Chief of Information Technology Security

Chief of IT Security,
Department of Information Technology
Full-Time, 12 Months
Exempt, Pay Grade 38
VRS-Eligible, Benefits-Eligible

Job Summary/Objectives:

The Information Technology Security Division Chief is responsible for leading and executing the County’s enterprise-wide information security strategy, with a focus on cybersecurity, infrastructure resilience, and operational efficiency. This role oversees the development, implementation, and enforcement of information security policies, security protocols, and governance frameworks to protect County data and systems. The IT Security Division Chief ensures alignment of technology initiatives with organizational goals, provides expert guidance across departments, and leads incident response, risk mitigation, information security strategy, governance, vulnerability management, security awareness training, and compliance efforts. This role is highly visible and regularly briefs IT executives as well as senior County leadership. The IT Security Division Chief’s role will combine accountability and responsibility for information security, data security and network monitoring and protection against cyber threats.

Reporting to the Assistant Director of Systems and Security, this position plays a critical leadership role in safeguarding digital assets and enabling secure, reliable public service delivery.

Essential Functions:

• Provide strategic leadership and oversight of the County’s cybersecurity posture, including threat detection, vulnerability management, and incident response coordination.
• Serve as the County’s primary point of contact for cybersecurity alerts, advisories, and inter-agency coordination.
• Develop, implement, and maintain County-wide information security policies, standards, and procedures.
• Deliver regular status updates to supervisor and executive management
• Conduct regular risk assessments, security audits, and compliance reviews to identify and mitigate vulnerabilities.
• Lead the evaluation and deployment of secure system and network architectures, ensuring alignment with best practices and regulatory requirements.
• Oversee security audits, risk assessments, and continuous improvement initiatives to evaluate cybersecurity posture
• Oversee technical documentation related to system security configurations, controls, and operational procedures.
• Coordinate cross-departmental IT responses to security incidents and ensure timely resolution and reporting.
• Act as liaison with cybersecurity vendors, internal departments, contractors, boards, and external agencies
• Manage cybersecurity awareness training and education programs for County staff to promote a culture of security.
• Stay current with evolving threats, technologies, and regulatory requirements to proactively adapt the County’s security strategy.
• Collaborate with state, federal, and academic partners on cybersecurity initiatives and information sharing.
• Supervise and mentor IT staff, fostering professional development and ensuring high performance in support of County objectives.
• Lead a high-performing team, cultivating accountability, innovation, and cross-functional collaboration to ensure delivery and excellence.
• Exceptional customer service. Ability to establish and maintain effective working relationships with county and school officials, principals, department heads and other partner agencies.
• Perform additional duties as assigned

Competency: Knowledge/Skills/Abilities :

• Proven leadership and supervisory capabilities with strong analytical and decision-making skills.
• Exceptional verbal and written communication, including the ability to present complex technical concepts to diverse audiences.
• Extensive knowledge of enterprise data and network security principles, strategy, best practices and advanced protection techniques.
• Expertise in cybersecurity frameworks, policies, laws, and regulatory compliance (e.g., NIST, FISMA, PCI, HIPAA).
• Ability to own and manage cybersecurity plans and procedures, establishing network monitoring and problem detection procedures.
• Proven leadership ability.
• Strong understanding of project management methodologies and their application in IT operations.
• Demonstrated ability to develop and implement enterprise-wide cybersecurity strategies and policies.
• Skilled in collaborating with internal stakeholders and external partners to design and maintain comprehensive security programs.
• Proficient in evaluating and integrating emerging cybersecurity technologies to meet evolving organizational needs.
• Ability to lead incident response, risk assessments, and continuous improvement initiatives.
• Adept at aligning IT security initiatives with organizational goals and regulatory requirements.
• High attention to detail, with strong organizational, interpersonal, and motivational skills.
• Capable of working independently and under pressure in a collaborative, service-oriented environment.
• Ability to motivate in a team-oriented, collaborative environment.
• Incumbent must exhibit strong leadership attitude in support of project, department, and County goals, and must have demonstrated ability to lead others in a team environment.

Extensive knowledge of, or familiarity with:

• NIST Cybersecurity Framework 2.0
• NIST SP 800-100
• NIST SP 800-171r3
• MITRE ATT&CH framework
• ISO/IEC 27001
• COBIT
• CIS Controls
• PCI-DSS
• HIPAA

Required Education/Certifications:

Seven or more years’ combined experience as an Information Security Manager. Demonstrated supervisory experience in an enterprise technology environment.

One of the following:

• Baccalaureate degree from an accredited four-year college/university in Computer Science, Information Systems Management, or a related field.
• Community college degree in Computer Science or Information Systems.
• Additional experience may be substituted for education.

Preferred Qualifications/Certifications:

• Prefer 10+ years of related experience.
• Relevant certifications such as CISSP, CISM, Security+, CySA+, GSEC, CCSP, CISA.

Physical and Mental Requirements:

• Work is typically performed in an office, data center or conference rooms.
• Communicate in in-person and virtual meetings.
• Regular use of telephone and chat.
• Regular use of computers.
• Regular handling of small computer components.
• Lifting of up to 100 pounds.
• Occasional need to perform urgent tasks to meet organizational deadlines.
• Occasional work after normal business hours.
• Occasional weekend duties.
• Occasional operation of County vehicles to travel to locations throughout the County is required.
• Regular contact other county employees and senior leadership at all levels of County government.
• Employees in this position may be considered essential personnel and fall under Albemarle County AP4 and in addition, be subject to working overtime, being held over, or called back for disasters, local emergencies, or special events.

Remote Work:

This position is eligible for a hybrid remote work schedule that is in compliance with the County’s Remote Work Policy and meets the operational and service needs for the position. All County staff must maintain residence within the Commonwealth of Virginia.

Salary Range:

The hiring range for this position is $51.43 - $56.84 per hour (approx. $ 106,971 - $118,231 per year). Starting offer is based on applicable education beyond minimum requirements and internal equity. The position also provides excellent benefits including 12 paid holidays, paid vacation and sick leave, health insurance options with employer contribution, employer-paid life insurance, VRS retirement, and continuing education/training opportunities. This is a full time, FLSA exempt position. Internal candidates will receive pay adjustments in accordance with Local Government Personnel Policy, §P-60.

DEADLINE FOR APPLICATIONS: Application window closes September 17, 2025.

Virginia Values Veterans:

Albemarle County is a certified V3 organization.

EOE/EEO:

Albemarle County is an equal employment opportunity employer, and does not discriminate against any group or individual on the basis of race, color, religion, sex, sexual orientation, national origin, age or disability in regards to any aspect of employment policy and practice: recruitment, testing, selection, assignment, pay, conditions of work, training, leave, overtime, promotion, discipline, demotion, and separation.

• 

• Albemarle County

Show more