(DCIO) Chief Risk & Information Security Compliance Officer (CRISCO) (DOT Executive VIII)

Maryland Department of Transportation
Annapolis Neck, United States of America
1 month ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 211K

Job location

Remote
Annapolis Neck, United States of America

Tech stack

Computer Security
Information Systems
IT Management
Information Technology

Job description

If you have ever taken a flight from BWI Thurgood Marshall Airport; renewed your Maryland driver's license; traveled to an Orioles game on the Light Rail; embarked on a cruise from the Port of Baltimore; received roadside assistance from CHART Emergency Patrol; reduced your commute time by using one of Maryland's toll roads then you have experienced some of the superb services provided by the Maryland Department of Transportation (MDOT).

MDOT has various careers for people of all experiences, backgrounds, and abilities who come together to contribute to one mission-connecting our customers to life's opportunities. Join us in serving our Maryland residents, visitors, and businesses!

The Maryland Department of Transportation, The Secretary's Office (MDOT TSO), is seeking a (DCIO) Chief Risk & Information Security Compliance Officer (CRISCO) (DOT Executive VIII) to serve as the enterprise executive responsible for cybersecurity, risk management, regulatory compliance, and information governance across all MDOT modes. This role is critical to ensuring that MDOT's technology environment remains secure, compliant, resilient, and aligned with the Department's mission and public service obligations.

The CRISCO functions as a principal advisor to the Chief Information Officer and operates at the executive level as a peer to senior IT leadership. This position provides enterprise-wide authority to establish risk tolerance, enforce compliance standards, and oversee cybersecurity outcomes across MDOT's federated operating model. The CRISCO leads the integration of cybersecurity, enterprise risk management, audit, and compliance into a unified framework that supports modernization, protects critical infrastructure, and maintains public trust.

The incumbent provides executive leadership over MDOT's cybersecurity program, including direct oversight of the Deputy Chief Information Security Officer and associated teams responsible for security operations, engineering, and incident response. This position ensures that cybersecurity capabilities are aligned with enterprise risk tolerance, regulatory requirements, and operational priorities.

In this dynamic role, you will:

  • Establish and enforce enterprise-wide cybersecurity, risk management, and compliance strategy across all MDOT systems, data, and infrastructure. Defines risk tolerance and mandates corrective action across modes.
  • Provide executive leadership and full accountability for MDOT's enterprise cybersecurity program, including oversight of security operations, engineering, architecture, and incident response functions.
  • Direct and enforce compliance with State and Federal regulations, policies, and standards. Leads enterprise audit strategy, including audit readiness, response, and remediation enforcement.
  • Design and implement an enterprise risk management framework integrating cybersecurity, operational, data, and third-party risk into a unified governance model.
  • Exercise governance authority across MDOT's federated IT environment to ensure consistent adherence to enterprise standards and eliminate fragmented or duplicative implementations.
  • Serve as executive authority during major cybersecurity or data incidents, ensuring coordinated response across MDOT modes and external agencies, and enforcing post-incident corrective actions.

The current vacancy exists at MDOT TSO in the Office of Transportation Technology Services (OTTS), which is located in Hanover, MD. (Anne Arundel County).

This position may require travel between MDOT facilities and coordination with State and Federal agencies, and may also require after-hours availability during cybersecurity incidents, emergency operations, major outages, or critical operational events.

Requirements

Do you have experience in Senior leadership?, Do you have a Master's degree?, Education:A bachelor's degree from an accredited college or university in Information Technology, Cybersecurity, Risk Management, Business Administration, Public Policy, or a closely related field.

Experience:

Ten (10) years of progressive experience in enterprise risk management, cybersecurity, compliance, or governance within large, complex organizations.

Five (5) years must include executive or senior management roles with responsibility for enterprise-level decision making, policy development, and organizational oversight.

  • Experience in government or regulated industries preferred.

The ideal candidate will possess:

  • Master's degree in Information Systems, Business Administration, Public Policy, or related field.
  • Experience leading enterprise risk management, compliance, or governance programs at scale.
  • Experience overseeing cybersecurity functions while operating at a strategic, policy, and executive level
  • Strong understanding of regulatory frameworks, audit processes, and compliance enforcement.
  • Experience working in public sector, transportation, or other critical infrastructure environments.
  • Ability to operate independently with executive presence and sound judgment in high-impact decision making environments., Note: U.S. Armed Forces military service experience as defined under the Minimum Qualifications may be substituted for the required education and experience on a year-for-year basis.

Apply for this position