(DCIO) Chief Risk & Information Security Compliance Officer (CRISCO) (DOT Executive VIII)

Maryland Department of Transportation•Anne Arundel County, MD

2d•Hybrid

About The Position

The Maryland Department of Transportation (MDOT) is seeking a Chief Risk & Information Security Compliance Officer (CRISCO) to serve as the enterprise executive responsible for cybersecurity, risk management, regulatory compliance, and information governance across all MDOT modes. This role is critical to ensuring that MDOT’s technology environment remains secure, compliant, resilient, and aligned with the Department’s mission and public service obligations. The CRISCO functions as a principal advisor to the Chief Information Officer and operates at the executive level as a peer to senior IT leadership. This position provides enterprise-wide authority to establish risk tolerance, enforce compliance standards, and oversee cybersecurity outcomes across MDOT’s federated operating model. The CRISCO leads the integration of cybersecurity, enterprise risk management, audit, and compliance into a unified framework that supports modernization, protects critical infrastructure, and maintains public trust. The incumbent provides executive leadership over MDOT’s cybersecurity program, including direct oversight of the Deputy Chief Information Security Officer and associated teams responsible for security operations, engineering, and incident response. This position ensures that cybersecurity capabilities are aligned with enterprise risk tolerance, regulatory requirements, and operational priorities.

Requirements

A bachelor’s degree from an accredited college or university in Information Technology, Cybersecurity, Risk Management, Business Administration, Public Policy, or a closely related field.
Ten (10) years of progressive experience in enterprise risk management, cybersecurity, compliance, or governance within large, complex organizations.
Five (5) years must include executive or senior management roles with responsibility for enterprise-level decision making, policy development, and organizational oversight.
Experience in government or regulated industries preferred.

Nice To Haves

Master’s degree in Information Systems, Business Administration, Public Policy, or related field.
Experience leading enterprise risk management, compliance, or governance programs at scale.
Experience overseeing cybersecurity functions while operating at a strategic, policy, and executive level
Strong understanding of regulatory frameworks, audit processes, and compliance enforcement.
Experience working in public sector, transportation, or other critical infrastructure environments.
Ability to operate independently with executive presence and sound judgment in high-impact decision making environments.

Responsibilities

Establish and enforce enterprise-wide cybersecurity, risk management, and compliance strategy across all MDOT systems, data, and infrastructure.
Define risk tolerance and mandate corrective action across modes.
Provide executive leadership and full accountability for MDOT’s enterprise cybersecurity program, including oversight of security operations, engineering, architecture, and incident response functions.
Direct and enforce compliance with State and Federal regulations, policies, and standards.
Lead enterprise audit strategy, including audit readiness, response, and remediation enforcement.
Design and implement an enterprise risk management framework integrating cybersecurity, operational, data, and third-party risk into a unified governance model.
Exercise governance authority across MDOT’s federated IT environment to ensure consistent adherence to enterprise standards and eliminate fragmented or duplicative implementations.
Serve as executive authority during major cybersecurity or data incidents, ensuring coordinated response across MDOT modes and external agencies, and enforcing post-incident corrective actions.