has responsibility for establishing and maintaining an information risk management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, reporting, and facilitating mitigation of information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The CISO will also oversee a variety of IT-related risk management activities including system/service compliance audits, policy development and standards development.

Responsibilities will include:

Strategy & Planning:

  • Participate as a member of the senior management team to develop long term strategies and organizational governance.
  • Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders.
  • Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
  • Develop, implement, and maintain policies, procedures, and associated plans to mitigate risk in the state’s information security posture. 
  • Participate, guide, and align strategy with the Governor’s Cyber Advisory Team.  Partner with academia to develop long-term workforce plans for the State, in collaboration with industry.
  • Engage senior-level stakeholders, such as State legislators, to articulate strategic risk issues, build consensus for action, and discuss issues pertaining to the State’s cybersecurity mission.

Operational Management:

  • Manage a team of security professionals
  • Ensure appropriate monitoring and protection of information assets so the state maintains compliance with policies, standards, laws and regulations including developing key security metrics to demonstrate compliance.
  • Oversee and be the champion of security awareness and training within state government.
  • Manage information security incidents within state government.
  • Develop new models for integration of cyber incident management into all-hazards emergency response planning.
  • Implement the means for cyber threat intelligence sharing with Federal, State, Local, and industry partners.
  • Ensure that technical systems adhere to all applicable laws and regulations.
  • Recommend and implement approved changes in security policies and practices at an enterprise level.
  • Collaborate with state business leaders, IT leaders, and human resources to ensure security and privacy policies.
  • Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management team on the impact of these trends.
Who May Apply

This position, Chief Information Security Officer (Job Requisition #2407), is open to all State employees and external applicants. This position is open until filled. The State of Vermont posts vacancies for a minimum of ten business days. Positions posted as open until filled can be removed at any time after the initial ten day period. After the initial posting period, departments may begin interviewing and may close the posting without notice.

If you would like more information about this position, please contact
Please note that multiple positions in the same work location may be filled from this job posting.
Resumes will not be accepted via e-mail. You must apply online to be considered.


Formal Education & Certification

  • Bachelor's degree in Information Technology, Computer Science, Information assurance, Cybersecurity or
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), SANS certifications or other similar credentials, is preferred. 

Knowledge & Experience

  • A minimum of five years of IT in an information security role and at least two years in a management capacity.
  • Experience with running a Security Operations Center (SOC).
  • Proven experience in planning, organizing, and developing information security policy and programs in technology organizations.
  • Knowledge and application of National Institute of Standards and Technology (NIST) 800-53 series security standards, FISMA, HIPPA, IRS1075, MARS-E, and CJIS Security Requirements.
  • Demonstrated experience designing IT security architecture at the enterprise level.
  • In-depth knowledge of applicable laws and regulations as they relate to information security.
  • State contracting and procurement experience. (preferred)
  • Ability to motivate in a team-oriented, collaborative environment.

Knowledge, Skills & Abilities

  • Excellent interpersonal skills.
  • Values a collaborative, team-based approach.
  • Works with a sense of urgency and motivation to get things done.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Ability to develop and clearly articulate a compelling information security vision that inspires the team, agencies, departments, and other stakeholders.
  • Proven leadership ability. 
  • Excellent written and oral communication skills.

The expected salary range is $100k-115k, based upon qualifications and experience.

Equal Opportunity Employer
The State of Vermont is an Equal Opportunity Employer. Applications from women, individuals with disabilities, veterans, and people from diverse cultural backgrounds are encouraged.

Nearest Major Market: Barre
Nearest Secondary Market: Montpelier