IT Security Analyst

Job Summary

The Virginia Department of Transportation (VDOT) is seeking an IT Security Analyst to support the VDOT Information Security mission by implementing strategic approaches, ensuring adherence to Commonwealth of Virginia Information Security Policies and Standards, and mitigating emerging security risks. This position is responsible for a broad range of security functions, including identity and access management, risk management, business continuity, disaster recovery, security awareness, vulnerability management, AI compliance, and security incident response.

Key Responsibilities

• Documentation & Communication
• Develop business-focused documentation (processes, script narratives, executive summaries) for stakeholders with varied technical backgrounds.
• Provide written guidance on aligning projects with security policies and standards.
• Share insights on Security Architecture, IT Governance approaches, and best-practice implementation.
• Security Compliance & Risk Management
• Perform tasks related to security compliance, control evaluation, risk analysis, and exception documentation.
• Monitor and assess IT environments for compliance with information security architecture policies and standards.
• Partner with business units and enterprise architects to ensure solutions are risk-averse and strategically aligned.
• Strategic Consulting & Architecture
• Contribute to roadmaps and strategies supporting agency KPIs; provide security direction for future designs and technology alternatives.
• Design/implement enterprise security/technology patterns; consult on legacy solutions and modernization efforts.
• Research and share findings regarding architecture governance, platform technology, security, and cloud best practices.
• Security Operations & Incident Management
• Support identity and access management, security vulnerability management, and incident response activities.
• Collaborate with IS and IT teams to implement best-practice security measures in cloud, AI, ML, or other technologies.
• Coordinate with internal/external stakeholders to monitor security events, respond to incidents, and maintain business continuity/disaster recovery plans.
• Stakeholder Engagement & Training
• Communicate complex technical security issues in everyday language for broad cross-functional audiences.
• Assist in security awareness education and training initiatives to upskill staff and foster a security-conscious culture.
• Demonstrate the ability to build effective relationships with management, consultants, and service providers.

Required Qualifications

• Comprehensive knowledge of information security principles (trends, emerging technologies, controls, models, architecture).
• Practical experience in identity/access management, risk management, BC/DR planning, vulnerability management, security awareness, and incident response.
• Familiarity with Commonwealth of Virginia’s Information Security Standards and/or NIST 800-53.
• Excellent written and oral communication skills; ability to interpret laws/policies and manage relationships with diverse stakeholders.
• Monitoring experience for compliance with security architecture policies/standards.
• Substantial technical experience in at least two of the following areas: cloud, AI/ML, IAM, vulnerability management, firewalls, forensics, databases, collaboration tools, web/mail services.
• Proven input on security direction for future designs and strategic technology alternatives.
• Ability to work in a fast-paced environment, adapt to new skills, and meet customer needs.
• Understanding of customers’ priorities and business-critical platforms, applications, and services.

Qualifications

• Relevant industry certifications (e.g., CISSP, CISM, CEH) are advantageous.
• Experience leading security initiatives in large or complex organizations.
• Knowledge of AI/ML compliance and cloud best practices for secure design.

Work Environment & Expectations

• Onsite role at VDOT’s Office of Information Security (Richmond, VA).
• Collaborative environment with cross-functional teams, including IT, IS, and business stakeholders.
• Regular reporting to the Deputy Information Security Officer.
• Opportunity to shape and influence security initiatives across a large state agency

Job Type: Full-time

Pay: $100,206.00 - $107,093.00 per year

Schedule:

• Day shift
• Monday to Friday

Location:

• Richmond, VA 23219 (Required)

Work Location: In person

Salary : $100,206 - $107,093