CO - P4535 - Enterprise Architecture and Security Operations Manager

Hiring Range: $120,000 - $140,000

Full Time or Part Time: FULL TIME

Additional DetailJOB DESCRIPTION

DEQ’s Office of Information Services seeks a senior technical leader to own the agency’s enterprise architecture and lead day-to-day security operations and infrastructure delivery. This role manages the Security Operations Analyst and the Enterprise Infrastructure Team, who are responsible for managing, maintaining, and administering all enterprise cloud and on-premises virtual machine (VM) environments. The position ensures our technology landscape aligns with VITA architecture requirements, COV SEC530 information security standards, modern security operations, and industry best practices. The role is accountable for creating and maintaining the Agency Technical Architecture Plan (TAP), which—together with OIS operational roadmaps and the IT project portfolio—forms a major component of the Agency’s IT

Strategic Plan. Incumbent will establish and maintain architecture standards, develop and refine IT change management practices, and ensure OIS delivers against short-term priorities and long-term IT strategic plans and operational roadmaps—including future planning, migrations, and coordination with VITA/service towers—to achieve a secure, resilient, and modernized IT ecosystem that accelerates DEQ’s mission

RESPONSIBILITIES

Team Leadership & Operations Management

● Directly manage the Security Operations Analyst and the Enterprise Infrastructure Team, including goal setting,

coaching, performance management, staffing, and skills development.

● Oversee day-to-day operations for enterprise infrastructure across cloud (OCI, Azure, and future AWS) and onprem

VM platforms, ensuring availability, performance, cost management, and security.

● Plan and execute platform and workload migrations, lifecycle upgrades, and capacity planning in partnership

with application and system administrators.

● Coordinate with VITA and service towers on provisioning, standards, incident escalation, and service

improvements.

● Collaborate and coordinate effectively and proactively with other key leaders within OIS including but not

limited to the DevOps Manager(s), Analytics manager/lead, PMO Manager, agency ISO, and OIS Director.

Enterprise Architecture Leadership

● Define, publish, and maintain architecture principles, reference architectures, standards, and patterns

(application, data, integration, infrastructure, and security).

● Ensure alignment with VITA enterprise architecture requirements and statewide technology standards; review

initiatives for compliance before funding and implementation.

● Chair the OIS Architecture Review Board (ARB); facilitate solution design reviews and provide go/no-go guidance

and remediation paths.

● Create and maintain as-is and to-be IT architecture roadmaps; ensure traceability to business capabilities and

strategic goals. Collaborate with application and system administrators to execute roadmaps.

● Author, publish, and maintain the Agency Technical Architecture Plan (TAP) as the authoritative blueprint for

application, data, integration, infrastructure, and security domains; update at least annually with a 3 year

horizon that aligns with the agency IT Strategic Plan.

● Run a semiannual TAP review cycle with stakeholders teams (Infrastructure, DevOps, Analytics, Security,

Application teams, and VITA/service towers) to incorporate technology shifts, risk posture changes, and

cost/performance targets.

● Ensure the TAP explicitly links standards and reference architectures to operational roadmaps and the IT project

portfolio, providing decision criteria for funding, sequencing, and technical debt retirement.

● Integrate the TAP with the Architecture Review Board (ARB) process so new and existing initiatives demonstrate

alignment prior to design and implementation.

Security, Compliance & Risk

● Lead day-to-day security operations through the Security Operations Analyst, including vulnerability

management, identity, logging/monitoring, incident response, and control effectiveness.

● Embed COV SEC530 controls into solution designs, SDLC guardrails, and platform configurations; align with NIST,

CIS benchmarks, and Zero Trust principles where applicable.

● Oversee architecture risk assessments and threat modeling for new systems, cloud services, and integrations;

track and drive remediation with application and system administrators.

Infrastructure & Platform Engineering

● Establish standards for cloud landing zones, network segmentation, identity, security logging/monitoring,

backup/DR, and resilience across cloud and on-prem environments.

● Own infrastructure baselines (images, hardened configurations) and golden patterns for compute, storage, and

networking; ensure patching and lifecycle policies are enforced.

● Partner with vendors, VITA/service towers, and internal teams to optimize cost, performance, and operational

SLAs.

Process Creation & Improvement

● Establish and continuously improve Release Management and Change Management across OIS (ARB cadence,

risk classification, approvals, back-out plans).

● Work with DevOps and Security to standardize SDLC and DevSecOps workflows (branching strategies, CI/CD

policy gates, automated testing, deploy controls) across on-prem and cloud.

● Define operational runbooks, SOPs, and RACI artifacts; reduce variance where feasible.

● Collaborate with PIDA, BT, and other stakeholders to ensure processes are followed and functioning as

intended.

Strategic Planning & Portfolio Alignment

● Contribute to the DEQ IT Strategic Plan, focusing on the TAP / Technical Architecture Plan as an integrated

component to the IT Strategic Plan alongside multi-year technology roadmaps, and annual investment plans;

maintain a prioritized view of technical debt and modernization.

● Partner with the PMO on project intake, business cases, and solution evaluations; ensure architecture fit, cost

realism, and O&M sustainability.

Data, Integration & Application Modernization

● With DevOps and Data Management Teams, establish standards and strategy for data integration and API

platforms.

● Partner with application administrators on application rationalization and modernization (re-platform, re-factor,

retire, replace) using clear architectural criteria.

Stakeholder Leadership & Enablement

● Facilitate cross-functional workshops with Infrastructure, DevOps, Analytics, and Data teams and key external

stakeholders (BT, PIDA).

● Mentor developers, analysts, IT specialists, and architects; create playbooks, templates, and patterns for

repeatable success.

● Publish architecture decision records (ADRs) and maintain authoritative documentation repositories.

QUALIFICATIONS

● Progressive experience in enterprise/solution architecture, Information Security, IT governance, or

senior engineering.

●Expereince managing technical teams (e.g., infrastructure/operations and/or security operations).

● Proven leadership of architecture standards and process improvement in mid-to-large organizations.

● Demonstrated alignment with VITA EA expectations and COV SEC530 compliance.

● Experience establishing/operating Change and Release management practices in an ITIL-aligned environment.

Preferred Qualifications & Certifications

● Experience in Computer Science, Information Systems, Engineering, or related field, or equivalent

technical experience.

● Certifications: TOGAF (or equivalent), ITIL v4, CISSP/CCSP (or comparable security), Azure Solutions Architect

(AZ-305); SAFe/Scrum and PMP/PMI-ACP are a plus.

ABOUT US

The Virginia Department of Environmental Quality (DEQ) is the primary environmental permitting agency in the Commonwealth of Virginia. It is responsible for administering laws and regulations related to air quality, water quality, water supply, renewable energy, and land protection. Through the dedication and work of over 800 employees across six regional offices and the Central Office in Richmond, DEQ issues permits, conducts monitoring and inspections, and enforces the law.