Recruitment #20-A2C-0108


Loudoun County, Virginia is an innovative, globally competitive community known for its favorable business environment, exceptional quality of life, and strong sense of community. Located in northern Virginia, approximately 45 minutes northwest of Washington, D.C., Loudoun County is a thriving community of more than 336,000 residents. Loudoun has been one of the fastest growing communities of its size for two decades. The Center for Digital Government has named Loudoun County one of the top five counties with populations of 250,000 to 500,000 in the past four years for its use and management of technology.

Job Description

Do you want to make a difference in one of the fastest-growing counties in the United States? Can you work as part of a team, with inspiration, vision and creativity? Are you passionate about the role of technology in supporting the mission of local government? Loudoun County’s Department of Information Technology is currently seeking a full time IT Security Manager (CISO) on the IT Security Team. This position will:

  • Lead, manage and motivate the information security team to achieve tactical and strategic goals.
  • Proactively work with DIT and County Departments to implement practices that meet agreed-on policies and standards for information security.
  • Lead information security technology system design, evaluation, implementation, and operations.
  • Be responsible for implementing and running the enterprise information security program.
  • Act as an escalation point for all operational information security activities.
  • Work with County stakeholders, both within and external to IT staff, to design secure solutions involving the County’s IT infrastructure.
  • Provide regular reporting on the current status of the information security program to the Director of Information Technology (CIO) as part of a strategic enterprise risk management program.
  • Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
  • Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
  • Manage the budget for the information security function, monitoring and reporting discrepancies.
  • Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures stakeholder buy-in.
  • Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices.

Job Requirements

  • Requires any combination of education and experience equivalent to a Master’s degree and four years of directly related work experience in a decision making senior security management role including policy, risk, and compliance management.
  • Experience leading enterprise-wide cybersecurity frameworks and security awareness programs Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Chief Information Security Officer (CCISO) or other similar credentials preferred.
  • Sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
  • Firm understanding of network architecture and network, system, and application security.
  • Experience with and/or significant knowledge of cloud security principles and mechanisms.
  • Experience with and advanced understanding of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework as well as PCI/DSS and HIPAA.
  • Must have a valid driver’s license.

Post Conditional Offer Contingencies

The successful candidate will undergo an extensive background and credit check.