DC Department of Human Resources
Supervisory IT Specialist (Governance, Risk, and Compliance)
DC Department of Human Resources, Washington, District of Columbia, us, 20022
Supervisory IT Specialist (Governance, Risk, and Compliance)
Join to apply for the
Supervisory IT Specialist (Governance, Risk, and Compliance)
role at
DC Department of Human Resources
Job Summary This position is at the District of Columbia, Office of the Chief Technology Officer (OCTO). The purpose of the position is to provide management oversight of the security GRC (Governance, Risk, and Compliance) programs under the direct authority of the Chief Information Security Officer (CISO). This position carries out the District Government’s responsibilities in securing enterprise information by determining GRC requirements, planning, implementing, and testing GRC systems; preparing GRC standards and procedures; mentoring team members. The position serves as the GRC Security Manager supporting OCTO Program Managers and District Agency Chief Information Officers (CIOs) in all aspects of GRC design and implementations.
Duties And Responsibilities The GRC Manager is responsible for leading the information security risk, governance and compliance programs. The incumbent leads the information security risk management practice, information security policy & compliance framework services systems and processes. Help ensure the District is compliant with regulatory requirements and other control frameworks. Oversee formal vulnerability and patch management program across the enterprise. Develop the blueprint to identify information security solutions for the District’s GRC regulatory and strategic security requirements. The incumbent will define, plan, design and apply architectural elements in the analysis, planning, design, implementation documentation, assessment and management of the enterprise risk management that is aligned with the information technology (IT) strategy and the agency mission, goals, structure and processes. Develop security design requirements through sound design methodology, adequate security control application and effective configuration practices. This position will ensure testing and maintenance of enterprise risk management strategy and provide risk management oversight solutions by incorporating every aspect of the security policy framework to support the organization’s key business processes and organizational mission.
The incumbent will function as an interface between the OCTO Program Managers and the OCTO Security Division to develop and implement counter‑measures to contain, control and recover from dynamic security risks. Use knowledge about current threats to identify flaws and weaknesses in the composition of system designs and defenses for the mission critical data. Specific solutions and verify solutions that have been implemented. Rapidly adjust designs based on new defense, threat, and attack information. Provide hands‑on analysis and quality assurance for the District Government network GRC security team, evaluate the design and effectiveness of operation and technical information security controls to develop quantitative risk insight to senior management to ensure data‑driven decision making for future investments and initiatives, and leverage experience of large enterprise design and securing of complex technology solutions. Develop, maintain, and act as custodian for security standards and processes including, but not limited to, applications and implement risk assessment methodology, oversee risk assessments and audit for District Agencies, lead the creation and documentation of internal processes that support the GRC function, emerging technologies to determine where the Security Division fills gaps, overlap with existing solutions or extend capabilities; provide advisory and consulting services as requested and required.
Performs other related duties as assigned.
Qualifications And Education Applicant must possess at least one (1) year of specialized experience equivalent to the grade 14 level. Specialized experience is experience which is directly related to the line of work of the position and has equipped the applicant with the particular knowledge, skills, and abilities to successfully perform the duties of the position.
LICENSES AND CERTIFICATIONS CISSP, CISA, CRISC, CISM certification is desired.
WORKING CONDITIONS/ENVIRONMENT The work is sedentary in nature. The work is performed in an office setting with local travel required.
Other Significant Facts Promotion Potential: No Known Promotion Potential
Appointment Type: Management Supervisory Service (MSS) - Regular Appointment
Pay Plan, Series and Grade: MS-2210-15
Collective Bargaining: This position is not in the Collective Bargaining Unit
Essential/Emergency Designation: This position may have an Essential or Emergency Employee Designation. The incumbent may be required in essential or emergency situations or when authorized by the agency head to perform critical tasks.
Position Designation: The incumbent of this position will be subject to enhanced suitability screening pursuant to Chapter 4 of DC Personnel Regulations, Suitability – Security Sensitive.
The incumbent in this position is designated as an emergency employee.
Residency Requirement: If the position you are applying for is in the Career, Management Supervisory, or Educational Service at an annual salary of one hundred fifty thousand dollars ($150,000) or more, you must establish residency in the District of Columbia within one hundred eighty (180) days of the effective date of the appointment and continue to maintain residency within the District of Columbia throughout the duration of the appointment.
Residency Preference: When claiming residency preference, you are required, and must agree in writing, to maintain bona fide District residency for a period of seven (7) consecutive years from the effective date of employment. You will be required to present documents (proofs) to show District residency and failure to maintain bona‑fide District residency for the seven‑year (7‑year) period will result in forfeiture of employment.
EEO Statement The District of Columbia Government is an Equal Opportunity Employer. All qualified candidates will receive consideration without regard to race, color, religion, national origin, sex, age, marital status, personal appearance, sexual orientation, family responsibilities, matriculation, physical handicap, or political affiliation.
Please note that applications received for this vacancy announcement may be considered for other vacant positions within OCTO pursuant to qualifications.
Drug Free Workplace The District of Columbia government maintains a drug‑free work environment policy. All District employees are subject to post‑accident/incident and reasonable suspicion drug and alcohol tests.
Contact www.dc.gov
Additional Resources https://octo.dc.gov/
https://dchr.dc.gov/page/employee-benefits
https://washington.org/
Seniority Level Mid-Senior level
Employment Type Full-time
Job Function Information Technology
Industries Human Resources Services
#J-18808-Ljbffr
Supervisory IT Specialist (Governance, Risk, and Compliance)
role at
DC Department of Human Resources
Job Summary This position is at the District of Columbia, Office of the Chief Technology Officer (OCTO). The purpose of the position is to provide management oversight of the security GRC (Governance, Risk, and Compliance) programs under the direct authority of the Chief Information Security Officer (CISO). This position carries out the District Government’s responsibilities in securing enterprise information by determining GRC requirements, planning, implementing, and testing GRC systems; preparing GRC standards and procedures; mentoring team members. The position serves as the GRC Security Manager supporting OCTO Program Managers and District Agency Chief Information Officers (CIOs) in all aspects of GRC design and implementations.
Duties And Responsibilities The GRC Manager is responsible for leading the information security risk, governance and compliance programs. The incumbent leads the information security risk management practice, information security policy & compliance framework services systems and processes. Help ensure the District is compliant with regulatory requirements and other control frameworks. Oversee formal vulnerability and patch management program across the enterprise. Develop the blueprint to identify information security solutions for the District’s GRC regulatory and strategic security requirements. The incumbent will define, plan, design and apply architectural elements in the analysis, planning, design, implementation documentation, assessment and management of the enterprise risk management that is aligned with the information technology (IT) strategy and the agency mission, goals, structure and processes. Develop security design requirements through sound design methodology, adequate security control application and effective configuration practices. This position will ensure testing and maintenance of enterprise risk management strategy and provide risk management oversight solutions by incorporating every aspect of the security policy framework to support the organization’s key business processes and organizational mission.
The incumbent will function as an interface between the OCTO Program Managers and the OCTO Security Division to develop and implement counter‑measures to contain, control and recover from dynamic security risks. Use knowledge about current threats to identify flaws and weaknesses in the composition of system designs and defenses for the mission critical data. Specific solutions and verify solutions that have been implemented. Rapidly adjust designs based on new defense, threat, and attack information. Provide hands‑on analysis and quality assurance for the District Government network GRC security team, evaluate the design and effectiveness of operation and technical information security controls to develop quantitative risk insight to senior management to ensure data‑driven decision making for future investments and initiatives, and leverage experience of large enterprise design and securing of complex technology solutions. Develop, maintain, and act as custodian for security standards and processes including, but not limited to, applications and implement risk assessment methodology, oversee risk assessments and audit for District Agencies, lead the creation and documentation of internal processes that support the GRC function, emerging technologies to determine where the Security Division fills gaps, overlap with existing solutions or extend capabilities; provide advisory and consulting services as requested and required.
Performs other related duties as assigned.
Qualifications And Education Applicant must possess at least one (1) year of specialized experience equivalent to the grade 14 level. Specialized experience is experience which is directly related to the line of work of the position and has equipped the applicant with the particular knowledge, skills, and abilities to successfully perform the duties of the position.
LICENSES AND CERTIFICATIONS CISSP, CISA, CRISC, CISM certification is desired.
WORKING CONDITIONS/ENVIRONMENT The work is sedentary in nature. The work is performed in an office setting with local travel required.
Other Significant Facts Promotion Potential: No Known Promotion Potential
Appointment Type: Management Supervisory Service (MSS) - Regular Appointment
Pay Plan, Series and Grade: MS-2210-15
Collective Bargaining: This position is not in the Collective Bargaining Unit
Essential/Emergency Designation: This position may have an Essential or Emergency Employee Designation. The incumbent may be required in essential or emergency situations or when authorized by the agency head to perform critical tasks.
Position Designation: The incumbent of this position will be subject to enhanced suitability screening pursuant to Chapter 4 of DC Personnel Regulations, Suitability – Security Sensitive.
The incumbent in this position is designated as an emergency employee.
Residency Requirement: If the position you are applying for is in the Career, Management Supervisory, or Educational Service at an annual salary of one hundred fifty thousand dollars ($150,000) or more, you must establish residency in the District of Columbia within one hundred eighty (180) days of the effective date of the appointment and continue to maintain residency within the District of Columbia throughout the duration of the appointment.
Residency Preference: When claiming residency preference, you are required, and must agree in writing, to maintain bona fide District residency for a period of seven (7) consecutive years from the effective date of employment. You will be required to present documents (proofs) to show District residency and failure to maintain bona‑fide District residency for the seven‑year (7‑year) period will result in forfeiture of employment.
EEO Statement The District of Columbia Government is an Equal Opportunity Employer. All qualified candidates will receive consideration without regard to race, color, religion, national origin, sex, age, marital status, personal appearance, sexual orientation, family responsibilities, matriculation, physical handicap, or political affiliation.
Please note that applications received for this vacancy announcement may be considered for other vacant positions within OCTO pursuant to qualifications.
Drug Free Workplace The District of Columbia government maintains a drug‑free work environment policy. All District employees are subject to post‑accident/incident and reasonable suspicion drug and alcohol tests.
Contact www.dc.gov
Additional Resources https://octo.dc.gov/
https://dchr.dc.gov/page/employee-benefits
https://washington.org/
Seniority Level Mid-Senior level
Employment Type Full-time
Job Function Information Technology
Industries Human Resources Services
#J-18808-Ljbffr