Senior It Specialist I/ii/iii (it Governance Risk & Compliance Analyst)

Rockville, MD, United States

Job Description


Job Title Senior IT Specialist I/II/III (IT Governance Risk & Compliance Analyst)
Location Rockville, MD, US
Organization Name Department of Technology & Enterprise Business Solutions (TEBS) CIO Enterprise Information Security Office
Medical Exam Medical History
Background Investigation Yes
Financial Disclosure No


Closing Date: Open until filled

  • IT Specialist I: Grade 20
  • IT Specialist II: Grade 23
  • IT Specialist III: Grade 26
  • Senior IT Specialist: Grade 28
About the Department

The mission of the Department of Technology & Enterprise Business Solutions (TEBS) Montgomery County is to use information technology to:
  • Enable our employees to provide quality services to our citizens and businesses
  • Deliver information and services to citizens at work, at home, and in the community
  • Increase the productivity of government and citizens.
TEBS is a fully integrated enterprise in which all Montgomery County Government Departments and Offices have the ability to utilize reliable, accurate and secure information to perform the government services and functions essential to the citizens of Montgomery County.

What You Will Be Doing

The IT Governance Risk and Compliance Analyst plays an active role in helping implement and manage information security compliance and privacy objectives. The GRC Analyst will act as a trusted advisor for risk and controls impacting security and regulatory compliance obligations (i.e., PCI, HIPAA. CJIS, NIST CCPA, etc.). The Analyst also assists in the design and implementation for security technology solutions to support compliance needs.

How You Will Contribute
  • Assist in the development and maintenance of information security/privacy policies and to enable compliance with applicable regulations and industry standards, including Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Criminal Justice Information Services (CJIS), National Institute of Standards and Technology (NIST) risk management framework, etc.
  • Assist in the design, implementation and monitoring of IT and Security related controls to address information security/privacy risks and compliance obligations.
  • Develop and track key security compliance indicators and key risk indicators for the information security/privacy governance, risk, compliance program producing/publishing metrics, reports and dashboards as required.
  • Provide support/assistance to internal customers in the areas of risk management, technology, and business process security controls, to enable more informed decision making, risk mitigation strategies, documentation, and achieving controls compliance.
  • Maintain strong working relationships with IT and business partners involved in managing information security risks across the organization.
  • Work closely with regulators and auditors as a point of contact for information requests and issue management/escalation.
  • Support IT GRC team members as necessary with other IT GRC program areas, including but not limited to vendor risk management, information security training and awareness, and self-assessments
  • Maintain risk register entries for identification, evaluation, and monitoring of risk findings to be reported to senior management
Who We Are Seeking

The ideal candidate is a seasoned professional with demonstrated leadership capabilities in the creation, maintenance, communication, and execution of information technology policies, compliance controls and risk-based metrics.

Additional Employment Information

OHR reviews the minimum qualifications of all applicants, irrespective of whether the candidate has previously been found to have met the minimum requirements for the job or been temporarily promoted to the same position. This evaluation is based solely on the information contained in the application/resume submitted for this specific position/IRC.

Montgomery County Government is an equal opportunity employer, committed to workforce diversity. Accordingly, as it relates to employment opportunities, the County will provide reasonable accommodations to applicants with disabilities, in accordance with the law. Applicants requiring a reasonable accommodation for any part of the application and hiring process should contact the Office of Human Resources via email to . Individual determinations on requests for reasonable accommodation will be made in accordance with all applicable laws.

Montgomery County Government also provides hiring preference to certain categories of veterans and veterans/persons with a disability. For more information and to claim employment preference, please refer to the Careers webpage on .

All applicants will respond to a series of questions related to their education, relevant experience, knowledge, skills and abilities required to minimally perform the job. The applicant\'s responses in conjunction with their resume and all other information provided in the employment application process will be evaluated to determine the minimum qualifications and preferred criteria status. Based on the results, the highest qualified applicants will be placed on an Eligible List and may be considered for an interview. Employees meeting minimum qualifications who are the same grade will be placed on Eligible List as a "Lateral Transfer" candidate and may be considered for interview.

If selected for consideration for this position, you may be required to provide evidence that you possess the knowledge, skills, and abilities indicated on your resume.

Montgomery County Ethics Law: Except as provided by law or regulation, the County\'s "Public Employees" (which does not include employees of the Sheriff\'s office) are subject to the County\'s ethics law including the requirements to obtain advanced approval of any outside employment and the prohibitions on certain outside employment. The outside employment requirements of the ethics law can be found at . Additional information about outside employment can be obtained from the website.
Minimum Qualifications

Experience: Five (5) years of professional experience with information security legal compliance tracking and recommendations.
  • IT Specialist 1 - One (1) year professional experience with information security legal compliance tracking and recommendations.
  • IT Specialist 2 - Two (2) years of professional experience with information security legal compliance tracking and recommendations.
  • IT Specialist 3 - Three (3) years of professional experience with information security legal compliance tracking and recommendations.
Education: Bachelor\'s degree in computer science or related field.

Equivalency: An equivalent combination of education and experience may be substituted. Training and certification may be accepted in lieu of full degree requirements.
Preferred Criteria

There is no Preferred Criteria. All applicants will be reviewed by OHR for minimum qualifications. Those applicants who meet minimum qualifications will be rated Qualified, placed on the Eligible List, and may be considered for an interview.

Preference for interviews will be given to applicants with experience in the following:
  • Familiarity with local, state, and federal regulations/laws related to Information Security/Privacy (i.e., HIPAA, PCI,CJIS)
  • Working knowledge and/or experience with information security/privacy policy programs
  • Strong analytical, organizational, conflict resolution, and negotiation skills.
  • Excellent communications skills needed in presenting control and risk matters in an understandable way across various forums and levels of the organization providing the appropriate level of detail
  • Strong documentation skills to contribute to information security/privacy controls, policies, processes, and procedures to produce risk assessment reports, findings, and recommendations
  • Experience building and maintaining strong interdepartmental and cross-functional partnerships
  • Ability to coordinate with technology and business partners for the follow-up of implemented controls and support the collection and validation of evidence as part of the risk remediation process
Minimum Salary
Maximum Salary
Currency

READY TO APPLY? Visit and follow the instructions.

|

Montgomery County Maryland Government

Beware of fraud agents! do not pay money to get a job

MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Related Jobs

Job Detail

  • Job Id
    JD4324107
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Rockville, MD, United States
  • Education
    Not mentioned