GRC PROJECT MANAGER (DoIT Technology Platform Manager II)

Introduction

The State of Maryland manages various security, privacy, and compliance requirements across\r\nits agencies and platforms. The GRC directorate requires a dedicated project manager to oversee\r\nthe strategic development and management of Maryland’s cybersecurity and privacy policy suite,\r\nState’s cybersecurity and privacy risk management program, and the AI Governance program.\r\n\r\n\r\n***This is a contractual position with limited benefits.***\r\n

GRADE

STD 0023\r\n

LOCATION OF POSITION

Department of Information Technology\r\n100 Community Place�\r\nCrownsville, MD 21038\r\n

POSITION DUTIES

The GRC Project Manager (PM) position will be responsible for managing and overseeing the implementation of comprehensive programs within the GRC directorate (cybersecurity and privacy policy suite, risk management, AI governance, IT Policy).\r\n\r\n\r\nThe incumbent will align to OSM’s Enterprise Agile project management methodologies. The PM will perform day-to-day management of the programs and projects reporting under the GRC Directorate, ensure the programs and projects are progressing successfully, identify and manage issues and risks, and recommend and implement approved mitigation strategies associated with the programs under the purview of the GRC Directorate. The PM shall have excellent communication skills, be organized and detail-oriented, able to work independently and with teams, and manage multiple projects simultaneously.�\r\n\r\n\r\nThe PM duties/responsibilities below serve the GRC Directorate (including, but not limited to the following):\r\n● Reporting and Governance: Provide weekly scope, budget, and schedule status updates on the accomplishments, milestones, tasks, roadblocks, issues, and risks related to the Cybersecurity and Privacy Program.�\r\n● Program Leadership: Lead cross-functional teams and technical resources to prioritize the delivery of high-quality programs under the GRC directorate that meet business needs and mandated requirements.�\r\n● Planning and Artifacts: Oversee the development and approval of program plans, focusing on the security and privacy roadmap areas. Develop and update project charters, business objectives, scope statements, success criteria, and other project artifacts as required for GRC initiatives related Cybersecurity and Privacy Policy Suite, Risk Management, AI Governance, and IT Policy programs.�\r\n● Alignment and Scope: Ensure alignment between State CISO priority initiatives and the GRC directorate’s strategic direction. Manage program scope to align work efforts to GRC directorate’s goals and objectives.�\r\n● Development and Management: Manage work activities to ensure conformity to the program scope, timelines, and budgets, utilizing Azure DevOps (ADO) or another State CISO assigned program/project management tool. Develop and manage budgets and resourcing plans for the programs, and track performance against these plans. ● Metrics and Quality: Develop performance and quality measures and metrics for program management activities, track, periodically analyze and report on measures, including key risk indicators (KRIs) and key performance indicators (KPIs).�\r\n● Program Implementation: Develop transition activities and roll-out schedules for new security and privacy controls or compliance frameworks. Ensure work and deliverables, as defined in issued work orders and project plans, are completed and meet legal, regulatory, and policy mandates.�\r\n● Stakeholder Management: Motivate the program teams and forge consensus around program goals and objectives. Promote a customer service relationship among peers. Develop and implement communication strategies to improve transparency and promote awareness of program areas and issues to stakeholders and agency partners.�\r\n● Change Control: Integrate change management and change control practices into the program as required, especially concerning changes to GRC processes or security controls.�\r\n● Documentation: Maintain an organized repository for project documentation, including any presentations, plans, reports and relevant correspondence.\r\n

MINIMUM QUALIFICATIONS

Education: A Bachelor’s degree from an accredited college or university in Information\r\nTechnology, Cybersecurity, Public Policy, Business Administration, or a related field.\r\n\r\n\r\nExperience: Three years of experience performing project management work in an IT Security, Risk Management, or Compliance GRC environment.\r\n

DESIRED OR PREFERRED QUALIFICATIONS

-Technical Proficiency: Proven experience using Agile methodologies and project management\r\ntools (e.g., Azure DevOps, Jira, or similar) to track scope, budget, and schedules.\r\n\r\n\r\n-Soft Skills: Demonstrated ability to lead cross-functional teams and communicate complex\r\nsecurity or regulatory requirements to non-technical stakeholders.�\r\n\r\n\r\n-Professional Certification: Possession of a Project Management Professional (PMP)\r\ncertification, or a GRC-related certification such as Certified Information Systems Auditor\r\n(CISA) or Certified in Risk and Information Systems Control (CRISC).�\r\n\r\n\r\n-Emerging Tech Exposure: One year of working experience/understanding of Cybersecurity and\r\nAI Governance/Ethics frameworks, as it would relate to this position’s responsibility over the\r\nState’s AI Governance projects.\r\n

SELECTION PROCESS

Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date.�We will not consider information submitted after this date.�Successful candidates will be placed on the�eligible (employment) list for at least one year.\r\n

EXAMINATION PROCESS

The evaluation may consist of a rating of your education, training, and experience related to the requirements of the position.�It is important that you provide complete and accurate information on your application.�Please report all experience and education that is related to this position.\r\n

BENEFITS

Contractual employees who work for an agency and have a current employment contract of 30 or more hours a week (or on average 130 hours per month) will be eligible for subsidized health benefits coverage for themselves and their dependents. View rates on the Department of Budget & Management website, State Employees, Health Benefits, Contractual/Variable rates.\r\n\r\n\r\nLeave�\r\nPaid leave will accrue at a rate of one hour for every 30 hours worked. \r\n\r\n\r\n\r\n

FURTHER INSTRUCTIONS

Online applications are highly recommended. However, if you are unable to apply online,�the paper application and supplemental questionnaire may be submitted to:�Department of Budget and Management, Recruitment and�Examination Division, 301 W. Preston St., Baltimore, MD 21201.�Paper application materials must be received in our office�by the�closing date for the recruitment. No postmarks will be accepted.\r\nFor questions regarding this recruitment, please contact the�DBM Recruitment and�Examination Division at Application.Help@maryland.gov�or 410-767-4850,�MD TTY Relay Service 1-800-735-2258.\r\nWe thank our Veterans for their service to our country.\r\nPeople with disabilities and bilingual candidates are encouraged to apply.\r\nAs an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.\r\n