Risk Management & Compliance Manager I
Job Responsibilities
Serves as the Risk Management & Compliance Manager for the Information Technology section under the general supervision of the IT Director. Conducts risk management activities to identify current and future threats and helps the organization reach an acceptable level of risk. Provides subject-matter expertise and ensures implementation of information security architecture, risk management standards, gap analysis, best practices, and systems/processes to ensure information privacy/protection. Interacts with management to determine acceptable levels of risk as the business model and risk profile change and aligns the security program accordingly.
Reviews the security features of new information security practices, systems, and business services to ensure they meet the security requirements of new and existing policies. Reviews, on a timely basis, various analyses of reports and logs obtained from firewalls, external and internal scanning devices, and security software. Reviews for noted irregularities, reports violations, and recommends solutions.
Works with IT staff and outside vendors to determine the effectiveness and security of agency resources. Assists in the development of scenarios of usage, tests for abnormalities or exposures, and uses available tools to determine the effectiveness of Security and Risk programs and if guidelines and policies are being followed. Completes the Position Description process for all assigned employees.
Affords assistance in all areas of Information Technology as requested by the IT Director or Director of Administration. This position also includes an excellent benefits package, public service loan forgiveness eligibility, paid parental leave, health, dental, vision, long-term disability, and life insurance for employees, spouses, and children, fifteen days of annual (vacation) leave per year, fifteen days of sick leave per year, thirteen paid holidays each year, state retirement plan and deferred compensation programs.
Minimum And Additional Requirements
- Bachelor’s degree in computer science, business, or related discipline
- Five years of experience in Information Technology, of which at least three years were in the information security field
Additional Requirements
- Position may require employees to work evenings and weekends
- Position may be required to report to work during emergency situations
Preferred Qualifications
- Experience using Microsoft Defender or a similar XDR Solution
- Knowledge of applicable internal and/or external regulatory policies, standards, procedures, and controls
- Knowledge of governance, risk and compliance (GRC) program management
- Understanding of risk assessment process, monitoring, and reporting
- Ability to apply information security principles to business solutions
- Ability to act as liaison and effectively communicate information security topics (e.g., data constraints, information needs) to both technical and non-technical audiences at all levels of the organization
- Knowledge of developing and managing an information security program, including its policies, standards, procedures, technologies, and controls
- Knowledge in identifying and managing information security risks, threats, and incidents at an enterprise level
Benefits Package
- Public Service Loan Forgiveness eligibility
- Paid parental leave
- Health, dental, vision, long-term disability, and life insurance for employees, spouses, and children
- Fifteen days of annual (vacation) leave per year
- Fifteen days of sick leave per year
- Thirteen paid holidays each year
- State Retirement Plan and Deferred Compensation Programs
Additional Comments
Drug screening, credit check, delinquent tax check, SLED background check, and grievance check are required. This office is an equal opportunity and affirmative action employer. EEOP Utilization Report available upon request
We are committed to providing equal employment opportunities.