Virtual Chief Information Security Officer (R-00080)

True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that said outcomes begin and end with our people, and that is what we have built, a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top tier services to our customers. In 2023, True Zero was recognized as a “Best Places to Work” in two categories ("Prosperous and Thriving" ($5MM – $50MM in gross revenue) and "Mid-Atlantic Region" (DC, DE, MD, NC, VA, WV)) and in 2022, was recognized as one of Inc. Magazine’s Top 5000 Fastest Growing Companies.

Job Responsibilities

• Lead and conduct cyber risk assessments, including iterative analysis of prior assessments.
• Serve as “Qualified Individual” under the Gramm-Leach-Bliley Act
• (GLBA), providing quarterly updates to leadership and the Board of Trustees.
• Develop and enhance the information security program, leveraging frameworks such as CIS Critical Security Controls and Implementation
• Perform vendor risk assessments (e.g., HECVAT) and update vendor management policies.
• Provide leadership during cybersecurity incidents including response, containment, mitigation, and post-incident reporting.
• Maintain, revise, and implement cybersecurity policies including:Incident Response Plan, Information Security Plans, Vendor management, Data solutions, Software, and Hardware Asset Management Policies, and Vulnerability Management
• Guide security operations, including real-time threat analysis and incident simulations.
• Provide ongoing compliance support with FERPA, HIPAA, GLBA, and Maryland privacy laws.
• Support and expand the cybersecurity awareness and training programs.
• Develop security metrics (KPIs/KRIs), dashboards, and monthly reporting to leadership.
• Guide the college in Zero Trust Architecture readiness and roadmap development.
• Provide cloud security posture assessments (e.g., Microsoft 365, AWS, Azure).
• Conduct tabletop exercises and business continuity planning.
• Deep understanding of cybersecurity principles, tools, and best practices.
• Strategic leadership and communication skills.
• Experience with higher education regulatory compliance (GLBA, FERPA,
• HIPAA).
• Proficiency with security frameworks (CIS, NIST 800-53), risk assessments, and threat intelligence.
• Familiarity with modern security technologies (e.g., SIEM, IAM, EDR)
• Ideally, more than 2 years of experience serving as the CISO for an organization with greater than 2500 employees providing access to IT services for more than 20,000 customers

Required Qualifications

• 7–10 years in IT security roles (e.g., Security Analyst, Network
• Administrator).
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field from an accredited U.S. institution (Master’s preferred)
• Proven leadership experience in managing cybersecurity strategies and teams.
• Certifications (at least one required)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• In-depth knowledge of HECVAT
• Strong organizational and project management abilities.
• Experience working with higher education institutions.
• Up-to-date knowledge of evolving cybersecurity trends and threats.
• Demonstrates ability to deliver concise reports and executive-level briefings