Together, we innovate for a stronger Colorado
The work of employees at the Governor's Office of Information Technology (OIT) is challenging and diverse because the needs of agencies, customers and Coloradans constantly evolve. But our focus never changes: improve the lives of all Coloradans through innovation and collaboration. We're building one of the nation's leading government IT organizations by reimagining how we support agencies, building first-of-their-kind applications, and creating an inclusive, collaborative culture, together. Join us in the important work of providing equitable access to services.
We believe equity, diversity, and inclusion drive our success, and encourage candidates from all identities, backgrounds, and abilities to apply. We know it's important to support each other, and that means having a healthy balance of work and personal time, and benefits that allow us all to have fulfilling lives.
Watch this video to learn about how OIT is thinking differently!
Description of Job
As our new Risk and Compliance Analyst you will be responsible for performing all activities related to maintaining and coordinating tasks as a major contribution to a successful risk and compliance program at the Office of Information Security (OIS). As a new member of our team, you will be monitoring the conformity of state systems to applicable federal and state, statutory, regulatory, and contractual requirements. In this role, you will be managing audits and risk assessment efforts to identify, quantify, and prioritize risks against established criteria. You will be regularly working in cross-functional teams including internal and external representatives (other department subject matter experts, auditors, and regulatory entities).
Some Of Day-to-Day Duties Include Assisting With The Following
- Performing risk assessments utilizing various regulatory frameworks.
- Gathering of evidence to a central repository for submittal to auditors and for future historical reference.
- Vendor assessments and contract reviews for contractors doing business with the state.
- Creation of common service level standards for the various CISO/SRC functions.
- Developing dashboard reports to communicate the relative effectiveness of the control infrastructure and identify potential trends and themes.
- Regulatory reviews, collection of data and materials for regulators or IA, and assisting the operational departments in gathering requested information in a timely manner.
- Ensuring ongoing analysis of risks, vulnerabilities, and market trends.
Minimum Qualifications, Substitutions, Conditions of Employment & Appeal Rights
A wide salary range is posted for this position and any job offer is based upon a salary analysis to comply with the Colorado Equal Pay for Equal Work Act. The salary analysis considers relevant experience, education, certifications, and state seniority as compared to others doing substantially similar work. While all offers are compliant with the Colorado Equal Pay for Equal Work Act, there is no guarantee an offer will be at the top of the posted range based on the salary analysis.
- Two (2) years of work experience in the IT Security field including Risk and Vulnerability Management; and Compliance and Audit Management.
- Audit/Risk Assessment experience is required.
- Additional appropriate education will substitute for the required experience on a year-for-year basis, but cannot completely substitute for these qualifications.
- Training or Certification related to the work assigned to the position will be assigned credit towards substitution for experience, but cannot completely substitute for these qualifications.
- CRISC, CISA, or CISSP certifications.
- Knowledge or experience in SOC1 and SOC2 and other compliance reports.
- Project Management experience.
- Exemplary customer service and client management skills.
Conditions Of Employment
OIT employees must comply with any screening procedures in place at state entity locations where they might be required to perform work.
A pre-employment background check will be conducted as part of the selection process.
Positions supporting some agencies such as the Department of Corrections and the Department of Public Safety will also require a pre-employment drug test.
This position may require travel within the specified geographic area, and to locations across the state as needed.
This position may require on-call duties as needed by the position.