Deputy CISO for Policy and Program Management

Deputy CISO for Policy and Program Management (EMS 3)

WaTech: Leading the way forward!

Washington Technology Solutions (WaTech) is at the forefront of integrating cutting-edge technologies that revolutionize how state services are delivered in Washington. By joining the WaTech team, you will contribute to assisting other state agencies in providing essential services to millions of Washingtonians daily. WaTech manages the state's essential technology infrastructure, enhancing governmental efficiency, security, and safety

About the position

The Deputy Chief Information Security Officer (CISO) for Policy and Program Management is a member of the leadership team within the Office of Cybersecurity (OCS), and reports to the State CISO.

The Deputy CISO for Policy and Program Management is responsible for ensuring compliance with information technology security policies, standards and industry best practices on behalf of the State CISO and OCS. This position plays a critical role in the statewide organization of information security and is responsible for safeguarding the state’s information systems and data from security threats and exposures. This executive-level position involves strategic planning, risk management, policy development, and collaboration with agencies, third parties, and external entities to ensure a robust and resilient cybersecurity posture.

Some of what to expect in this role:

• Lead and manage a diverse team of information security professionals.
• Effectively protect government information, data, and resources from threats in a dynamic environment by making strategic security and compliance decisions.
• Continually engage with the state’s information technology security community to ascertain the state of real-time readiness and effectiveness through the collection, aggregation and analysis of information technology security-related compliance and event data.
• Assess and update the state’s cybersecurity roadmap to address emerging threats and technologies.
• Identify, assess and prioritize statewide cybersecurity risks.
• Provide oversight of federal, state, and local audits and reviews for agencies.
• Develop and maintain the state’s enterprise information security architecture.
• Communicate effectively with agency partners and employees regarding cybersecurity risks, incidents and strategies.
• Assess and manage cybersecurity risks associated with third-party vendors and partners.
• Oversee the planning, execution and delivery of information security projects and programs.
• Participate and assist in developing, reviewing and recommending statewide information technology policies, technical and operational standards, procedures and guidelines.
• Govern and oversee the development, implementation and maintenance of enterprise security programs and plans. 
• Establish, document and manage the statewide information security risk management strategy, process and program.

Here’s what we’re looking for:

• Ten years of experience in the field of information technology. This experience includes: 
• Six years of recent experience in the field of Information Security, in each of the following: 
  • Supervisory experience leading technical teams.
  • Developing and implementing policies and standards in a large enterprise environment. 
  • Assessing security threats and recommending appropriate mitigation strategies and compensating controls. 
  • Identifying security solutions that meet predefined regulatory/compliance requirements.

* A bachelor’s in computer science, business administration, information security, or a related field may substitute for four out of the 10 years of experience required.

• Experience in interpreting law and administrative rules to understand how existing, newly introduced or proposed legislation impacts the delivery and implementation of information security policy and standards.
• In-depth knowledge of cybersecurity principles, technologies and best practices.
• Demonstrated ability to lead and manage complex work tasks of security and technical employees in a fast-paced operational work unit.
• Ability to communicate complex technical issues with technical staff, customer security professionals, and non-technical senior management.
• Demonstrated knowledge and ability in negotiating and managing third-party vendor contracts.
• Excellent leadership and communication skills.

Preference may be granted to applicants with the following:

• A master’s degree in cybersecurity, information security, and other applicable industry-accepted certifications, such as: 
  • Certified Information Systems Security Professional (CISSP). 
  • Holistic Information Security Practitioner (HISP). 
  • Certified Information Security Manager (CISM). 
  • Certified Information Systems Auditor (CISA). 
  • Certified in Risk and Information Systems Controls (CRISC).
• Demonstrated experience in budget development, implementation and financial forecasting of business technology

Telework: 

This position is approved for telework. However, you must be within commuting distance to the Olympia, Washington office and be available to come to the office one to two times a week. 

We value diversity and different perspectives:

WaTech is committed to providing equal access and opportunities to all qualified applicants and employees. We seek to attract and retain a diverse staff and welcome your experiences, perspectives and unique identity. 

What WaTech offers:

As an employee of WaTech, you’ll have access to an outstanding employee benefits package that includes medical and dental plan options for you and your family, paid leave and holidays, retirement plan options and more. 

While WaTech is headquartered in Olympia, Washington, which is near some of the country’s most scenic national parks, we are able to offer many of our positions telework and flexible schedule options to help support a healthy work-life balance. 

To learn more about WaTech and what our employees enjoy about working here, please visit our website. 

How to apply:

Applications for this recruitment will be accepted electronically. Please select the large “apply” button at the top of this announcement. You may need to create a profile and account in Washington state's automated application system. We invite you to include your name and pronouns in your material to ensure we address you correctly throughout the application process.

To be considered for this position you will need to:

• Submit a complete Online Application. 
• Answer all required Supplemental Questions.
• Attach a Letter of Interest that addresses how your experience qualifies you for this role.  
• Attach a Resume that clearly documents the work history, training, and education that makes you a viable and competitive candidate for this position. 
• Attach a separate document with at least Three Professional References. This should include: reference name, nature of the relationship (i.e. company and supervisor, coworker, etc.), phone number, and email. References should be individuals you have worked with in the past five years, if possible, and include at least one current, or most recent supervisor.  *We will not conduct reference checks without your signed release. 

Note: Applications without the requested information identified above or containing supplemental question responses with comments such as "see resume" may lead to your application being disqualified from consideration.  

Applicants wishing to claim Veterans Preference should attach a copy of their DD-214 (Member 4 copy), NGB 22, or signed verification of service letter from the United States Department of Veterans Affairs to their application. (Please redact any personally identifiable data such as social security number prior to submittal.)

Conditions of employment:

This position requires a background check. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability and competence to perform in the position and is a continued condition of employment. 

Recruitment process:

First round of application assessments will be conducted seven days after the initial job posting date. The hiring authority reserves the right to offer the position at any time after the initial seven-day job posting date during the recruitment process. It is to the applicant's advantage to apply as early as possible. This recruitment may be used to fill multiple positions. There will be an assignment as a part of the assessment process. You will be given more details if you’re selected to move to a second interview.

Contact us: For inquiries about this position, please contact Rebekah Wilkes at (360) 407-8646 or email to Rebekah.Wilkes@WaTech.wa.gov