SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST Series

The Maryland State Retirement and Pension System (MSRPS) administers benefits for over 397000 members including active employees retirees and vested participants across 12 retirement systemssupporting the financial security of Marylands public servants.

Located in Baltimores Central Business District MSRPS offers a purpose-driven workplace with modern amenities including panoramic city and harbor views renovated common areas upgraded elevators and an on-site café.

Employees enjoy comprehensive state benefits including; medical dental prescription coverage generous paid leave participation in the state pension system and supplemental retirement savings options (401(k) 457(b) and more). Additional perks include an on-site fitness center with showers and lockers 24/7 building security and easy access to restaurants shops free public transit and major highways.

If you are a qualified technology professional heres what MSRPS has to offer:

• Professional development
• Work with advanced & leading cybersecurity technologies
• Work in an organization that fosters teamwork and cooperation

This classification is eligible for a Hybrid work schedule.

SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST I: Grade18

SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST II: Grade19

Salary offered will be based on the candidates educationand experience

120 East Baltimore Street

Baltimore Maryland 21202

The main purpose of theposition is the responsibility for the coordination and workflow management ofcybersecurity compliance initiatives in the IS Cybersecurity Division to includecoordinating tasks for ongoing audits cybersecurity policy development andlifecycle management co-administering the GRC (Governance Risk &Compliance) platform administer and manage SRAs security awareness trainingprogram. Knowledge of and competence in applying cybersecurity standards (Stateof MD/NIST/CSF etc.) and their control integrations within SRA to achieve ahigh compliance maturity level within the Cybersecurity program.

This position will be responsible and perform at either theintermediate (Level I) or full (Level II) performance level for:

• Administer the GRC platform; populate the controls library with fresh content/artifacts monitor/integrate data imports from connectors onboard new audits (internal & external) build custom profiles run cybersecurity risk reports/heat maps update the risk register monitor Jira GRC task flows (40%)
• Administer & manage the security awareness training platform; setup new training & phishing campaigns monitor & notify users in policy non-compliance run risk/training completion reports. (20%)
• Onboard new cybersecurity audit campaigns (internal & external); ingest audit requirements into the GRC platform assemble/update artifact repositories build workspaces for auditors to review RDL items (20%)
• Maintain the cybersecurity policy and document repository perform policy lifecycle tasks (update/create/deprecate material and manage authorization processes) design data maps & process workflow diagrams & document cybersecurity procedures. (10%)
• Research & stays abreast of changes in cybersecurity standards (such as NIST CSF and State of MD/DoIT) and assists in efforts to maintain standards compliance manages the Capability Maturity Model Integration (CMMI) cybersecurity program to maintain a minimum Level III maturity. (10%)

Education:Graduation from an accredited high school or possession of a high schoolequivalency certificate.

SRPS CYBERSECURITY DEFENSE COMPLIANCESPECIALIST I

Experience: Two years ofexperience in the data security compliance discipline working knowledge ofGovernance Risk and Compliance (GRC) platforms security audit management andprocedures compiling reports and analytics from completed security audits andrisk assessments (internal and external sources) and administering securityawareness training services/products.

SRPS CYBERSECURITY DEFENSE COMPLIANCESPECIALIST II

Experience:Three years of experience in the data security compliance discipline workingknowledge of Governance Risk and Compliance (GRC) platforms security auditmanagement and procedures compiling reports and analytics from completedsecurity audits and risk assessments (internal and external sources) andadministering security awareness training services/products.

Notes:

may substitute the possession of a Bachelors degree in computerscience cybersecurity information technology software engineeringinformation systems computer engineering or related field from an accreditedcollege or university for two years of the required experience.

may substitute an Associates degree in computer sciencecybersecurity information technology software engineering informationsystems computer engineering or related field from an accredited college oruniversity for one year of the experience.

may substitute a graduate level degree in computer sciencecybersecurity information technology software engineering informationsystems computer engineering or related field from an accredited college oruniversity for the required experience.

Please note that your answers to the supplementalquestionnaire must correspond to the information provided on your applicationto receive credit

Preferredcandidates will possess the following qualifications:

A bachelors degree in Cybersecurity Management and PolicyCybersecurity Technology Cybersecurity and Information Assurance NetworkEngineering and Security or similar field of study.

Prior experience conducting and managing IS network and/or cybersecurityaudits or cybersecurity information assurance assessment.

Prior experienceand working knowledge of Governance Risk & Compliance (GRC) platforms(i.e. Drata Logic Manager ProofPoint StandardFusion Workiva etc.)

Prior experience administering and managing cybersecurity and/or securityawareness training platforms and services.

Employees in this classification may be subject to call-in 24 hours a day and be required to work evenings weekends and holidays when systems are down or to work on systems that need to be repaired or replaced during non-business hours and therefore may be required to provide the employing agency with a telephone number where the employee can be reached. Employees may be furnished with a pager or cell phone.

Applicants for this classification may handle sensitive data. This will require a full scope background investigation prior to appointment. A criminal conviction may be grounds for rejection of the applicant.

Employees may occasionally be required to travel to the main office during off hours or field locations and must have access to an automobile in the event a state vehicle cannot be provided. Standard mileage allowance will be paid for use of a privately owned vehicle.

The work may require moving computers printers and other IT related equipment weighing up to 80 pounds.

Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing will not consider information submitted after this candidates will be ranked as Best Qualified Better Qualified or Qualified and placed on theeligible (employment) list for at least one year.

Due to the confidential nature of the work selected candidates must undergo and pass a background check.

For education obtained outside the U.S. a copy of the equivalent American education as determined by a foreign credential evaluation service must be provided prior to hire.

STATE OF MARYLAND BENEFITS

As an employee of the State of Maryland you will have access to outstanding benefits including: health insurance dental and vision plans offered at a low cost.

• Personal Leave - new State employees are awarded six (6) personnel days annually (prorated based on start date).
• Annual Leave - ten (10) days of accumulated annual leave per year.
• Sick Leave - fifteen (15) days of accumulated sick leave per year.
• Parental Leave - up to sixty (60) days of paid parental leave upon the birth or adoption of a child.
• Holidays - State employees also celebrate at least thirteen (13) holidays per year.
• Pension - State employees earn credit towards a retirement pension.