GOVERNANCE, RISK, & COMPLIANCE LEAD - 72004175

About The Position

Requirements

• Advanced knowledge of enterprise GRC practices across cybersecurity, data management, and program oversight domains
• Strong understanding of NIST Cybersecurity Framework, risk management methodologies, and compliance requirements
• Knowledge of data governance principles and DAMA-DMBOK framework
• Experience designing and implementing maturity models and continuous improvement programs
• Ability to synthesize complex, multi-domain inputs into clear enterprise-level insights and reporting
• Strong communication skills, with the ability to influence across executive, technical, and business audiences
• Ability to operate effectively in an influence-based, cross-agency environment without direct authority
• Demonstrated ability to lead and integrate work across a small, domain-specialized team
• Strong analytical and critical thinking skills, particularly in identifying systemic risks and trends
• Bachelor’s degree from an accredited institution in information systems, cybersecurity, data management, business administration, public administration, or a related field.
• Ability to sit for extended periods of time.
• Ability to stand for extended periods of time.
• Ability to drive and/or fly long distances.
• Ability to lift, push and pull up to 30lbs.
• Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes and the Federal Bureau of Investigation’s CJIS Security Policy CJISD-ITS-DOC-08140.

Nice To Haves

• Graduate degree preferred.
• Highly Preferred Certifications: CISM, CISA, CRISC, CGEIT
• Preferred Certifications: CDMP, CISSP, PMP
• Within 12 months maintain or obtain one of the following certifications – CDMP, CISM, CISA, CRISC, CGEIT
• Within 24 months obtain and/or maintain certifications relevant to assigned domains (e.g., CISSP, CDMP, PMP, or privacy certifications).
• Maintain all required certifications through ongoing continuing professional education (CPE) in alignment with industry and regulatory expectations

Responsibilities

• Serve as the primary coordination point across CDO, CISO, and FLDS program oversight functions to align governance, risk, and maturity initiatives.
• Supervise and lead a small, cross-functional team of GRC analysts aligned to cybersecurity, data management, and program oversight domains.
• Establish consistent methodologies, templates, and expectations across analysts to ensure standardized outputs and comparability.
• Integrate domain-level work into unified enterprise deliverables, including maturity assessments, dashboards, and the statewide cybersecurity plan.
• Promote coordination and knowledge sharing across domain-aligned analysts to prevent siloed approaches.
• Personally lead synthesis of team outputs into executive-level reporting and enterprise decision support.
• Integrate cybersecurity, data management, and programmatic perspectives into a unified enterprise view.
• Identify and resolve cross-functional gaps, overlaps, and inconsistencies in standards, reporting, and risk interpretation.
• Ensure enterprise GRC practices support statewide strategic priorities across all domains.
• Align metrics, maturity models, and reporting approaches across cybersecurity, data management, and program oversight functions.
• Lead development and delivery of the statewide enterprise cybersecurity plan, consolidating agency strategic and operational cybersecurity plans in accordance with statutory requirements.
• Serve as the authoritative integrator of agency cybersecurity inputs into a statewide enterprise risk perspective.
• Evaluate submissions for completeness, consistency, and alignment to enterprise standards.
• Identify systemic risks, capability gaps, and cross-agency dependencies.
• Provide executive-level reporting on statewide cybersecurity posture, including trends, material risks, and areas requiring leadership attention.
• Establish repeatable processes for collection, validation, and analysis of agency cybersecurity data.
• Design and implement a unified enterprise GRC maturity model spanning cybersecurity, data management, and programmatic oversight domains.
• Establish standardized methodologies for risk assessment, maturity evaluation, and performance measurement.
• Drive measurable improvements in agency maturity through structured assessment cycles, benchmarking, and targeted follow-up.
• Develop enterprise metrics, dashboards, and reporting to support visibility, trend analysis, and decision-making.
• Define and maintain enterprise standards, frameworks, and methodologies aligned with NIST CSF and applicable regulatory requirements.
• Provide independent challenge and guidance to agencies on risk identification, mitigation strategies, and control effectiveness.
• Promote consistency in planning, risk management, and governance practices across agencies.
• Elevate systemic issues and misalignment through established governance channels.
• Operate without direct ownership of agency execution, focusing on alignment, evaluation, and accountability through visibility.
• Lead development and rollout of a statewide data governance framework aligned with DAMA-DMBOK principles.
• Create and maintain practical guidance, templates, and playbooks to support agency adoption.
• Establish and operate a data governance center of excellence to enable agency maturity.
• Support development of enterprise data literacy initiatives to improve data-driven decision-making.
• Drive adoption of consistent data governance practices across agencies.
• Establish standardized approaches for enterprise assessments, including cybersecurity risk and maturity evaluations.
• Coordinate enterprise-level audit activities in partnership with agencies and oversight bodies.
• Ensure findings are integrated into enterprise reporting, maturity models, and improvement planning.
• Maintain visibility into remediation progress and systemic risk themes across agencies.
• Other duties as required.

Benefits

• The State of Florida supports a Drug-Free workplace.