RISK & COMPLIANCE COORDINATOR

Requisition No: 798977

Agency: Management Services

Working Title: RISK & COMPLIANCE COORDINATOR - 72004167

Position Number: 72004167

Salary: $60,000.00 - $75,000.00

Posting Closing Date: 04/30/2023

Risk And Compliance Coordinator

Florida Digital Service

State of Florida Department of Management Services

This position is located in Tallahassee, FL

Florida Digital Service:

The Florida Digital Service (FL[DS]) was established to propose innovative solutions that securely modernize state government, including technology and information services, to achieve value through digital transformation and interoperability, and to fully support the state’s cloud-first policy. It is also the lead entity responsible for enterprise cybersecurity.

Position Overview and Responsibilities:

Responsible for designing and deploying Florida’s first ever enterprise cybersecurity program, the Florida Digital Service is aggressively recruiting a team to lead our state’s efforts. Florida has made historic financial investments into the creation of statewide cybersecurity capabilities and continues to demonstrate support for the mission. Reporting to the Risk and Governance Manager, this position is a key part of the FLDS cybersecurity governance, risk and compliance (GRC) program. The opportunity to build a statewide cybersecurity program is a once in a lifetime opportunity and will be focused first and foremost on attracting and supporting the right people for this mission.

Reporting to the Governance & Risk Manager, the Risk & Compliance Coordinator is a key role in governance, risk, and compliance (GRC) for the state. The overarching goal of the Risk and Compliance Coordinator is to help improve the enterprise security posture based on the Security frameworks, such as NIST CSF.

Duties and Responsibilities:

• Assist with the achievement of security reviews and tracking organizational compliance with regulatory standards and information security policy leveraging GRC software solutions.
• Participates in security governance activities and tracks compliance and remediation activities of risk-based security assessments for technologies, systems, processes, and other components of the IT and business environments.
• Participates in the review and update of security policies, procedures, guidelines, and standards.
• Participates in projects related to information security regulatory and policy compliance, and security training.
• Collaborates with team members, enterprise agencies and other stakeholders to achieve documentation workflows and requirements for compliance, assisting with third-party Business Associate Agreements and external party risk assessments, security-related exceptions, and data gathering for various internal and external audits.
• Provides security compliance expertise for entire compliance and monitoring activities. This includes, but is not limited to, facilitating the following functions: CJIS, HIPAA, FERPA, and related Security regulatory requirements understanding and interpretation, compliance monitoring, risk assessments, audit design and process workflows, remediation tracking,
• Request for Proposal development, vendor evaluation and selection, and contract negotiation and development.
• Ensures information security and regulatory compliance, risk analysis, audit and project tracking, and audit facilitation and management.
• Responsible for working with internal and external operational partners in developing and planning audit reviews and monitoring project timelines.
• Conduct internal self-audit efforts of IT asset compliance including crucial software licenses to document non-compliance with contract's terms and conditions.
• Provide data analysis, manipulation and BI reporting using data toolsets such as Excel.
• Works with Senior team members to ensure compliance with FLDS and NIST Security Standards and effect remediation efforts and assist in balancing compliance efforts with given resources.
• Works to ensure appropriate assignment of compliance resources to each audit and has overall responsibility for completion of the compliance monitoring activity and/or audit. conducts and manages the audit within established time and budget parameters.
• Maintains a solid grasp of Federal, State, regulatory agency standards/guidelines as it relates to security (CJIS, HIPAA, FERPA, ISO17799/27002), providing policy mentorship and assistance for the enterprise.
• Coordinates approvals and annual review of security exceptions and technical security review assignments.
• Integrates vulnerability findings into the risk management program.
• Assist in the development and delivery of user training, security awareness programs and security documentation such as policies, standards, and operating procedures.
• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
• Assist in the development of security policies, reports, and analysis, as needed.

Knowledge, Skills, and Abilities:

• Requires compliance, audit or risk management experience, using standard methodologies, such as NIST, ITIL, HIPAA, PCI-DSS, ISO 27000 series principles.
• Demonstrated experience in security auditing or compliance management, systems analysis, and vendor/customer interactions.
• Ability to troubleshoot and solve complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
• Ability to review security assessments with stakeholders and develop recommendations for improvements.
• Ability to multi-task with a calm demeanor and work under pressure in a fast-paced environment.
• Attention to detail and excellent problem-solving skills.

Desirable Experience:

• Working knowledge of governance, risk, and compliance management software and processes.

• Previous experience with CJIS controls, readiness, and compliance.
• Previous experience with NIST CSF and NIST 800.53.
• Experience interpreting, writing, and assessing rules and frameworks.
• Ability to lead conversations and working groups.

Highly Preferred Certifications:

CISA, GSEC, CISSP-ISSEP, CRISC, CGEIT

Preferred Certifications:

Security , CISSP, CISM, SSCP

Desirable Education:
Undergraduate degree in a technical field. Graduate degree preferred.

Our Organization and Mission:

The Florida Department of Management Services (DMS) is a customer-oriented agency responsible for managing various business-related functions throughout state government. Under the direction of Governor Ron DeSantis and DMS’ Executive Leadership Team, the agency oversees the real estate, procurement, human resources, group insurance, retirement, telecommunications, private prisons, and fleet and federal property assistance programs utilized throughout Florida’s state government. DMS is relied upon to establish, maintain and improve the business processes used by state employees to create a better, not bigger government. DMS facilitates the delivery of these programs and services and provides tools and training to bolster the efficiency and effectiveness of the state’s workforce. It is against this backdrop that DMS strives to demonstrate its motto, “We serve those who serve Florida.” Under the leadership of DMS Secretary Pedro Allende, DMS’ employees embody four pillars on a daily basis: establishing a process-oriented mindset; challenging the status quo; creating efficiencies; and respecting state employees.

Special Notes:
DMS is committed to successfully recruiting and onboarding talented and skilled individuals into its workforce. We recognize the extensive training, experience and transferrable skills that veterans and individuals with disabilities bring to the workforce. Veterans and individuals with disabilities are encouraged to contact our recruiter for guidance and answers to questions through the following provided email addresses:
DMS.Ability@dms.myflorida.com
DMS.Veterans@dms.myflorida.com
An individual with a disability is qualified if he or she satisfies the skills, experience, and other job related requirements for a position and can perform the essential functions of the position with or without reasonable accommodation. Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must contact the DMS Human Resources (HR) Office at (850) 488-2707. DMS requests applicants notify HR in advance to allow sufficient time to provide the accommodation.
Successful completion of background screening will be required for this position.

Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes, and the Federal Bureau of Investigation’s CJIS Security Policy CJISD-ITS-DOC-08140-4.5

Pursuant to F.S. 215.422 every officer or employee who is responsible for the approval or processing of vendors’ invoices or distribution of warrants to vendors are mandated to process, resolve, and comply as section 215.422 requires.

The State of Florida is an Equal Opportunity Employer/Affirmative Action Employer, and does not tolerate discrimination or violence in the workplace.

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.

The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.

VETERANS’ PREFERENCE. Pursuant to Chapter 295, Florida Statutes, candidates eligible for Veterans’ Preference will receive preference in employment for Career Service vacancies and are encouraged to apply. Certain service members may be eligible to receive waivers for postsecondary educational requirements. Candidates claiming Veterans’ Preference must attach supporting documentation with each submission that includes character of service (for example, DD Form 214 Member Copy #4) along with any other documentation as required by Rule 55A-7, Florida Administrative Code. Veterans’ Preference documentation requirements are available by clicking here. All documentation is due by the close of the vacancy announcement.