Governance, Risk
4 weeks ago
Introduction
The Department of Information Technology (DoIT)\r
leads the State in the creation and implementation of information technology\r
solutions that improve IT infrastructure and government services across units\r
of State government and keeps Maryland current within IT industry trends.\r
GRADE
STD 0025\r
LOCATION OF POSITION
\r
Dept. of Information Technology\r
100 Community Place\r
Crownsville, MD� 21032\r
\r
\r
Main Purpose of Job
The GRC Manager will manage the creation and execution of risk and controls assessments, system authorization-to-operate (ATO) assessments, and associated processes to manage and execute these programs across units of State gov. within the Executive branch.\r
\r
\r
As part of the risk and controls assessments, the GRC Manager will assist the GRC Director and support the implementation of a statewide GRC module and system that generates and manages risk registers, issue tracking, corrective action plans (CAPs), and key metric reporting for DoIT operations and security executives, agency leadership, and the Governor's Office. The GRC Manager will ensure the continued development, maintenance, enhancement, and execution of assessments that fully integrate the State of Maryland and DoIT required security standards, NIST control frameworks, and regulatory related compliance with PII, PCI, PHI, CJIS, FTI and other regulated data types.\r
\r
\r
***This is a Management Service position which serves at the pleasure of the Appointing Authority***\r
\r
POSITION DUTIES
\r
\r
Manage governance, risk, and\r
compliance (GRC) programs, complex GRC projects, ATO program development and\r
management, and assessments for units of State Government within the Executive\r
branch, including supporting the building of the GRC program, managing\r
respective program and budget and staff, and developing the program's\r
processes, procedures, and technologies.\r
\r
\r
\r
\r
\r
\r
Build and use the Agency's GRC\r
software solution to manage the organization's cybersecurity and risk\r
assessments, authorization to operate (ATO), processes and procedures, privacy\r
assessments, compliance issue mitigation, and plan of actions and milestones\r
(POAMs) which align with known or established compliance frameworks such as the\r
National Institute of Standards and Technology (NIST) Cybersecurity Framework\r
(CSF), NIST SP 800-53, Center for Internet Security (CIS) Critical Security\r
Controls (CSC), and International Standardization for Organization (ISO \r
\r
\r
\r
\r
\r
\r
Manage and execute system and\r
risk assessments including resolution of discovered issues and development of\r
POAM documentation. Update enterprise-level IT and cybersecurity risks;\r
including updating a risk register, quantifying the risk impact, developing\r
risk mitigation strategies, reducing risk and evaluating risk acceptance by\r
management.\r
\r
\r
\r
\r
\r
\r
Contribute to the Agency's\r
third-party vendor risk management program including assessments and\r
attestations made by such organizations in the form of Service Organization\r
Control (SOC) 2 Type II audits and related security assessments.\r
\r
\r
\r
\r
\r
\r
Supervise the work of\r
respective GRC staff, including, but not limited to the GRC Analyst and ATO\r
Assessor in the performance of his/her daily job duties.\r
\r
\r
\r
\r
\r
\r
Support Agency\r
privacy officer functions.�\r
\r
\r
MINIMUM QUALIFICATIONS
Education:� A bachelor's degree from an accredited college\r
or university in cybersecurity, information technology, or related field. \r
\r
\r
\r
\r
\r
Experience: \r
1. Two years' experience working in a governance, risk, and compliance (GRC) role\r
which includes managing programs, projects, and assessments, using GRC tools/platforms,\r
such as ServiceNow or another similar technology platform and a working\r
knowledge of the Authorization to Operate (ATO) process.� \r
\r
\r
2. One of the two years of\r
this experience must have been in a supervisory capacity.\r
DESIRED OR PREFERRED QUALIFICATIONS
Preference will\r
be given to candidates who have one or more of the following skillsets or\r
experience:\r
\r
\r
\r
Understanding and\r
working knowledge in each of the following areas: regulatory and security\r
requirements regarding specific data types including Federal Tax Information\r
(FTI), Personally Identifiable Information (PII), Protected Health Information\r
(PHI), Payment Card Industry (PCI), and Criminal Justice Information Systems\r
(CJIS).\r
\r
\r
\r
Strong understanding of: National Institute of Standards and Technology (NIST)\r
SP including a mapping of Rev.4 to Rev.5), Internal Revenue Service\r
(IRS) Publication 1075 Cybersecurity Guidelines, NIST Cybersecurity Framework,\r
Center for Internet Security (CIS) Top 20 - Critical Security Controls,\r
Information Technology Infrastructure Library (ITIL) Concepts, and relevant\r
cybersecurity and IT laws and regulations.\r
\r
\r
\r
\r
\r
\r
Experience managing cybersecurity governance, risk and compliance in a Federal,\r
State or Local Government environment.\r
\r
\r
\r
\r
\r
\r
Certifications - One or more of the following: CISSP, CISM, GEIT, GRCP, CRISC,\r
PMI or RMP.\r
\r
\r
\r
SELECTION PROCESS
Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date.�We will not consider information submitted after this date.�Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the�eligible (employment) list for at least one year.\r
EXAMINATION PROCESS
The assessment may consist of a rating of your education, training, and experience related to the requirements of the position.�It is important that you provide complete and accurate information on your application.�Please report all experience and education that is related to this position.\r
BENEFITS
STATE OF MARYLAND BENEFITS\r
FURTHER INSTRUCTIONS
Online applications are highly recommended. However, if you are unable to apply online,�the paper application and supplemental questionnaire may be submitted to:�Department of Budget and Management, Recruitment and�Examination Division, 301 W. Preston St., Baltimore, MD 21201.�Paper application materials must be received in our office�by the�closing date for the recruitment. No postmarks will be accepted.\r
For questions regarding this recruitment, please contact the�DBM Recruitment and�Examination Division at �or ,�MD TTY Relay Service \r
We thank our Veterans for their service to our country.\r
People with disabilities and bilingual candidates are encouraged to apply.\r
As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.\r
\r
\r
For education obtained outside the U.S., a copy of the equivalent American education as determined by a foreign credential evaluation service must be provided prior to hire.\r
-
Information Systems Security Engineer Level 2
4 weeks ago
Annapolis Junction, Maryland, United States Kenjya Trusant Group Full timeThe Kenjya-Trusant Group (KTG) is seeking an Information Systems Security Engineer Level 2 to support an existing project providing cross domain solutions over several networks at multiple levels of securitySECURITY REQUIREMENT:TS/SCI w/Full Scope PolyJob Description:The Information Systems Security Engineer (ISSE) shall perform, or review, technical...
-
GIS Analyst III
4 weeks ago
Annapolis, Maryland, United States State of Maryland - Maryland Department of Emergency Management - A Full timeIntroductionThe Maryland Department of Emergency Management (MDEM) is looking for a diligent, detail-�oriented individual who is excited about making Maryland a safer place to live and work by joining�our Risk Analysis team and performing real-time, forward-looking risk analysis for all hazards.�MDEM's mission is to proactively reduce disaster risks...
-
fiscal services administrator ii
2 weeks ago
Annapolis, Maryland, United States State of Maryland - Maryland Department of Emergency Management Full timeIntroductionThe Maryland Department of Emergency Management (MDEM) is looking for a diligent, detail-oriented individual who is excited about making Maryland a safer place to live and work.\rMDEM's mission is to proactively reduce disaster risks and reliably manage consequences through collaborative work with Maryland's communities and partners. MDEM is the...
-
librarian (systems)
1 month ago
Annapolis, Maryland, United States USAJobs Full timeDutiesYou will lead programming for all aspects of the Library's web/CMS environment by planning and leading the execution of design initiatives You will provide system support for all Library-specific systems and software products; assist with the life cycle management of Library-use hardware and software You will perform other duties in support of the...
-
Senior Information System Security Engineer
1 month ago
Annapolis Junction, Maryland, United States BAE Systems Full timeJob Description The selected candidate will join a high performing agile team that uses the Scaled Agile Framework (SAFe) methodology to support a nationally significant and fast-paced program. Program execution follows DEVOPS best practices and employs robust development, test and production environments. Test Driven Development (TDD) and test automation...
-
Embedded System Engineer
1 month ago
Annapolis Junction, Maryland, United States BAE Systems Full timeJob Description The Program is looking for a System Engineer to join a high performing agile team using the Scaled Agile Framework (SAFe) methodology. We are using Behavior Driven Development (BDD) and test automation tools alongside a full suite of team collaboration tools. Program execution follows DEVOPS best practices and employs robust development,...
-
System Engineer/ Integration
7 days ago
Annapolis Junction, Maryland, United States BAE Systems Full timeJob Description Candidates must possess the high level of in-depth expertise required to design and develop new capabilities for a complex system with exacting interface, performance, and security requirements. The selected individual will provide system engineering expertise in several of the following areas: architecture, design, development, requirements...
-
Technical Expert for Servers
1 month ago
Annapolis Junction, Maryland, United States BAE Systems Full timeJob Description Unlock the Power of Supercomputing: Join BAE Systems-One of the Leading Service Providers of HPCsContribute to one of our longest running programs where we orchestrate the support and sustainment of some of the world's largest and most advanced supercomputers.We are more than just gatekeepers, we are the vanguard of support for the modern...
-
Senior Government Contracts Attorney
1 week ago
Annapolis Junction, United States Livanta LLC Full timeSummary The Senior Government Contracts Attorney assists the legal team and other senior executives of Company. The Senior Government Contracts Attorney ensures Company’s compliance with various laws, regulations, and government contractual requirements. The Senior Government Contracts Attorney also assists the executive team in providing guidance and...
-
Senior Government Contracts Attorney
1 week ago
Annapolis Junction, MD, United States Livanta LLC Full timeSummary The Senior Government Contracts Attorney assists the legal team and other senior executives of Company. The Senior Government Contracts Attorney ensures Company’s compliance with various laws, regulations, and government contractual requirements. The Senior Government Contracts Attorney also assists the executive team in providing guidance and...
-
Risk Management Framework
4 weeks ago
Annapolis Junction, United States Acclaim Technical Services Full timeAcclaim Technical Services, founded in 2000, is a leading language and intelligence services company supporting a wide range of U.S. Federal agencies. We are an Employee Stock Ownership Plan (ESOP) company, which is uncommon within our business sector. We see this as a significant strength, and it shows: ATS is consistently ranked as a top workplace among DC...
-
Information Security Systems Engineer
6 days ago
Annapolis, United States cFocus Software Incorporated Full timecFocus Software is seeking an Information Systems Security Engineer to join our program in Annapolis Junction, MD. This position requires an active TS/SCI CI Poly clearance. Responsibilities: Advise on in-depth security design review and threat/risk assessments. Provide inputs to technical artifacts, including Plans of Action and Milestones (POA&Ms),...
-
Information System Security Officer
1 week ago
Annapolis, United States Farfield Systems, Inc Full timeAbout Farfield Systems, Inc At Farfield we are committed to delivering trusted expertise to our government clients. As we grow, our focus is on increasing opportunities for you to grow with us while still delivering the same excellence customers have grown to expect from us. We continually evaluate our environment to provide a place where your career is...
-
Information System Security Engineer
6 days ago
Annapolis, United States 2HB Incorporated Full timeThis is a full-time position, and requires a TS/SCI/Full Scope Polygraph Clearance. 2HB Incorporated is seeking a Mid Level Information System Security Engineer in order to support its government customer in Annapolis Junction, MD. This opening is for a recently awarded program that delivers a wide set of capabilities across the enterprise to include data...
-
Radio Frequency Wideband SME
1 day ago
Annapolis, United States EMTAK LLC Full timeThe Level 3 Radio Frequency Wideband Subject Matter Expert provides support for Wideband subject matter areas. Analyzes and resolves issues concerning the design, development, use of Radio Frequency (RF) collection systems, and with the preparation of recommendations for system improvements, optimization, development, and maintenance efforts in the following...
-
Program Integrator
6 days ago
Annapolis, United States Omnyon Full timeJob Description * Directly supporting PMO * Need to understand Program Management * Nice to have FORNSAT knowledge/experience 1. Provide acquisition support on functions of program management by analyzing financial execution and projection reports from vendors; liaising with Government Contract Managers (GCMs) to address any anomalies/concerns regarding...
-
Sr. System Engineer
4 weeks ago
Annapolis, United States (EDO) Entertainment Data Oracle, Inc. Full timeFreedom Technology Solutions Group is seeking a Senior System Engineer. Our mission supports the Government Corporate Management Services (CMS) by providing full life cycle support services through the sustainment, modernization, and transformation of the enterprise corporate applications. As soon as an employee enters a customer facility, they touch one of...
-
Program Integrator Level 2
6 days ago
Annapolis, United States Jovian Concepts Inc Full timeJob Description Provide acquisition support on functions of program management by analyzing financial execution and projection reports from vendors; liaising with Government Contract Managers (GCMs) to address any anomalies/concerns regarding contract performance and reporting; analyzing financial execution reports from Government Business Financial...
-
Program Integrator
4 days ago
Annapolis, United States Omnyon Full timeJob Description Provide data analytic support for the BCMO chief and division chiefs. Will be responsible for proactively analyzing large amounts of financial and contract data to report to leadership any patterns or metrics which would need to be corrected by the BFM/CM workforce. Needs to possess a deep knowledge of BFM processes and understand Agency...
-
Help Desk Specialist
6 days ago
Annapolis Junction, United States Kaizen Approach Full timeWe are currently looking to hire an experienced Information Systems Security Engineer to perform and/or review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies . You will validate and verify...
-
RRGT ASAC
4 weeks ago
Annapolis Junction, United States Tailored Access, LLC Full timeThe Information Systems Security Engineer (ISSE) shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies. Validates and verifies system security requirements definitions and...
-
Commercial Contract
1 week ago
Annapolis Junction, MD, United States Livanta LLC Full timeThe Senior Government Contracts Attorney assists the legal team and other senior executives of Company. The Senior Government Contracts Attorney ensures Company’s compliance with various laws, regulations, and government contractual requirements. The Senior Government Contracts Attorney also assists the executive team in providing guidance and oversight of...
-
RMF Cybersecurity Analyst- TS/SCI
14 hours ago
Annapolis, United States General Dynamics Information Technology Full timeGDIT is your place. Make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is smarter. Our work depends on a Risk Management Framework Cybersecurity Analyst joining our team to support Government activities in Washington, D.C., Annapolis Junction,...
-
RRGT ASAC
6 days ago
Annapolis Junction, United States Tailored Access LLC Full timeDescription The Information Systems Security Engineer (ISSE) shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies. Validates and verifies system security requirements...
-
Annapolis, United States 2HB Incorporated Full timeThis is a full-time position, and MUST HAVE a TS/SCI/Full Scope Polygraph Clearance. 2HB Incorporated is seeking a Sr. in order to support its government customer in Annapolis Junction, MD . Provides aid to the program, organization, system, or enclave's information assurance program. Lends assistance for proposing, coordinating, implementing, and enforcing...
-
Information Systems Security Engineer L2
2 hours ago
Annapolis Junction, United States Emtak LLC Full timeInformation Systems Security Engineer L2 - ILMR - TS/SCI Poly required Annapolis Junction, MD · Information Technology Apply Now The ideal candidate for this level 2 ISSE opportunity will have the following experience: **DoD 8570.01-M compliance with IASAE Level 2 is required CISSP Certification is required. • Certification that meets Information...
-
Lead Systems Engineer
1 day ago
Annapolis, United States Waypoint Human Capital Full timePosition Title: Lead Systems Engineer Position Type: Onsite Position Location: Annapolis Junction, MD Clearance: Active TS/SCI++ Poly Waypoint's client is a leading organization in the technology sector, dedicated to innovation and excellence in their field. Seeking a highly skilled Systems Engineer to join their team. Responsibilities: ...
-
Test Engineer with Security Clearance
4 weeks ago
Annapolis Junction, United States Cornerstone Defense Full timeTitle: Test Engineer Location: Annapolis Junction, MD *Clearance: *Active TS/SCI w/ Polygraph needed to apply * Company Overview: Cornerstone Defense, in partnership with our military, intelligence, and civil government customers, supports U.S. operations worldwide through the use of many different types of intelligence, satellite, and cyber technologies....