ISO Engineer

ISO Engineer

Richmond, VA (Onsite or Hybrid, as designated)
Our client is committed to making housing affordable and strengthening communities across the Commonwealth. We recognize the importance of robust information security and are seeking a dedicated ISO Engineer to uphold our high standards.

Position Purpose:
The ISO Engineer is responsible for supporting the design, implementation, and maintenance of information security programs, ensuring the client’s data, systems, and technology infrastructure remain secure and compliant. The ideal candidate will bring a comprehensive technical skill set and a proactive approach to safeguarding sensitive information in a public sector environment.

Key Responsibilities:

• Develop, implement, and maintain security policies, standards, and procedures compliant with industry best practices and regulatory requirements.
• Perform regular risk assessments, security reviews, and vulnerability scans; address identified security gaps through remediation and mitigation strategies.
• Monitor and manage security tools and technology solutions such as firewalls, intrusion detection/prevention, endpoint protection, and SIEM systems.
• Respond to security incidents, performing root cause analysis and forensic investigations as necessary.
• Conduct security awareness training and collaborate with all departments to promote a culture of cyber resilience.
• Work closely with IT and business units to ensure secure architecture for applications, cloud services, and network infrastructure.
• Maintain thorough documentation of security controls, incidents, and compliance activities.
• Stay informed on evolving cyber threats, security trends, and regulatory changes relevant to the client's mission and public service commitments.

Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field (or a comparable combination of education and experience).
• Professional certifications such as CISSP, CISM, CISA, or relevant ISO 27001 credentials are preferred.
• Solid understanding of information security management systems (ISMS), especially ISO 27001.
• Familiarity with federal, state, and local regulations related to information security and privacy.
• Demonstrated experience in threat detection, incident response, risk management, and security policy development.
• Effective communication and interpersonal skills, with the ability to advise technical and non-technical staff.
• Experience working within a public sector or housing finance agency setting is a plus.

Equal Opportunity Statement:
Our client invites all qualified individuals to apply, regardless of race, creed, gender identity, sexual orientation, disability, veteran status, or national origin.