Deputy Chief Information Security Officer

Deputy Chief Information Security Officer

Company: Virginia Tech

Job Location: Blacksburg, 24061

Category: Network/System Administrator

Type: Full-Time

Applications and Nominations

Virginia Tech has retained Next Generation Leadership Partners to support this search.
For full consideration, applicants should submit their original cover letters and resumes here by May 15th.

Inquiries and nominations should be directed to Phil Goldstein - phil@nextgenpartnersllc.com.

Position Overview

Virginia Tech seeks an experienced information security leader with a track record for helping large, complex organizations protect the privacy, availability and security of their digital assets. The Deputy CISO supports the strategic direction, operational execution, and continuous improvement of the university's cybersecurity program, ensuring the protection of institutional data, systems, research, and academic missions. The position oversees all aspects of security operations and incident response, supports the work of a peer leader overseeing identity services.

The Deputy CISO Position

The Deputy Chief Information Security Officer (Deputy CISO) serves as a senior leader within the institution's information security program and reports to the Associate Vice President and Chief Information Security Officer (CISO). The Deputy CISO will partner with the CISO to define and execute the institution's cybersecurity strategy, roadmap, and priorities. This role will lead day-to-day operations of the information security program, ensuring alignment with institutional goals and academic values, and serve as acting CISO in the absence of the CISO.

Virginia Tech is in the midst of implementing an institutional technology plan that is enhancing administrative applications, data platforms, the IT customer experience, and data protections and uses. Likewise, working with campus partners, the Division of IT is expanding support for research and instruction and enabling effective and ethical adoption of AI. Effective information security is a foundational element of all dimensions of the strategy.

Position Responsibilities

This role bridges strategy and operations, translating institutional risk tolerance, policy, and regulatory requirements into effective security practices across academic, research, and administrative environments.

Cybersecurity Operations & Incident Response

• Provide oversight of security operations, including monitoring, detection, vulnerability management, and incident response.
• Help establish metrics and reporting to measure program effectiveness and risk posture.
• Help oversee institutional cybersecurity risk management activities, including risk assessments, risk acceptance, and mitigation planning.
• Contribute to enterprise risk management (ERM) efforts and executive-level risk reporting.
• Help ensure incident response plans are maintained, tested, and integrated with campus emergency management and communications.
• Support response to significant cybersecurity incidents, including coordination with internal and external stakeholders.
• Oversee post-incident reviews and continuous improvement efforts.

Research, Compliance, & Regulatory Support

• Support security requirements for regulated and sensitive data, including FERPA, PHI, PCI-DSS, GLBA, export controls, and sponsored research (e.g., NIST 800-171 / CMMC where applicable).
• Collaborate with research administration to enable secure research computing environments.
• Assist with audits, assessments, and compliance reporting.
• Provide guidance on third-party risk management and vendor security reviews.
• Oversee the IT Security Lab, supporting hands on security research, testing and workforce development.

Awareness, Training, & Community Engagement

• Lead and support the development and delivery of cybersecurity awareness and education programs for faculty, staff, students, and researchers.
• Promote a culture of shared responsibility for security across the institution.
• Communicate risk and security concepts clearly to non-technical audiences.
• Represent the institution in higher-education cybersecurity communities and consortia.

Team Leadership & Development

• Manage and mentor information security staff and leaders.
• Foster a collaborative, inclusive, and service-oriented team culture.
• Support professional development and succession planning within the security organization.
• Help recruit, retain, and develop diverse cybersecurity talent.

Required Qualifications

• Master's degree in Information Security, computer science, Information Systems, STEM, or a related field OR bachelor's degree plus training and work experience that equates to a master's degree.
• Significant years of progressively responsible experience in information security, IT risk management, or related areas.
• Demonstrated experience leading cybersecurity programs or teams.
• Strong knowledge of security frameworks and standards (e.g., NIST CSF, NIST SP 800-53, CIS Critical Security Controls).
• Experience with incident response, risk assessment, and security operations.
• Ability to communicate effectively with technical and non-technical stakeholders.
• Experience working in or supporting complex, decentralized organizations.
• Demonstrated ability to successfully handle sensitive discussions, maintain confidentiality, strong personal ethics commitment, strong personal integrity, and demonstrated sound judgment.

Preferred Qualifications

• Experience in higher education, research institutions, or public sector environments.
• Familiarity with higher-education regulatory and compliance requirements.
• Relevant professional certifications (e.g., CISSP, CISM, CRISC).
• Experience supporting research computing and federally funded research security requirements.
• Experience with shared governance and consensus-driven environments

Overtime Status Exempt: Not eligible for overtime

Appointment Type Regular

Salary Information Commensurate with experience

Hours per week 40

Review Date 05/15/2026

Additional Information
No visa sponsorship is available for this position.
The successful candidate will be required to have a criminal conviction check.