Information Security Officer

Information Security Officer

Location: Hybrid (Up to 90% Remote with Management Approval)

Job Description:

Our client is seeking an Information Security Officer to serve as the primary security advisor for agency and executive leadership. This role focuses on strengthening security posture by identifying, assessing, and mitigating cybersecurity risks while ensuring compliance with state and federal regulations. The ideal candidate will provide strategic security guidance, lead risk management initiatives, and collaborate with stakeholders to align security measures with business objectives.

• Key Responsibilities:Collaborate with agencies and stakeholders to assess and enhance security strategies, ensuring alignment with business goals.
• Conduct risk assessments and recommend remediation strategies to mitigate threats and vulnerabilities.
• Act as the primary point of contact for security escalations, ensuring timely and effective incident response.
• Develop, review, and enforce security policies, standards, and best practices to maintain regulatory compliance.
• Evaluate vendor and third-party security controls to ensure adherence to security requirements.
• Support internal and external security audits, providing necessary documentation and guidance.
• Stay informed on emerging cybersecurity threats, technologies, and best practices to strengthen defenses.
• Collaborate on business continuity and disaster recovery planning to ensure resilience against disruptions.
• Required Skills & Experience:5-7 years of experience in information security, risk management, or IT security consultancy.
• Bachelor’s degree in Information Technology, Cybersecurity, or a related field (or four years of equivalent experience).
• Strong knowledge of NIST Security and Privacy Controls for Information Systems.
• Experience leading security initiatives, managing risks, and ensuring compliance with security policies.
• Excellent communication skills with the ability to present complex security concepts to non-technical stakeholders.
• Ability to work independently and make informed decisions on critical security matters.
• Strong collaboration skills, with experience working across agencies and stakeholder groups.
• Preferred Qualifications:Cybersecurity certifications such as CISSP, CISM, or CISA.
• Experience with regulatory compliance requirements for federally protected data.
• Familiarity with complex IT environments and security.