Grc Project Manager

About The Position

Requirements

• A Bachelor’s degree from an accredited college or university in Information Technology, Cybersecurity, Public Policy, Business Administration, or a related field.
• Three years of experience performing project management work in an IT Security, Risk Management, or Compliance GRC environment.

Nice To Haves

• Proven experience using Agile methodologies and project management tools (e.g., Azure DevOps, Jira, or similar) to track scope, budget, and schedules.
• Demonstrated ability to lead cross-functional teams and communicate complex security or regulatory requirements to non-technical stakeholders.
• Possession of a Project Management Professional (PMP) certification, or a GRC-related certification such as Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC).
• One year of working experience/understanding of Cybersecurity and AI Governance/Ethics frameworks, as it would relate to this position’s responsibility over the State’s AI Governance projects.

Responsibilities

• Reporting and Governance: Provide weekly scope, budget, and schedule status updates on the accomplishments, milestones, tasks, roadblocks, issues, and risks related to the Cybersecurity and Privacy Program.
• Program Leadership: Lead cross-functional teams and technical resources to prioritize the delivery of high-quality programs under the GRC directorate that meet business needs and mandated requirements.
• Planning and Artifacts: Oversee the development and approval of program plans, focusing on the security and privacy roadmap areas. Develop and update project charters, business objectives, scope statements, success criteria, and other project artifacts as required for GRC initiatives related Cybersecurity and Privacy Policy Suite, Risk Management, AI Governance, and IT Policy programs.
• Alignment and Scope: Ensure alignment between State CISO priority initiatives and the GRC directorate’s strategic direction. Manage program scope to align work efforts to GRC directorate’s goals and objectives.
• Development and Management: Manage work activities to ensure conformity to the program scope, timelines, and budgets, utilizing Azure DevOps (ADO) or another State CISO assigned program/project management tool. Develop and manage budgets and resourcing plans for the programs, and track performance against these plans.
• Metrics and Quality: Develop performance and quality measures and metrics for program management activities, track, periodically analyze and report on measures, including key risk indicators (KRIs) and key performance indicators (KPIs).
• Program Implementation: Develop transition activities and roll-out schedules for new security and privacy controls or compliance frameworks. Ensure work and deliverables, as defined in issued work orders and project plans, are completed and meet legal, regulatory, and policy mandates.
• Stakeholder Management: Motivate the program teams and forge consensus around program goals and objectives. Promote a customer service relationship among peers. Develop and implement communication strategies to improve transparency and promote awareness of program areas and issues to stakeholders and agency partners.
• Change Control: Integrate change management and change control practices into the program as required, especially concerning changes to GRC processes or security controls.
• Documentation: Maintain an organized repository for project documentation, including any presentations, plans, reports and relevant correspondence.

Benefits

• Subsidized health benefits coverage for themselves and their dependents.
• Paid leave will accrue at a rate of one hour for every 30 hours worked.