Chief Information Security Officer

The Chief Information Security Officer (CISO) is responsible for leading the enterprise-wide strategy and vision for information security for the South Carolina Judicial Branch (SCJB). This executive level role ensures the confidentiality, integrity and availability of data, and IT infrastructure by proactively assessing threats, setting strategic direction, and implementing robust security frameworks and architectures. The CISO provides strategic counsel to executive leadership on information security governance, enterprise risk, and regulatory compliance.

Develop and execute an enterprise wide information security strategy aligned with industry standards and state and federal requirements. Provide a forward-thinking information security vision that empowers SCJB to achieve its strategic goals by embedding robust information security practices into all facets of the organization.

Lead enterprise risk assessments and vulnerability management efforts. Establish technical controls and solutions to mitigate risks and safeguard SCJB's technology infrastructure and data. Ensure all vulnerabilities are identified, prioritized, and remediated. Provide executive reporting on risk exposure, trends, and mitigation progress, and integrate findings into strategic planning and decision making.

Ensure that all new technology solutions are subject to formal security review and vulnerability management processes, with identified risks evaluated, documented, and remediated in alignment with enterprise risk tolerance. Designs, tests, and implement new security systems as approved by SCJB. Work closely with other teams as needed to coordinate testing, installation, and communication.

Foster an information security aware culture across all levels of the organization through ongoing education, training, and communication strategies. Oversee the maintenance of the security awareness training portal. Ensure that the security training is assigned as scheduled, and collaborate with the IT Help Desk to investigate and resolve issues. Plan, design, and monitor periodic Phishing Assessments to test employees' security awareness, and communicate security awareness results.

Lead SCJB in establishing and maintaining a Disaster Recovery and Business Continuity plan. Coordinate meetings and exercises of the Crisis Management Team and facilitates disaster recovery testing.

Oversee the Office of Information Security, ensuring the effective management and implementation of essential cybersecurity frameworks. Responsible for organizational planning, budget planning, and strategic vision. Assist in the development of SCJB policies and their implementation as necessary. Mentor staff to support and advance SCJB's information security posture.

As a member of the Executive team, collaborates with Division Directors and senior leaders and conveys information security initiatives ensuring that the vision, goals, and values of SCJB are being attained. Provide regular status updates and reports to the State Court Administrator.

Manage the SCJB’s risk and compliance program, including conducting risk assessments, coordinating remediation for identified risks, ensuring policies align with national and state frameworks, maintaining compliance with applicable laws and standards, and overseeing the SCJB Business Continuity program.

Performs all other duties as assigned.

Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field.

Ten (10) years of progressive experience in information security, including leadership roles.

Proven experience in managing enterprise wide security programs, policies, and risk mitigation initiatives.

Strong communication and collaboration skills are needed, along with the ability to explain security and risk concepts to both technical and non-technical audiences.

A minimum of 2 of the following certifications:
Cisco CCNA, Security +, SANS/GIAC, CISM, CISSP, Check Point CCSA; OR 2+ years documented recent experience with firewall clusters, virtualized firewalls, distributed firewall systems and IDS/IPS systems, 2+ years documented recent experience managing the configurations of workstations, servers and network infrastructure including switches and routers.

Security Awareness Training experience for end users.

Experience in federal, state or local government, judicial, or highly regulated environments. Previous experience as the lead security officer for an organization.

Advanced knowledge within the IT industry over a broad range of areas, including enterprise risk management methodologies and information security frameworks. Knowledge of computer system analysis, design, testing, debugging, maintenance techniques and data communications. Knowledge of security architecture and engineering, cloud security, endpoint protection, and encryption standards. Knowledge of business continuity and…