Risk and Compliance Specialist - Information Technology Division
State of North Carolina
14d•$75,000 - $90,000•Hybrid
About The Position
This position is designated as Exempt Policy-Making under G.S. 126-5(c)(3) and is considered an at-will appointment. The Office of the State Auditor is seeking a Risk and Compliance Specialist, who will be responsible for maintaining the organization's Information Technology governance, risk, and compliance (GRC) program, which ensures adherence to internal NIST 800-53 compliance standards. This role will ensure adherence to industry standards and corporate security policies by performing and managing security assessments, third-party vendor risk, and overseeing security awareness training.
Requirements
- A bachelor’s degree in computer science or an IT related field from an appropriately accredited institution plus one year of experience in the information technology field related to the position’s role OR An associate degree in computer science or an IT related field from an appropriately accredited institution and two years of experience in the information technology field related to the position’s role OR High school or General Educational Development (GED) diploma and four years of experience in the field of technology related to the position's role OR An equivalent combination of education and experience
Nice To Haves
- Attainment or pursuit of professional certifications such as CISA, CRISC, CISM, CAP/CGRC, or CISSP
- Experience with Microsoft Azure or cloud security and compliance
- Knowledge of privacy regulations (GDPR, CCPA, HIPAA)
- Project management experience or PMP certification
- Experience with Microsoft Purview and/or Defender for Cloud
Responsibilities
- Conduct regular risk assessments, identifying and prioritizing security risks across all business units
- Coordinate penetration testing engagements with external vendors and oversee remediation efforts
- Develop, maintain, update and enforce information security policies, procedures, and standards
- Perform third-party risk assessments and vendor security reviews
- Administer and update the GRC platform, ensuring accurate risk tracking and reporting
- Prepare security reports for external parties and executive management
- Support internal audits and external assessments, including NIST 800-53, NIST CSF or other relevant frameworks
- Provide security awareness training and guidance to employees
Benefits
- Work-Life Balance: 40-hour work week with flexible schedule options and the ability to earn compensatory time off
- Generous paid time off each year
- Competitive pay and affordable health insurance options
- Enrollment in the state's pension plan and options for additional supplemental savings
- An opportunity to work with a team of professionals to make a difference in state government
- If you have student loans, becoming a state employee includes eligibility for the Public Service Loan Forgiveness Program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Job Search Resources
Similar Risk and Compliance Specialist - Information Technology Division job opportunities
Explore More Jobs
