Chief of Information Security & Privacy (Hybrid)

Chief of Information Security & Privacy (Hybrid) State Corporation Commission•3.5 Richmond, VA Job Details $140,000•$160,000 a year 1 day ago Qualifications Stakeholder engagement Strategic management Regulatory compliance Collaborating with government agencies Information security compliance Team development CMS regulatory compliance Continuous improvement Team management Decision making Centers for Medicare and Medicaid Services (CMS) Security policy implementation Senior level Cross-functional collaboration Risk assessment implementation Vendor risk management Stakeholder relationship building Senior leadership Stakeholder management Full Job Description 28598 Richmond, Virginia, United States, 23219

State Corporation Commission Additional Detail Chief of Information Security & Privacy Anticipated Starting Salary Range:

$140,000•$160,000 Starting Salary Commensurate with Qualifications and Experience The State Corporation Commission’s (“SCC”) Health Benefit Exchange (“HBE” or “Exchange”) Division seeks a talented people leader for a Chief of Information Security & Privacy position on its senior leadership team. The selected candidate for this position will set the vision and strategic direction of the HBE’s privacy and security governance, risk and compliance programs to enable the organization’s mission, and foster a culture of innovation and continuous improvement. The Chief of Information Security & Privacy will serve as: a trusted advisor to senior leadership, translating risk into business terms to enable informed decision making; a collaborative partner across the organization; and as the HBE’s authority on matters of security, privacy, compliance, and risk management associated with operating Virginia’s Insurance Marketplace. This position offers a hybrid work schedule (some in-office and telework days each week) as well as a variety of professional development and training opportunities. Essential functions of this position include, but are not limited to, the following: • Set direction and provide governance and oversight for security, privacy, Governance Risk and Compliance aligned to HBE’s mission and priorities. • Lead, develop, and retain a high-performing InfoSec team, empowering direct reports and analysts to own operational execution. • Build and sustain working relationships across legal, business, IT operations, supplier management, program management, finance, SCC divisions, and external stakeholders including federal oversight bodies, vendors, auditors, partners, other state-based exchange counterparts. • Identify organizational, information, and supply chain risk, assess impact and likelihood, and clearly articulate risk posture and tradeoffs to leadership and governance bodies. • Serve as the HBE’s Senior Information Security Officer and Privacy Officer. • Ensure organizational alignment with applicable federal and state regulatory frameworks and standards including but not limited to Center for Medicare and Medicaid Services (CMS) ARC-AMPE, Internal Revenue Service (IRS)

PUB 1075, VITA SEC-530, SCC

(and successors). • Establish, maintain, and evolve HBE security and privacy policies, governance frameworks, and compliance posture. • Foster security and privacy culture throughout the HBE. • Oversee InfoSec specific contract compliance including SLAs, reports, and deliverables. • Perform related work as required.

Please Note:

SCC only accepts applications received through its career center site. Applications submitted through Virginia Jobs site directly will not be considered. For more information and to apply for this position directly on the SCC Career Center website, click the Additional Detail button on this page. To view all current SCC job openings, visit the SCC Career Center website and click the Search button under Job Search.