GRC Lead and Backup ISO

Title: GRC Lead and Backup ISO

State Role Title: Information Technology Specialist III

Hiring Range: Commensurate with Experience

Pay Band: 6

Agency: Department of Taxation

Location: Main Street Centre

Agency Website: https://www.tax.virginia.gov/work-with-us 

Recruitment Type: General Public - G

Job Duties

The Virginia Department of Taxation’s Office of Information Security seeks a Governance, Risk, and Compliance (GRC) Lead/Back Up ISO to manage the governance, risk, and compliance programs. This position will work under the guidance of the Information Security Officer (ISO), and with the assistance of a GRC team to guide the direction of the Virginia Tax security program and ensure compliance across our organization.

The Virginia Department of Taxation’s Office of Information Security is seeking an experienced security leader to serve as both GRC Team Lead and Backup Information Security Officer (ISO). In this pivotal role, you will drive the organization's security strategy by managing our governance frameworks, enterprise risk programs, and compliance initiatives. Working directly with the ISO and leading a dedicated GRC team, you will shape security policies, provide strategic guidance to stakeholders, and ensure the protection of critical systems and sensitive data across the enterprise. This position offers the unique opportunity to serve as both a technical advisor and strategic leader in maintaining our agency's security posture.


As a GRC Lead/Backup ISO you will: 

Provide strategic leadership to the GRC team while mentoring analysts on implementing security standards across existing and legacy systems, ensuring best practices are maintained throughout the organization.

Design and develop comprehensive security policies, standards, and guidelines that align with federal and state regulations while maintaining the confidentiality, integrity, and availability of critical systems.

Lead enterprise risk assessments and collaborate with business units to identify, document, and mitigate potential security threats to business processes and IT systems.

Oversee system compliance reviews, evaluate technical configurations including firewalls and application code changes, and guide technical staff in meeting security requirements across multiple systems.

Serve as the backup Information Security Officer, managing incident response coordination, reviewing security exceptions, and providing time-sensitive approvals for firewall rules and identity/access management requests.

Drive the security program's strategic direction by creating and maintaining compliance calendars, coordinating with internal and external stakeholders, and ensuring consistent communication of security initiatives across the organization.

This position is located in our Central Office in downtown Richmond, Virginia. 
 
This position is eligible for a hybrid telework schedule. 
 
The anticipated hiring salary is up to $145,000, commensurate with experience. 

As a member of the Virginia Tax team, you can expect additional benefits such as: 

• Job stability and quality of life! Enjoy your work/life balance with flexible schedule options and up to two days of telework per week. 
• 12 Paid State holidays on top of vacation, sick, volunteer, and personal leave! 
• Comprehensive and affordable health benefits. 
• Got student loans? You may be eligible for the Public Service Loan Forgiveness program. 
• Participation in the Virginia Retirement System, VA 457 Deferred Comp, and more. 

At Virginia Tax… 

We are dedicated, resourceful individuals who strive to exceed our customers’ expectations. Not only do we serve the public, we are the public. We are a part of a community that cares about and celebrates each other, who promote opportunities for growth within a stable environment, and support a healthy work-life balance.  

What we do matters. So do you.

Minimum Qualifications

Progressive information security experience, as well as experience in governance, risk, and compliance roles.

Experience developing and implementing enterprise-wide information security policies, standards, and frameworks that align with regulatory requirements and industry best practices.

Experience conducting security assessments and risk evaluations across complex IT systems, business processes, and enterprise environments.

Experience in technical domains such as Windows or Linux operating systems, network security, identity and access management, or secure software development practices.

Strong understanding of federal and state regulatory requirements, compliance frameworks, and their practical application within government agencies.

Critical thinking and decision-making abilities, with experience exercising independent judgment on complex security matters.

Exceptional communication skills with demonstrated ability to write and review technical documentation, author security policies, and present to diverse stakeholders.

Additional Considerations

Experience in government or highly regulated environments.

Leadership experience in managing and mentoring security professionals.

Knowledge of NIST 800-53, IRS Publication 1075, or Commonwealth of Virginia standards.

Experience with Governance, Risk, and Compliance system use or administration.

Experience in Windows, Unix, Linux, secure software development, or security infrastructure such as firewalls, VPN, or IDS.

Active CISSP, CISM, or equivalent senior-level security certification.

Knowledge and experience with data analytics.

Knowledge and experience with quantitative risk analysis.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

All Virginia Tax employees must be current with filing their tax returns ensuring they were filed in compliance with established laws, rules, and regulations. 
 
Selected candidate(s) will be required to consent to and successfully pass a background investigation which includes fingerprint-based criminal history, tax compliance, and DMV driving record (if applicable) checks. 
 
The selected candidate will be prohibited from performing tax or accounting services for compensation during or outside business hours. 
 
Virginia Tax is an equal opportunity employer that values diversity in the workforce. All qualified applicants are afforded equal opportunities without regard to race, sex, color, national or ethnic origin, religion, genetics, age, veteran status, political affiliation, or disability.  
 
Reasonable accommodations are available to applicants with disabilities, if requested, during the application and/or interview process. If accommodations are needed, please contact Human Resources at (804) 786-3608. 
 
Virginia Tax participates in E-verify. 
 
Consideration for an interview is based solely on the information within the application and/or resume’. 

Contact Information

Name: Virginia Tax Talent Acquisition Team

Phone: 804-786-3608

Email: hroffice@tax.virginia.gov 

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.