SC Department of Public Safety Risk Management & Compliance Manager II - Office of Information Technology in Richland County, South Carolina
With limited supervision, this individual reviews and evaluates the agency's business processes to identify issues of risk and compliance, specializing in cyber security and IT risk management specific to SCDJJ, and works to establish and implement the information organizational structure and security strategies, priorities, and directives consistent with the State of South Carolina Information Security and Privacy Program. This individual works directly with the State CISO, SCDJJ executive management and SCDJJ IT management to integrate information security strategies, priorities, and directives into SCDJJ business processes, in a manner consistent with the priorities and vision of state security directives, and with the priorities and vision of SCDJJ. Acts as liaison between regulatory entities and SCDJJ to implement required controls in agency policies, procedures, processes, technologies, and practices. Identifies information security compliance requirements based on the nature of the agency's mission and the type of data that is collected, stored, managed, and maintained. Responsible for information security and privacy program requirements, such as business continuity planning, disaster recovery planning, risk management, incident management, and audit compliance. Provides knowledge and guidance to SCDJJ in the following areas: HIPAA, NIST 800-53, MARS-E, CJIS SP. Ensures agency compliance with Division of Information Security, Information Security Program and SCDIS-200 compliance. Leads the development, implementation, and monitoring of agency information security program through collaboration with agency IT and information security staff. Identifies, develops, and maintains information security processes, and the implementation of the plan of action and implementation toward compliance. Implements a documented process for information security risk assessment that clearly identifies and evaluates potential risks and provides appropriate remediation strategies while meeting all state and federal compliance and regulatory requirements. Assists in the management of information security events that occur in a way that minimizes damage to state IT infrastructure, citizen information, intellectual property, and other assets. Conducts regular reviews to determine technology risk levels and propose mitigation activities where necessary. Manages DJJ information security staff and security compliance team (i.e. hire, train, staff development, performance management, and annual performance reviews.) Minimum and Additional Requirements: A bachelor's degree in business management, accounting, computer science, or related field and 5 years of experience in risk management or compliance, part of which was in a leadership role to include compliance planning, scheduling, assignment and monitoring of staff and resources. Project management experience related to compliance efforts may be substituted for leadership experience requirement. Preferred Qualifications: Professional certification related to information security or privacy (ex: CISM, CISSP, GSLC, CIPP, HCISPP) or similar certification is preferred.
Must have excellent written and verbal communication skills and the ability to communicate compliance and risk concepts to a broad range of technical and non-technical audiences. Ability to foster participation and work cooperatively with agencies, state executives, and staff. Expert understanding of healthcare related information security and privacy regulations, requirements, and best practices. This individual could be required to work extended hours and must be able to work around juveniles in an incarcerate setting. Possible occasional overnight travel or daily travel within SC. Additional Comments: Applications are incomplete if you fail to answer all supplemental questions, education and work history. Incomplete applications are not referred to hiring managers. Applications are accepted until 5:00 p.m. on the stated closing date. You will be asked to provide a certified transcript if selected for a position requiring a degree. A background investigation will be conducted that may include, but not limited to, criminal records, driver's license and child abuse registry prior to an offer of employment. Additionally, a medical examination and drug testing may be required. Please provide an explanation for any gaps in employment. A resume may be attached with your application, but not substituted for completing the work history section of the application.
Job Title: Risk Management & Compliance Manager II - Office of Information Technology
Agency: Department of Juvenile Justice
Opening Date: Mon. 10/17/16
Closing Date/Time: Mon. 10/31/16 5:00 PM Eastern Time
State Salary Range: $59,161.00 - $109,457.00 annually
Agency Hiring Range: Min: $71,982.00 Max:
Job Type: FTE - Full-Time
Location: Richland County, South Carolina
Normal Work Schedule: Monday - Friday (8:30 - 5:00)