Deputy Chief Information Security Officer for Security Operations

Salary: $120,000.00 - $154,848.00 Annually
Location : Thurston County - Olympia, WA
Job Type: Exempt
Remote Employment: Flexible/Hybrid
Job Number: 2025-WaTech-7
Department: Washington Technology Solutions
Division: OCS
Opening Date: 04/21/2025
Closing Date: 5/12/:59 PM Pacific

Description
Deputy Chief Information Security Officer (CISO) for Security Operations (EMS 3)

WaTech: Leading the way forward.

Washington Technology Solutions (WaTech) is at the forefront of integrating cutting-edge technologies that revolutionize how state services are delivered in Washington. By joining the WaTech team, you contribute to assisting other state agencies in providing essential services to millions of Washingtonians daily. WaTech manages the state's essential technology infrastructure, enhancing governmental efficiency, security and safety.
About the position

The Deputy Chief Information Security Officer (CISO) for Security Operations is one of four deputies and a key member of the leadership team in the Office of Cybersecurity. In this position, you will manage the Security Operations Center (SOC), Computer Incident Response (CIRT), and vulnerability management teams to track, coordinate, analyze and address security issues effectively. This position plays a critical role in the statewide organization of information security and is responsible for safeguarding the state's information systems and data from security threats and exposures. In this role you will be relied upon to manage enterprise security platforms and facilitate services, advise WaTech, state agencies and the statewide enterprise on our security direction and resource investments, and administer a model to effectively manage information security incidents and risks.

Duties
Some of what to expect with this role:

• Direct and oversee the operations of the Security Operations Center (SOC) and vulnerability management teams to actively defend the state government network from cyberattacks.
• Select and implement appropriate security tools for the hybrid (on-premises and cloud) infrastructure.
• Strategically design the collection and aggregation of data to detect and respond to threats, decrease false positives, and improve focus on real and actionable incidents.
• Measure SOC performance metrics and report on security operations and incident management to WaTech and state agency leaders.
• Oversee the management and maintenance of security platforms, tools and technologies, such as intrusion detection/prevention systems (IDS/IPS), security information and event management (SIEM) systems, network monitoring, and endpoint detection and response (EDR) solutions.
• Coordinate with other IT and business units to integrate security controls and practices into the organization's operations.
• Direct and oversee the day-to-day operations of the Computer Incident Response (CIRT) team.
• Develop and implement a comprehensive security operations strategy aligned with the state's overall security objectives and risk management framework.
• Monitor and analyze threat intelligence sources to identify threats and vulnerabilities to the organization's information assets.
• Establish and maintain a robust vulnerability management program in coordination with state agencies to identify, prioritize, address and report the vulnerability status in a timely manner.

Here's what we're looking for:

• 12 years of experience in the field of information technology. This experience includes:
  • Four years of experience in managing security operations, incident response and threat intelligence functions.
  • Six years of recent experience in Information Security in each of the following areas:
    • Supervisory experience leading technical teams.
    • Developing and implementing policies and standards in a large enterprise environment.
    • Assessing security threats and recommending appropriate mitigation strategies and compensating controls.
    • Identifying security solutions that meet predefined regulatory/compliance requirements.

A bachelor's or master's degree in computer science, Business Administration, Information Security, or a related field may substitute for four or six years, respectively, of the overall 12 years of required experience.

• Demonstrated experience in implementing and managing security technologies and tools, including SIEM, IDS/IPS, firewalls, and endpoint protection systems.
• Strong understanding of relevant laws, regulations, and compliance requirements and experience interpreting laws, regulations, and administrative rules to understand how existing and newly introduced legislation impacts the delivery and implementation of information technology security policy and standards.
• Proven experience in a senior cybersecurity leadership role.
• Demonstrated ability to assess security threats and recommend appropriate mitigation strategies quickly.
• Demonstrated ability to lead and manage complex work tasks of security and technical employees in a fast-paced operational work unit.
• Ability to lead response efforts for single- or multiple-entity cybersecurity incidents.
• Ability to communicate complex technical issues with technical staff, customer security professionals and non-technical senior management.
• In-depth knowledge of cybersecurity principles, technologies and best practices.
• Demonstrated knowledge and ability in negotiating and managing third-party vendor contracts.

Preference may be granted to applicants with the following:

• A master's degree in computer science, Business Administration, Information Security, or a related field.
• Applicable industry-accepted certifications, including but not limited to:
  • Certified Information Systems Security Professional (CISSP).
  • Holistic Information Security Practitioner (HISP) - Certified Information Security Manager (CISM).
  • Certified Information Systems Auditor (CISA).
  • Certified in Risk and Information Systems Controls (CRISC).
• Department of Homeland Security (DHS) secret-level clearance.
• Ability to speak effectively and persuasively before a large audience.
• Demonstrated experience in budget development, implementation, and financial forecasting of information technology services.
• Demonstrated experience in project management, including managing multiple projects with strong organizational and time-management skills.
• Demonstrated commitment to continuous learning and professional development, such as participation in professional organizations (e.g., ISACA, ISC2) and attendance at industry conferences.
• Previous experience in managing information technology in the government or public sector is highly desirable.

Telework: This position is approved for telework. However, requires the incumbent to come onsite monthly to attend meetings and training, or as needed for business purposes.
We value diversity and different perspectives:

WaTech is committed to providing equal access and opportunities to all qualified applicants and employees. We seek to attract and retain a diverse staff and welcome your experiences, perspectives, and unique identity.

What WaTech Offers:

As an employee of WaTech, you'll have access to an outstanding that includes medical and dental plan options for you and your family, paid leave and holidays, retirement plan options and more.
While WaTech is headquartered in Olympia, Washington, which is near some of the country's most , we are able to offer many of our positions telework and flexible schedule options to help support a healthy work life balance.
To learn more about WaTech, and what our employees enjoy about working here, please .
How to apply:

Applications for this recruitment will be accepted electronically. Please select the large "apply button" at the top of this announcement. You may need to create a profile and account in Washington state's automated application system. We invite you to include your name and pronouns in your material to ensure we address you correctly throughout the application process.
To be considered for this position you will need to:

• Submit your online application.
• Answer all required Supplemental Questions.
• Attach a Letter of Interest that addresses how your experience qualifies you for this role.
• Attach a Resume that clearly documents the work history, training, and education that makes you a viable and competitive candidate for this position.

• Include Three professional references and their contact information.

Applicants wishing to claim Veterans Preference should attach a copy of their DD-214 (Member 4 copy), NGB 22, or signed verification of service letter from the United States Department of Veterans Affairs to their application. (Please redact any personally identifiable data such as social security number prior to submittal.)

Note: Applications without the requested attachments identified above or containing supplemental question responses with comments such as "see resume" may lead to your application being disqualified from consideration.

Conditions of employment:

This position requires a background check . click apply for full job details