Virtual Chief Information Security Officer

ClientSuffolk County Department of Information Technology (DoIT)

TitleVirtual Chief Information Security Officer

Duration 2 years

Role Overview:

As the vCISO for Suffolk County you will be tasked with developing and managing a comprehensive cybersecurity program. This involves setting policies conducting risk assessments and providing strategic guidance on cybersecurity matters.

Key Responsibilities:

• Align the cybersecurity program with the NIST Cybersecurity Framework.
  
• Develop policies procedures and guidelines to ensure adherence to cybersecurity standards.
  
• Perform cybersecurity gap analyses and develop strategic plans to mitigate risks.
  
• Establish and maintain an Enterprise IT Security Strategic Plan.
  
• Review and develop IT security policies and procedures including incident management and escalation protocols.
  
• Establish configuration standards and monitor compliance.
  
• Lead the development of a Cyber Incident Response Plan.
  
• Oversee Disaster Recovery/Continuity of Operations Planning (DR/COOP).
  
• Evaluate thirdparty vendors for security compliance.
  
• Ensure vendor risk management practices are robust and effective.
  
• Develop a roadmap for implementing security controls and initiatives.
  
• Design and deliver security awareness training programs for County employees.
  

Technical Security Evaluations:

Oversee vulnerability assessments penetration testing and enterprise application security evaluations.

Prepare and present regular reports on the Countys cybersecurity posture.

Ensure compliance with risk management frameworks and audit requirements.

Qualifications:

Experience: Minimum 15 years in information security with project management experience.

Certifications: CISSP (Certified Information Systems Security Professional) and CISA (Certified Information Systems Auditor) certifications are required.

Experience in municipal or state government cybersecurity programs is preferred.

Skills: Strong leadership and communication skills to engage with executive stakeholders and technical teams effectively.

Employment: Must be USbased a US citizen and a fulltime employee of the vendor.

This role demands a seasoned cybersecurity professional capable of not only technical leadership but also strategic oversight and compliance management within the unique context of public sector cybersecurity.

Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA) certifications required. Experience in municipal or state government cybersecurity programs is preferred. Strong leadership skills with the ability to communicate effectively with executive stakeholders and technical teams. US-based, US citizen, and full-time employee of the vendor. Develop and maintain an Enterprise IT Security Strategic Plan, including risk management goals, budget development, and emerging risk assessments.