GOVERNANCE, RISK, & COMPLIANCE ANALYST - 72004167

About The Position

Requirements

• Knowledge of governance, risk, and compliance principles across cybersecurity, data, and enterprise IT domains
• Familiarity with frameworks such as NIST CSF, NIST 800-53, and DAMA-DMBOK
• Ability to analyze risk, compliance, and governance data to support decision-making
• Ability to develop policies, standards, and procedural documentation
• Strong stakeholder engagement and facilitation skills
• Ability to manage multiple initiatives in a fast-paced environment
• Strong analytical, organizational, and problem-solving skills
• Experience in governance, risk, compliance, audit, or IT-related functions
• Experience working with frameworks such as NIST, ISO, or data governance standards
• Ability to support enterprise-level initiatives and cross-functional collaboration

Nice To Haves

• Experience with GRC tools or enterprise risk platforms
• Experience with public sector governance or statewide IT initiatives
• Knowledge of data governance frameworks and practices
• Experience supporting audits, risk assessments, or compliance programs

Responsibilities

• Support GRC operations across multiple domains (cybersecurity, data governance, enterprise architecture, and project oversight).
• Assist in implementation and adoption of a Unified Enterprise GRC Solution, enabling centralized risk tracking, compliance monitoring, and reporting.
• Participate in governance activities including development, review, and maintenance of policies, standards, procedures, and guidelines.
• Develop and maintain templates, playbooks, and process guides aligned with FLDS requirements, NIST CSF, and DAMA-DMBOK.
• Support enterprise governance forums, working groups, and cross-agency collaboration efforts.
• Assist in development and delivery of training, awareness materials, and governance documentation.
• Support development, facilitation, and tracking of:o Triennial enterprise cybersecurity risk assessmentso Annual agency strategic and operational planso Risk remediation plans and recommendations
• Track risk findings, remediation progress, and maturity improvements across agencies.
• Integrate vulnerability, audit, and assessment findings into enterprise risk management processes.
• Assist agencies in identifying risks, prioritizing mitigation strategies, and aligning with statewide standards.
• Contribute to maturity model assessments that measure agency capability and progress over time.
• Support compliance monitoring and audit readiness across multiple regulatory domains.
• Assist with internal and external audits, documentation collection, and remediation tracking.
• Analyze compliance against:o FLDS policies and standardso NIST Cybersecurity Frameworko DAMA-DMBOK data governance practices
• Facilitate coordination with agencies and stakeholders for audit activities and reporting.
• Support development of compliance metrics, dashboards, and reporting capabilities.
• Support implementation of a Data Governance Framework that promotes secure data sharing and collaboration.
• Assist with development of governance artifacts including: o Data standards o Data sharing agreements o Authoritative data source identification
• Contribute to enterprise data maturity assessments and data literacy initiatives.
• Support federated governance efforts that balance enterprise oversight with agency autonomy.
• Support key statewide initiatives including: Strengthening enterprise cybersecurity maturity through a unified GRC solution Establishing maturity models for continuous improvement Implementing secure data sharing and interoperability frameworks Increasing operational technology (OT) cybersecurity maturity to ensure resilient environments
• Maintain knowledge of emerging GRC, cybersecurity, data governance, and enterprise architecture practices.
• Obtain and maintain relevant certifications and continuing education.
• Perform other duties as assigned.
• Other duties as required.