Title: Chief of Information Security And Privacy Location: Richmond United States Job: 28598 Job Description: Chief of Information Security & Privacy Anticipated Starting Salary Range: $140,000 - $160,000 Starting Salary Commensurate with Qualifications and Experience The State Corporation Commissions (SCC) Health Benefit Exchange (HBEor Exchange) Division seeks a talented people leader for a Chief of Information Security & Privacy position on its senior leadership team. The selected candidate for this position will set the vision and strategic direction of the HBEs privacy and security governance, risk and compliance programs to enable the organizations mission, and foster a culture of innovation and continuous improvement. The Chief of Information Security & Privacy will serve as: a trusted advisor to senior leadership, translating risk into business terms to enable informed decision making; a collaborative partner across the organization; and as the HBEs authority on matters of security, privacy, compliance, and risk management associated with operating Virginias Insurance Marketplace. This position offers a hybrid work schedule (some in-office and telework days each week) as well as a variety of professional development and training opportunities. Set direction and provide governance and oversight for security, privacy, Governance Risk and Compliance aligned to HBE’s mission and priorities. Lead, develop, and retain a high-performing InfoSec team, empowering direct reports and analysts to own operational execution. Build and sustain working relationships across legal, business, IT operations, supplier management, program management, finance, SCC divisions, and external stakeholders including federal oversight bodies, vendors, auditors, partners, other state-based exchange counterparts. Identify organizational, information, and supply chain risk, assess impact and likelihood, and clearly articulate risk posture and tradeoffs to leadership and governance bodies. Serve as the HBEs Senior Information Security Officer and Privacy Officer. Ensure organizational alignment with applicable federal and state regulatory frameworks and standards including but not limited to Center for Medicare and Medicaid Services (CMS) ARC-AMPE, Internal Revenue Service (IRS) PUB 1075, VITA SEC-530, SCC (and successors). Establish, maintain, and evolve HBE security and privacy policies, governance frameworks, and compliance posture. Foster security and privacy culture throughout the HBE. Oversee InfoSec specific contract compliance including SLAs, reports, and deliverables. Perform related work as required. Each agency within the Commonwealth of Virginia is dedicated to recruiting, supporting, and maintaining a competent and diverse work force. Equal Opportunity Employer

Role Description We’re seeking a hands-on Infrastructure Security Platform Engineer to own and enhance our core security technologies. This role is responsible for the engineering, administration, and continuous improvement of platforms such as SASE remote access, firewalls, DLP, CASB, Microsoft Purview, web filtering, and email security. As part of the Infrastructure & Operations team, you’ll play a critical role in ensuring our environment is securely configured: - Reviewing changes before deployment - Conducting audits - Partnering closely with Security and IT teams to enforce standards and strengthen our overall security posture Qualifications - Bachelor’s degree in computer science, information technology, or a related field, or an equivalent combination of education and experience sufficient to perform the essential functions of the job - 3–5 years of experience in security or infrastructure engineering - Hands-on experience with network security platforms (SASE, firewalls, DLP, web/email security) - Familiarity with Microsoft security tools (Purview, Sentinel, Defender, Conditional Access) or similar platforms - Experience reviewing configurations or performing security audits preferred - Strong documentation and cross-team collaboration skills - Preferred Certifications: CISSP, Microsoft Security, Check Point, or SASE-related certifications Requirements - Own & Engineer Security Platforms - Act as technical owner for core security tools, including SASE, firewalls, DLP/CASB, web filtering, Microsoft Purview, and email security - Design, implement, and optimize policies (TLS inspection, DLP, URL filtering, email controls) - Drive platform enhancements through research, testing, and vendor collaboration - Ensure Secure Configuration & Governance - Review infrastructure and application changes pre-deployment to ensure alignment with security standards - Conduct regular configuration audits across network, cloud, endpoint, and identity platforms - Maintain configuration baselines, audit frameworks, and operational runbooks - Support Operations & Change Management - Evaluate and approve security-related change requests in core platforms - Troubleshoot platform issues and partner with vendors to resolve incidents - Respond to alerts, support investigations, and participate in on-call rotations - Collaborate Across Teams - Partner with Security, Infrastructure, and IT Services teams to enforce standards and improve operations - Enable scalable support through strong documentation and knowledge transfer - Contribute to security services that support customer-facing MSP engagements - Strengthen Risk & Compliance - Support regulatory compliance efforts (NIST, FFIEC, HIPAA, PCI, etc.) - Track risks, audit findings, and remediation activities for managed platforms - Maintain security policies and procedures to align with regulatory requirements and risk appetite Benefits - Comprehensive medical, dental and vision insurance - Tax-advantaged healthcare accounts - 401(k) plan with generous employer match - Income protection benefits - Individual learning & development budget - Robust time off plans and workplace flexibility Company Description SunStream Business Services, established in 2020 under section 4.25 of the Farm Credit Act of 1971, supports Farm Credit lending institutions. We provide services, including Loan Servicing, General Ledger, Financial Reporting, Data & Analytics, Technology & Security, and Business Services to support farmers, ranchers, and rural communities. SunStream is committed to equal opportunity employment and will not discriminate against any employee or applicant for employment because of his or her race, color, religion, sex, or national origin, disability status or protected veteran status. If you are dedicated to fostering trust, driving operational excellence, and delight in unmatched customer success, we invite you to apply for the IT Security Engineer position at SunStream Business Services.

• Carries out onsite security activities in order to ensure the security of staff and customers in the center • Maintains and follows security procedures for building accessibility and related activities (maintenance of visitor logs, sign in and out procedures) • Monitors facility and makes recommendations for security improvements • Follows escalation procedures for security threats or issues, including evacuation procedures • Follows security procedures and provides input to management for improvements • Reports any breaches related to security • Participates in coordination of fire drills and mock evacuation exercises • Conducts regular physical inspection of facility, reports any security or safety issues to the supervisor • Other duties as assigned

• Responsible for daily oversight and supervision of activities to ensure conditions that eliminate or minimize the risk of workplace accidents • Ensure compliance with all relevant legislation and company procedures • Provide the company, through technical reports, information about hazards present in the workplace • Analyze work methods and processes to identify risk factors for workplace accidents, occupational diseases and work-related illnesses • Implement occupational safety and hygiene procedures and evaluate the results achieved • Implement accident prevention and occupational disease prevention programs • Promote and conduct discussions, meetings, awareness campaigns, lectures, and training sessions • Prepare and submit to managers documentation, statistical data, analysis results and employee performance assessments