Chief Information Security Officer

About The Position

Requirements

• A baccalaureate degree from an accredited college or university including or supplemented by 12 credits in mathematics, statistics, accounting, and/or actuarial science and four years of satisfactory full-time experience implementing the provisions of a retirement plan involving the use of mathematical, statistical, actuarial or accounting computations, 18 months of which must have been in an administrative, managerial or executive capacity or supervising professionals implementing the provisions of a retirement plan involving the use of mathematical, statistical, actuarial or accounting computations
• An associate degree or 60 credits from an accredited college or university, including or supplemented by 12 credits in mathematics, statistics, accounting and/or actuarial science and six years of satisfactory full-time experience as indicated in “1”
• Education and/or experience equivalent to “1” or “2” above. However, all candidates must have 60 credits from an accredited college or university, including or supplemented by 12 credits in mathematics, statistics, accounting and/or actuarial science and the 18 months of experience in a supervisory, administrative, managerial or executive capacity as described in “1” above.

Nice To Haves

• Deep expertise across all areas of information security, including policy development, risk assessments, regulatory audits, incident response, training, and third-party/vendor risk management.
• Versatile, decisive leader.
• Comfortable navigating both technical and strategic responsibilities.
• Hands-on leader who can make risk-informed decisions under pressure while continuously maturing the agency’s security posture.
• Experience with NIST, ISO, and applicable state regulatory standards.
• Experience with hybrid infrastructure (on-premises and cloud environments).
• Experience with cybersecurity, privacy, and resilience trends.

Responsibilities

• Lead and continuously enhance the agency’s Information Security and Business Continuity programs, ensuring strategic alignment with IT architecture, security engineering, and operational frameworks in accordance with NIST, ISO, and applicable state regulatory standards.
• Serve as a technical and trusted advisor on Information Security and Business Continuity to IT, Legal, and business units, embedding security and resilience into systems, contracts, and daily operations.
• Participate in technical planning and understand impact to organization.
• Conduct and oversee cybersecurity risk assessments, vendor risk reviews, and responses to internal and external audits.
• Lead and coordinate the end-to-end lifecycle of security incidents, from initial detection and investigation to containment, forensics, and lessons-learned reporting. Serve as the technical escalation point for complex incidents.
• Maintain, test, improve, continuously improve business continuity and disaster recovery plans across critical operations, including data backup, replication strategies, and system failover procedures.
• Supervise and mentor a small, high impact team; ensuring coverage for both strategic planning and monitoring.
• Design and enforce technical policies, security configuration baselines, and automated compliance monitoring across hybrid infrastructure (on-premises and cloud environments).
• Design and lead a targeted security awareness program, promoting ownership and accountability across the organization.
• Monitor, track, and report on key risk indicators (KRIs), threat trends, control effectiveness, and program maturity metrics.
• Partner with auditors, regulators and external partners, to ensure compliance and manage remediation efforts.
• Engage with third-party vendors and service providers to assess security status and identify vulnerabilities.
• Stay current with emerging cybersecurity, privacy, and resilience trends, proactively integrating best practices and evolving threats into the agency’s strategic roadmap.
• Perform additional related duties as assigned by the Chief Risk Officer.

Benefits

• Retirement benefits