The IT Governance, Risk and Compliance Specialist is responsible for providing JIS with information security guidance, ensuring compliance with all JIS Information Security policies; creation and implementation of standards and guidelines; regulatory compliance; disaster recovery planning; and audit compliance. Maintains knowledge of existing and developing applicable technologies through seminars, accredited institutions, publications and other means. Uses this knowledge to benefit the Judiciary through implementation of improved methods and practices to protect the Judiciary's information assets.

Compliance

Recertifies and maintains security liaison list and system recertification of user access.

Requests and conducts reviews of third-party SOC reports and reporting to JIS management.

Works closely with internal and external IT auditors and acts as a liaison between JIS and auditors when gathering and providing information related to audit requests and a following through to address findings.

Coordinates all remediation efforts for JIS IT related audit findings. Works with process owners to prepare audit responses.

Evaluates and reports on the security control design, implementation, and effectiveness.

Guides, educates, and advocates across the organization on compliance requirements.

Meets regularly with JIS leaders to review past, present, and future audit/compliance topics.

Risk Management

Assists with the development of a risk management / risk register program.

Assists with the ongoing tracking of risks maintained in the risk register, to include planned mitigations and acceptance.

Assists with the development, review, and maintenance of all JIS Risk Acceptances.

Participates in the development, implementation, maintenance, and management of statewide security related assessments to include risk assessments, contingency plans, and security events/incidents.

Supports the subject matter expert on Disaster Preparedness/Recovery and Continuity of Operations Planning (COOP) technology and serves as an alternate resource as needed.

Conducts business impact analyses (BIA) process.

Assists with and occasionally conducts disaster recovery test exercises, simulations, or drills to validate systems and business continuity. Works with JIS stakeholders to develop contingency plans for systems, networks, and major applications recovery procedures after disruptions.

Attends critical incident/outage, change management, and project meetings to determine any risk implications.

Assists with the development, tracking, and approvals of risk acceptances. Assists with project management.

Governance

Supports and assists a comprehensive governance program, including the establishment of security policies, standards, and procedures by taking a risk-based approach with the program.

Uses various frameworks, guidelines, and standards (i.e. NIST Cybersecurity Framework, Center for Internet Controls Implementation Groups, Center for Internet Security Benchmarks, NIST 800-53 and 800-171, and ISO 27001) requirements as a guide in the security risk program design.

Solicits input from various areas of the Judiciary as part of the implementation and management of the governance program.

Solicits input from various areas of the Judiciary as part of the implementation and management of the governance program.Solicits input from various areas of the Judiciary as part of the implementation and management of the governance program.Solicits input from various areas of the Judiciary as part of the implementation and management of the governance program.

Education:

Bachelor's degree from an accredited college or university

Experience:

Two (2) years of work experience in the areas of Information Technology security compliance, IT risk management, or IT auditing.

Note: Professional work experience as defined above may be substituted on a year for year basis for up to four (4) years of the required education.

Knowledge of:

Information security, risk management, and security compliance in a large-scale enterprise environment.

Audit and identify control levels and processes in an enterprise infrastructure and information systems.

Project management skills (task identification, prioritization, and documentation).

Security measures, leading practices, and security systems.

Technology processes and technology background.

Project management processes.

Skill in:

Critical thinking with strong attention to detail and follow up.

Professionalism and personal integrity.

Handling sensitive situations and people.

Interpersonal relations.

Written and verbal communications, effectively tailoring the communication to the needs and experience of the intended audience.

Analytical thought, organization, and attention to detail.

Understanding new technologies.

Ability to:

Effectively balance multiple responsibilities which may frequently change.

Learn information quickly and apply risk/control considerations which impact downstream decisions.

Communicate effectively with internal and external auditors.

Be well organized, work independently, and meet deadlines.

Assess potential problems and make sound judgments around issues that may have an adverse effect on the Judiciary.

Work well under pressure and with a high degree of independence.

Work collaboratively with others to achieve defined goals.

Maintain high level of confidentiality.

Remain actively involved with industry peers to stay current with security practices, guidelines, legislation, etc. and use this knowledge to implement and promote continuous improvement of Judiciary's state of security.

Glean important details from information security and other technical tools to analyze and interpret relevant security information.

The Maryland Judiciary is a drug-free workplace and an equal opportunity employer, committed to diversity in the workplace. We do not discriminate on the basis of race, color, religion, age, sex, marital status, national origin, physical or mental disability, familial status, genetic information, gender identity or expression, sexual orientation, or any other characteristic protected by State or federal law. Applicants who need an ADA Accommodation for an interview should request the accommodation when notified of a request to be interviewed. Applicants must be United States citizens or eligible to work in the United States.