Deputy Chief Information Security Officer
Role details
Job location
Tech stack
Job description
The University of Virginia (UVA) seeks a dynamic and highly skilled Deputy Chief Information Security Officer (DCISO) to lead and evolve one of two critical security verticals: Security Operations or Security Engineering. Reporting directly to the Chief Information Security Officer, this high-impact role will be responsible for establishing and executing the strategic vision and roadmap for either Security Operations or Security Engineering-depending on the candidate's expertise and institutional needs.
As a senior leader within UVA's Information Security team, the DCISO will foster cross-functional relationships and collaborate closely with other key IT leaders within UVA's central Information Technology Services (ITS) department, as well as decentralized IT organizations across schools and business units. The DCISO will help advance information security objectives aligned with institutional priorities in a complex, decentralized academic environment.
Key Responsibilities
Depending on the selected vertical, responsibilities will include:
Security Operations (if selected):
- Lead a team of 4 full-time analysts and multiple student workers, augmented by a 24/7 outsourced Security Operations Center (SOC).
- Oversee security incident and phishing detection, investigation, and response across UVA's academic enterprise.
- Drive automation initiatives to reduce manual efforts and enhance threat response capabilities.
- Coordinate tabletop and purple teaming exercises to improve preparedness and resilience.
Security Engineering (if selected):
- Manage the acquisition, deployment, and maintenance of security technologies including SIEM, IDS/IPS, vulnerability management, asset inventory, threat analytics, and network monitoring.
- Implement automation to streamline security processes and reduce manual overhead.
- Provide security expertise and leadership in strategic IT and institutional projects.
General Responsibilities (applies to both verticals):
- Develop and execute strategic plans aligned with UVA's information security goals.
- Collaborate with ITS leadership and external stakeholders to mature security capabilities.
- Ensure compliance with relevant policies, regulations, and standards.
- Maintain awareness of the evolving cyber threat landscape and emerging technologies.
- Serve as a trusted advisor to the CISO and institutional leadership.
- Mentor and develop team members.
- Establish and report on cyber risk metrics for operational and executive audiences.
Requirements
- Bachelor's degree required; equivalent experience, education, or certifications may be considered. Master's degree preferred.
- 5 years of experience required of directly related information security experience, including leadership of technical teams preferred.
- Strong leadership and collaboration skills with the ability to influence across organizational boundaries.
- Deep understanding of information security principles, practices, and technologies.
- Deep understanding of current cyber threat landscape
- Proven success implementing security strategies in complex, decentralized environments.
- Broad technical knowledge across networking, systems, applications, identity, and cloud.
- Excellent communication and interpersonal skills tailored to diverse technical audiences.
Preferred:
- Advanced degree in Computer Science, Cybersecurity, or related field.
- 8+ years of experience in information security leadership.
- Experience leading enterprise-wide incident response efforts.
- Prior success in an academic or similarly decentralized institution.
- Experience managing MSSP/vendor relationships.
- Demonstrated success leading either a Security Operations or Security Engineering team.
Benefits & conditions
Salary Range: Commensurate with experience.
