Deputy Chief Information Security Officer – Virginia Tech

Deputy Chief Information Security Officer – Virginia Tech Virginia Tech seeks an experienced information security leader with a track record for helping large, complex organizations protect the privacy, availability and security of their digital assets. The Deputy CISO supports the strategic direction, operational execution, and continuous improvement of the university’s cybersecurity program, ensuring the protection of institutional data, systems, research, and academic missions. The position oversees all aspects of security operations and incident response, supports the work of a peer leader overseeing identity services. Position Responsibilities Cybersecurity Operations & Incident Response Provide oversight of security operations, including monitoring, detection, vulnerability management, and incident response. Help establish metrics and reporting to measure program effectiveness and risk posture. Help oversee institutional cybersecurity risk management activities, including risk assessments, risk acceptance, and mitigation planning. Contribute to enterprise risk management (ERM) efforts and executive-level risk reporting. Help ensure incident response plans are maintained, tested, and integrated with campus emergency management and communications. Support response to significant cybersecurity incidents, including coordination with internal and external stakeholders. Oversee post-incident reviews and continuous improvement efforts. Research, Compliance, & Regulatory Support Support security requirements for regulated and sensitive data, including FERPA, PHI, PCI‑DSS, GLBA, export controls, and sponsored research (e.g., NIST 800‑171 / CMMC where applicable). Collaborate with research administration to enable secure research computing environments. Assist with audits, assessments, and compliance reporting. Provide guidance on third‑party risk management and vendor security reviews. Oversee the IT Security Lab, supporting hands‑on security research, testing and workforce development. Awareness, Training, & Community Engagement Lead and support the development and delivery of cybersecurity awareness and education programs for faculty, staff, students, and researchers. Promote a culture of shared responsibility for security across the institution. Communicate risk and security concepts clearly to non‑technical audiences. Represent the institution in higher‑education cybersecurity communities and consortia. Team Leadership & Development Manage and mentor information security staff and leaders. Foster a collaborative, inclusive, and service‑oriented team culture. Support professional development and succession planning within the security organization. Help recruit, retain, and develop diverse cybersecurity talent. Required Qualifications Master’s degree in Information Security, computer science, Information Systems, STEM, or a related field OR bachelor’s degree plus training and work experience that equates to a master’s degree. Significant years of progressively responsible experience in information security, IT risk management, or related areas. Demonstrated experience leading cybersecurity programs or teams. Strong knowledge of security frameworks and standards (e.g., NIST CSF, NIST SP 800‑53, CIS Critical Security Controls). Experience with incident response, risk assessment, and security operations. Ability to communicate effectively with technical and non‑technical stakeholders. Experience working in or supporting complex, decentralized organizations. Demonstrated ability to successfully handle sensitive discussions, maintain confidentiality, strong personal ethics commitment, strong personal integrity, and demonstrated sound judgment. Preferred Qualifications Experience in higher education, research institutions, or public sector environments. Familiarity with higher‑education regulatory and compliance requirements. Relevant professional certifications (e.g., CISSP, CISM, CRISC). Experience supporting research computing and federally funded research security requirements. Experience with shared governance and consensus‑driven environments. Overtime Status Exempt: Not eligible for overtime Appointment Type Regular Salary Information Commensurate with experience Additional Information No visa sponsorship is available for this position. The successful candidate will be required to have a criminal conviction check. Equal Employment Opportunity Virginia Tech does not discriminate against employees, students, or applicants on the basis of age, color, disability, sex (including pregnancy), gender, gender identity, gender expression, genetic information, ethnicity or national origin, political affiliation, race, religion, sexual orientation, or military status, or otherwise discriminate against employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants, or on any other basis protected by law. If you are an individual with a disability and desire an accommodation, please contact IT Human Resources at ithr@vt.edu during regular business hours at least 10 business days prior to the event. #J-18808-Ljbffr