Chief Information Security Officer

Full Job Description

The Chief Information Security Officer (CISO) is responsible for leading the enterprise-wide strategy and vision for information security for the South Carolina Judicial Branch (SCJB). This executive level role ensures the confidentiality, integrity and availability of data, and IT infrastructure by proactively assessing threats, setting strategic direction, and implementing robust security frameworks and architectures. The CISO provides strategic counsel to executive leadership on information security governance, enterprise risk, and regulatory compliance.

Essential Duties and Responsibilities of the Position
Develop and execute a enterprise wide information security strategy aligned with industry standards and state and federal requirements. Provide a forward-thinking information security vision that empowers SCJB to achieve its strategic goals by embedding robust information security practices into all facets of the organization.

Lead enterprise risk assessments and vulnerability management efforts. Establish technical controls and solutions to mitigate risks and safeguard SCJB's technology infrastructure and data. Ensure all vulnerabilities are identified, prioritized, and remediated. Provide executive reporting on risk exposure, trends, and mitigation progress, and integrate findings into strategic planning and decision making.

Ensure that all new technology solutions are subject to formal security review and vulnerability management processes, with identified risks evaluated, documented, and remediated in alignment with enterprise risk tolerance. Designs, tests, and implement new security systems as approved by SCJB. Work closely with other teams as needed to coordinate testing, installation, and communication.

Foster an information security aware culture across all levels of the organization through ongoing education, training, and communication strategies. Oversee the maintenance of the security awareness training portal. Ensure that the security training is assigned as scheduled, and collaborate with the IT Help Desk to investigate and resolve issues. Plan, design, and monitor periodic Phishing Assessments to test employees' security awareness, and communicate security awareness results.

Lead SCJB in establishing and maintaining a Disaster Recovery and Business Continuity plan. Coordinate meetings and exercises of the Crisis Management Team and facilitates disaster recovery testing.

Oversee the Office of Information Security, ensuring the effective management and implementation of essential cybersecurity frameworks. Responsible for organizational planning, budget planning, and strategic vision. Assist in the development of SCJB policies and their implementation as necessary. Mentor staff to support and advance SCJB's information security posture.

As a member of the Executive team, collaborates with Division Directors and senior leaders and conveys information security initiatives ensuring that the vision, goals, and values of SCJB are being attained. Provide regular status updates and reports to the State Court Administrator.

Manage the SCJB’s risk and compliance program, including conducting risk assessments, coordinating remediation for identified risks, ensuring policies align with national and state frameworks, maintaining compliance with applicable laws and standards, and overseeing the SCJB Business Continuity program.

Performs all other duties as assigned.

Requirements

Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field.
Ten (10) years of progressive experience in information security, including leadership roles.
Proven experience in managing enterprise wide security programs, policies, and risk mitigation initiatives.
Strong communication and collaboration skills are needed, along with the ability to explain security and risk concepts to both technical and non-technical audiences.
A minimum of 2 of the following certifications: Cisco CCNA, Security +, SANS/GIAC, CISM, CISSP, Check Point CCSA; OR 2+ years documented recent experience with firewall clusters, virtualized firewalls, distributed firewall systems and IDS/IPS systems, 2+ years documented recent experience managing the configurations of workstations, servers and network infrastructure including switches and routers.
Security Awareness Training experience for end users.

Qualifications

Experience in federal, state or local government, judicial, or highly regulated environments. Previous experience as the lead security officer for an organization.

Knowledge, Skills, Abilities and Other Characteristics
Advanced knowledge within the IT industry over a broad range of areas, including enterprise risk management methodologies and information security frameworks. Knowledge of computer system analysis, design, testing, debugging, maintenance techniques and data communications. Knowledge of security architecture and engineering, cloud security, endpoint protection, and encryption standards. Knowledge of business continuity and disaster recovery planning. Knowledge of office automation systems, information processing operations, fiber optics, and computer hardware/software as relating to voice and data network connectivity.

Ability to plan, organize, direct and review the work of technical personnel. Ability to write detailed, technical documentation on security policies and procedures. Ability to communicate with audiences with varying levels of technical knowledge. Moderate project management skills. Ability to handle multiple engagements with overlapping deadlines.

Ability to present technical and non-technical reports in a clear and concise manner. Ability to train, mentor, and coordinate work in a team environment. Ability to establish effective working relationships with management staff, users and vendors. Ability to stay current on security issues through research, training, and industry conferences.

Additional Information

The South Carolina Judicial Branch offers an exceptional benefits package for FTE positions that include:

• Health, Dental, Vision, Long Term Disability, and Life Insurance for Employee, Spouse, and Children.
• State Retirement Plan and Deferred Compensation Programs (Temporary positions have option to enroll).
• 15 days paid annual (vacation) leave per year.
• 15 days paid sick leave per year.
• Option to designate 10 days of earned paid sick leave per year as family sick leave.
• 13 paid state holidays.
• Workers’ Compensation Benefits.