Enterprise Risk Management & Assessment Specialist
Enterprise Risk Management & Assessment Specialist
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 84353 - 126529
1 Vacancy
Job Description
Description of Work
- Discover why NCDIT is the ideal destination for your professional growth - Why Work for NCDIT.This position may be eligible for hybrid remote work in accordance with state policy and the agencys remote work program but does require weekly onsite work.The position is designated Statutory Exempt and is exempt from the State Human Resources Act.
Join the Front Lines of Cybersecurity at NCDIT!
Do you thrive at the intersection of cybersecurity compliance and strategic risk management NCDIT is seeking a dynamic Enterprise Risk Management & Assessment Specialist to help safeguard the digital infrastructure powering North Carolinas public services. Youll influence cybersecurity decision-making at scale and collaborate with leaders shaping the states digital future.
In This Role You Will:
Lead enterprise-wide risk assessments aligning with frameworks like NIST 800-53 CIS Controls and ISO 27005
Evaluate and recommend remediation for cyber risksincluding third-party cloud (AWS Azure GCP) and on-premise security concerns
Translate technical findings into actionable insights and executive-level dashboards that drive enterprise decisions
Ensure compliance with regulations such as HIPAA FISMA PCI-DSS and North Carolinas statewide security standards
Advise leadership vendors and partner agencies on emerging risks threat trends and risk posture improvements
Why Join NCDIT
Were leading digital transformation across the State of North Carolina. Our work mattersto every citizen agency and business we serve. Join us and make an impact while growing your cybersecurity career with access to modern tools skilled mentors and a clear mission. Apply today and help secure the systems that power North Carolina.About the Division
The state Chief Information Officer (SCIO) is responsible for securing North Carolinas information assets including data and the supporting infrastructure. The NC Department of Information Technologys (NCDIT) Enterprise Security and Risk Management Office (ESRMO) supports the state CIO by providing leadership in the development delivery and maintenance of a cybersecurity program that safeguards the North Carolinas information and supporting infrastructure against unauthorized use disclosure modification damage or loss. This comprehensive statewide cybersecurity program encompasses: Information security implementation monitoring threat and vulnerability management cyber incident management and enterprise business continuity management. ESRMO works with executive branch agencies to help them comply with requirements that include: legal and regulatory requirements statewide technical architecture and industry best practices. It also works with state agencies federal and local governments citizens and private-sector businesses to help manage risk to support secure and sustainable information technology services to meet the needs of North Carolinas citizens.
About the Organization
The N.C. Department of Information Technology (NCDIT) serves as the Technology Center for the State of NC. Services that NCDIT provides reach a client base of state and local government agencies as well as schools colleges and universities. NCDITs mission is to enable trusted business-driven solutions that meet the needs of North Carolinians. NCDIT provides technology services to state agencies and is charged with closing the digital divide by expanding availability of broadband services and promoting the adoption of affordable high-speed internet.As NCDITs services reach North Carolina residents from all backgrounds we believe that our workforce should reflect the demographics of the state. The workforce is our most valuable asset to recognize understand and meet the IT needs of our constituents across North Carolina. Our agencys culture is derived through the implementation of thoughtful practical innovative and data-driven strategies. We are an Employment First state ensuring that people with disabilities have equal opportunities to succeed in the state government workplace (Executive Order 92). NCDIT supports recent executive orders to address pay equity for women (Executive Order 93) establish paid parental leave for birth adoption and foster care (Executive Order 95) and implement fair chance policies (Executive Order 158). NCDIT also has several initiatives designed to help past and current military personnel and their spouses find rewarding careers with us. Join a team that welcomes values respects and supports all members of our work community.
If you have student loans becoming a state employee includes eligibility for the Public Service Loan Forgiveness Program. Visit to learn more. Knowledge Skills and Abilities / Competencies
Resumes/CVs are intended to be used as a complement to an application. Generally resumes/CVs are lacking the detail and breadth of an applicants full education and work history so applicants should complete the application with more detail than what their resume contains to show that they meet both the Education Requirements and ALL Knowledge Skills and Abilities (KSAs) listed below in order to qualify. Click these links for additional information:Introduction to the Job ApplicationandAddressing Knowledge Skills and Abilities. (Note: These links refer to Dept. of Public Safety process; this process is the same for Dept. of Information Technology.)
To qualify for this position applicants must document on the application that they possess ALL of the following:
Experience conducting cybersecurity risk assessments and/or evaluating security controls using recognized enterprise risk frameworks (e.g. NIST ISO CIS)
Demonstrated experience securing cloud environments (e.g. AWS Azure or GCP)
Experience transforming risk data into strategic insights that inform business decisions and/or risk posture
Demonstrated experience supporting audits regulatory compliance efforts/programs and/or cross-functional cybersecurity initiatives
This position requires a fingerprint-based background search. Hires must agree to a fingerprint-based background search prior to being hired.
Minimum Education and Experience Requirements
Some state job postings say you can qualify by an equivalent combination of education and experience. If that language appears below then you may qualify through EITHER years of education OR years of directly related experience OR a combination of both. See theEducation and Experience Equivalency Guidefor details.
Bachelors degree in computer science or a related IT field or closely related field from an appropriately accredited institution and two years of progressive experience in IT Security or closely related area
OR
Associate degree in computer science or a related IT field or closely related field from an appropriately accredited institution and three years of progressive experience in IT security or closely related area; or an equivalent combination of education and experience.Supplemental and Contact Information
The North Carolina Department of Information Technology (DIT) is an Equal Opportunity Employer who embraces an Employment First philosophy which consists of complying with all federal laws state laws and Executive Orders.
- The Department of Information Technology will not accept See Resume or inserted text resumes in lieu of all work experience and education completed on the application.
- Employment at NCDIT is contingent upon a satisfactory background check.
- Applicants seeking Veterans Preference must attach a DD form 214 Certificate of Release or Discharge from Active Duty along with your application.
- Applicants seeking National Guard Preference must attach a NGB 23A (RPAS) if you are a current member of the NC National Guard in good standing. If you are a former member of the NC National Guard who served for at least 6 years and was discharged under honorable conditions you must attach either a DD256 or NGB 22.
- Applicants applying for positions that require specific coursework must upload and attach a copy of the transcript with their application.
- Applicants with relevant professional certifications to the posted job must attach proof of active certification along with the information in the Certificates and Licenses section.
- If applicants earned college credit hours but did not complete a degree program they must attach an official transcript to each application to receive credit for this education.
- If applicants earned a foreign degree foreign degrees require an official evaluation for U.S. equivalency and must be submitted to Human Resources for verification. There are several organizations that perform this specialized service feel free to use any service of your choosing. The National Association of Credential Evaluation Services (NACES) has several options on their website that can provide credential verification:
HYBRID/FLEXIBLE WORK SCHEDULES:
At NCDIT we are dedicated to fostering a collaborative and flexible work environment offering a hybrid remote work option for positions that are conducive to remote flexibility. If you do not currently reside within a reasonable commuting distance of the assigned duty station new hires are granted up to 120 days from their start date to relocate. This relocation ensures the ability to work onsite multiple days per week. If youre eager to contribute to a dynamic workplace we encourage you to apply!
COMPENSATION & BENEFITS:
The state of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options standard and supplemental retirement plans and the NCFlex program (numerous high-quality low-cost benefits on a pre-tax basis). Employees also receive paid vacation sick and community service leave. In addition paid parental leave is available to eligible employees.
Some highlights include:
- The best funded pension plan/retirement system in the nation according to Moodys Investors Service
- Twelve (12) holidays/year
- Fourteen (14) vacation days/year which increase as length of service increases and accumulate year-to-year
- Twelve (12) sick days/year which are cumulative indefinitely
- Longevity pay lump sum payout yearly based on length of service
- 401K 457 and 403(b) plans
Learn more about employee perks/benefits:
To apply for this position please click the Apply link above (on the Government Jobs website) or visit to complete an on-line application.
Due to the volume of applications received we are unable to provide information regarding the status of your application over the phone. To check the status of your application please log in to your account and click Application Status. If you are selected for an interview you will be contacted by management. If you are no longer under consideration you will receive an email notification. If there are any questions about this posting other than your application status please contact:
NCDIT Human Resources
Shaun Osborne
For technical issues with your application please call the Applicant Support Help Line at .
Required Experience:
Unclear Seniority
Employment Type
Full-Time
