Skip to Main Content

DoIT Cyber Policy and Strategy Planner Manager

Director of Governance, Risk, and Compliance

Recruitment #23-004730-0001


The Office of Security Management within the Department of Information Technology (DoIT) provides State agencies and Local government entities with a common statewide strategy for secure, effective, and technically sound use of information technology resources.

This team is responsible for the establishment of Security Policies, Security Guidance, Security Awareness, and provides assistance to help improve cybersecurity preparedness. ​


STD 0025


Dept. of Information Technology (DoIT)
100 Community Place
Crownsville, MD  21032

Main Purpose of Job

The Director of Governance, Risk, and Compliance will oversee the creation, management, and execution of risk and controls assessments, including but not limited to state agency compliance assessments, vendor risk assessments, and system authorization-to-operate (ATO) assessments.

As part of the risk and controls assessments, the Director of GRC will implement a statewide GRC module and system that generates and manages risk registers, issue tracking, corrective action plans (CAPs), and key metric reporting for DoIT operations and security executives, agency leadership, and the Governor's Office. 

The Director of GRC will ensure the continued development, maintenance, enhancement, and execution of assessments that fully integrate Maryland and DoIT required security standards, NIST control frameworks, and regulatory requirements related compliance with PII, PCI, PHI, CJIS, and other regulated data types.

This is a contractual contract position with limited benefits.


Education: A high school diploma or equivalent.


A minimum 5 years of experience in each of the following areas:

Managing cybersecurity governance, risk and compliance (GRC) programs and large, complex GRC projects with a clear understanding of related tools and processes.

Direct experience with cybersecurity policy development, including writing and managing updates to policies, procedures, and standards documentation.

Experience managing and/or executing on internal and external cybersecurity assessments and audits.

Additional three (3) years required experience:

GRC platform experience for managing assessments, risks, issues, and plan of action and milestone documents (POAMs), including development of GRC processes, workflows, and requirements.

Directly working with or managing Authorization to Operate (ATO) processes and documentation development.

Hands-on experience with governance and risk frameworks including the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and  NIST 800-53 controls.

Excellent communication and demonstrated skills in presenting information effectively to various audiences.

Working with and advising executive-level stakeholders on program status, policy recommendations and strategic roadmaps.

Managing and directing a team of cybersecurity personnel.


Our Preferred Candidate Will Have the Following:

A Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Information Technology Infrastructure Library (ITIL) certification is strongly preferred.

A Project Management Professional (PMP) certification is strongly preferred.

Governance of Enterprise Information Technology (GEIT) or GRC Professional (GRCP) certifications is preferred.

Experience using or developing ServiceNow’s Integrated Risk Management (IRM) Pro platform, which includes Continuous Authorization and Monitoring (CAM).

Working with Project Management software/solutions.

Experience with regulatory and security requirements regarding specific data types including Federal Tax Information (FTI), Personally Identifiable Information (PII), Protected Health Information (PHI), Payment Card Industry (PCI), and Criminal Justice Information Systems (CJIS).

Experience managing cybersecurity governance, risk, and compliance programs in Federal, State, or Local Government organizations.


Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date. Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the eligible (employment) list for at least one year.


The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.


Contractual employees who work for an agency and have a current employment contract of 30 or more hours a week (or on average 130 hours per month) will be eligible for subsidized health benefits coverage for themselves and their dependents. As a contractual employee, you will be responsible for paying 25% of the premiums for your medical and prescription coverage, including any eligible dependents you have enrolled. The State of Maryland will subsidize the remaining 75% of the cost for these benefits. You can also elect to enroll in dental coverage, accidental death and dismemberment insurance, and life insurance, but will be responsible to pay the full premium for these benefits.

Paid leave will accrue at a rate of one hour for every 30 hours worked. 


Online applications are highly recommended. However, if you are unable to apply online, the paper application and supplemental questionnaire may be submitted to: Department of Budget and Management, Recruitment and Examination Division, 301 W. Preston St., Baltimore, MD 21201. Paper application materials must be received in our office by the closing date for the recruitment. No postmarks will be accepted.

For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at or 410-767-4850, MD TTY Relay Service 1-800-735-2258.

We thank our Veterans for their service to our country.

People with disabilities and bilingual candidates are encouraged to apply.

As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.

Powered by JobAps