Chief Information Security Officer (CISO) Full Time

Job Description:

The Office of the Chief Information Officer does not sponsor STEM or non-immigrant work visas for this position.

The Chief Information Security Officer (CISO) is responsible for establishing, implementing, and overseeing the agency’s enterprise information security program. This role provides executive leadership for cybersecurity strategy, risk management, regulatory compliance, and incident response, ensuring the confidentiality, integrity, and availability of agency systems and data. The CISO advises executive leadership on cybersecurity risks and investments, coordinates security efforts across business and technical teams, and ensures alignment with the agency’s mission, legal requirements, and operational priorities.

The CISO serves as a member of the executive leadership team for the OCIO and on the board for NITC.

Starting Salary: $130,000/year

Commensurate with experience and upon Governor approval.

Look at what we have to offer!

• 13 paid holidays
• Vacation and sick leave that begin accruing immediately
• Military leave
• 156% (that’s not a typo!) state-matched retirement
• Tuition reimbursement
• Employee assistance program
• 79% employer paid health insurance plans
• Dental and vision insurance plans
• Employer-paid $20,000 life insurance policy
• Public Service Loan Forgiveness Program (PSLF) through the Federal government
• Wide variety and availability of career advancement as the largest and most diverse employer in the State
• Opportunity to be part of meaningful work and make a difference through public service
• Training and Development based on your career aspirations
• Fun, inviting teammates
• A safe and secure environment

At the State, we stand by our core values of treating others with dignity and respect, acting ethically in all situations, and creating an environment where our customer is our top priority. Apply to join our team today!

Job Duties:

• Enterprise Cybersecurity Strategy & Governance: Develops, implements, and maintains the agency’s enterprise information security strategy, policies, standards, and governance framework aligned with business and mission objectives.
• Risk Management & Compliance: Leads cybersecurity risk assessments, vulnerability management, and compliance with applicable federal, state, and regulatory security requirements; oversees audits and corrective action plans.
• Incident Response & Operational Resilience: Directs cybersecurity incident response, threat mitigation, and coordination of business continuity and disaster recovery efforts to minimize operational impact and ensure rapid recovery.
• Executive Advisement & Reporting: Provides regular briefings and advisement to the Director and executive leadership on cybersecurity posture, risks, trends, and investment needs; supports informed decision-making.
• Security Program Management & Oversight: Oversees security operations, tools, and initiatives, including coordination with IT, network, and operations teams to ensure effective implementation of security controls.
• Security Awareness, Training & Vendor Risk: Leads agency-wide security awareness and training programs and manages third-party and vendor security risk to ensure protection of agency data and systems.
• Other duties as assigned and within the scope of the classification.

Requirements / Qualifications

Minimum Qualifications: Bachelor’s degree in information technology, information security, cybersecurity, computer science, or a related field; or equivalent combination of education and experience. Demonstrated experience in information security, cybersecurity, or IT risk management within a complex organizational environment. Experience developing, implementing, or overseeing information security policies, standards, and procedures. Working knowledge of cybersecurity risk management, incident response, and regulatory compliance requirements. Ability to communicate cybersecurity risks and recommendations clearly to executive leadership and non-technical stakeholders. Experience coordinating security activities across multiple teams or functional areas. Supervisory or leadership experience over technical or professional staff. Experience supporting audits, assessments, or regulatory reviews.

Preferred Qualifications: Demonstrated experience leading an enterprise-level cybersecurity or information security program. Experience working in a public-sector, regulated, or highly complex organizational environment. Experience advising executive leadership on cybersecurity risk, governance, and investment decisions. • Knowledge of recognized cybersecurity frameworks and standards (e.g., NIST, ISO, CIS). Experience managing or overseeing security incident response, audits, or regulatory compliance activities. Experience with cloud security, third-party/vendor risk management, and modern IT environments. Strong background in developing security policies, standards, and governance structures. Experience leading cross-functional teams and coordinating with legal, risk, privacy, and operations stakeholders. Professional cybersecurity or risk management certifications (e.g., CISSP, CISM, CRISC) preferred. Advanced degree in information security, information technology, risk management, or a related field

Other: This position requires travel. As such, the incumbent must be able to present a valid driver’s license or another form of reliable transportation. Regular and reliable attendance required.

Knowledge, Skills, & Abilities:

Knowledge

• Knowledge of enterprise cybersecurity principles, frameworks, and best practices (e.g., risk management, governance, and security controls).

• Knowledge of applicable federal, state, and regulatory security and privacy requirements.

• Knowledge of information technology environments, including networks, cloud services, applications, and data systems.

• Knowledge of incident response, business continuity, and disaster recovery concepts.

• Knowledge of cybersecurity threats, vulnerabilities, and emerging risk trends.

Skills

• Skill in developing and implementing enterprise information security strategies and policies.

• Skill in assessing, prioritizing, and mitigating cybersecurity risk. • Skill in leading and coordinating incident response activities.

• Skill in communicating complex technical risks to executive leadership and non-technical stakeholders.

• Skill in managing programs, projects, and cross-functional teams.

• Skill in evaluating third-party and vendor security risks.

Abilities

• Ability to provide executive-level advisement and make risk-based recommendations.

• Ability to lead and influence across organizational and functional boundaries.

• Ability to analyze complex information and make sound decisions under pressure.

• Ability to establish governance, accountability, and compliance across the enterprise.

• Ability to balance security requirements with operational and business needs.

If you’re currently employed by the State of Nebraska, please don’t apply through this external career site. Instead, log in to Workday and open the Jobs Hub – Internal Apply app from your home landing page. You can access Workday anytime through the Link web page: https://link.nebraska.gov/

Benefits

We offer a comprehensive package of pay, benefits, paid time off, retirement and professional development opportunities to help you get the most out of your career and life. Your paycheck is just part of your total compensation.

Check out all that the State of Nebraska has to offer! Benefit eligibility may vary by position, agency and employment status. For more information on benefits, please visit: https://statejobs.nebraska.gov/index.html#benefits

Equal Opportunity Statement

The State of Nebraska values our teammates as well as a supportive environment that strives to promote diversity, inclusion, and belonging. We recruit, hire, train, and promote in all job classifications and at all levels without regard to race, color, religion, sex. age, national origin, disability, marital status or genetics.

C1ISO