GOVERNANCE, RISK, & COMPLIANCE LEAD - 72004175

Requisition No: 875717 

Agency: Management Services

Working Title: GOVERNANCE, RISK, & COMPLIANCE LEAD - 72004175

 Pay Plan: SES

Position Number: 72004175 

Salary:  $115,000 - $130,000 

Posting Closing Date: 05/26/2026 

Total Compensation Estimator Tool

Governance, Risk, and Compliance Lead
Florida Digital Service
State of Florida Department of Management Services
This position is located in Tallahassee, FL

This position serves as the State of Florida’s enterprise lead for Governance, Risk, and Compliance (GRC), operating as a cross-functional integrator across cybersecurity, data management, and programmatic oversight domains.
Reporting within the Office of the State Chief Data Officer, this role supports and aligns the priorities of the State Chief Data Officer (CDO), State Chief Information Security Officer (CISO), and Florida Digital Service (FLDS) program oversight functions. The position is responsible for establishing consistent governance, risk, and maturity practices across agencies while driving measurable improvements in enterprise capability.
This is a leadership role, supervising a small, domain-aligned team and integrating their work into cohesive enterprise-level outputs, including maturity models, risk reporting, and executive decision support.

DUTIES & RESPONSIBILITIES 

• Serve as the primary coordination point across CDO, CISO, and FLDS program oversight functions to align governance, risk, and maturity initiatives.
• Supervise and lead a small, cross-functional team of GRC analysts aligned to cybersecurity, data management, and program oversight domains.
• Establish consistent methodologies, templates, and expectations across analysts to ensure standardized outputs and comparability.
• Integrate domain-level work into unified enterprise deliverables, including maturity assessments, dashboards, and the statewide cybersecurity plan.
• Promote coordination and knowledge sharing across domain-aligned analysts to prevent siloed approaches.
• Personally lead synthesis of team outputs into executive-level reporting and enterprise decision support.
• Integrate cybersecurity, data management, and programmatic perspectives into a unified enterprise view.
• Identify and resolve cross-functional gaps, overlaps, and inconsistencies in standards, reporting, and risk interpretation.
• Ensure enterprise GRC practices support statewide strategic priorities across all domains.
• Align metrics, maturity models, and reporting approaches across cybersecurity, data management, and program oversight functions.
• Lead development and delivery of the statewide enterprise cybersecurity plan, consolidating agency strategic and operational cybersecurity plans in accordance with statutory requirements.
• Serve as the authoritative integrator of agency cybersecurity inputs into a statewide enterprise risk perspective.
• Evaluate submissions for completeness, consistency, and alignment to enterprise standards.
• Identify systemic risks, capability gaps, and cross-agency dependencies.
• Provide executive-level reporting on statewide cybersecurity posture, including trends, material risks, and areas requiring leadership attention.
• Establish repeatable processes for collection, validation, and analysis of agency cybersecurity data.
• Design and implement a unified enterprise GRC maturity model spanning cybersecurity, data management, and programmatic oversight domains.
• Establish standardized methodologies for risk assessment, maturity evaluation, and performance measurement.
• Drive measurable improvements in agency maturity through structured assessment cycles, benchmarking, and targeted follow-up.
• Develop enterprise metrics, dashboards, and reporting to support visibility, trend analysis, and decision-making.
• Define and maintain enterprise standards, frameworks, and methodologies aligned with NIST CSF and applicable regulatory requirements.
• Provide independent challenge and guidance to agencies on risk identification, mitigation strategies, and control effectiveness.
• Promote consistency in planning, risk management, and governance practices across agencies.
• Elevate systemic issues and misalignment through established governance channels.
• Operate without direct ownership of agency execution, focusing on alignment, evaluation, and accountability through visibility.
• Lead development and rollout of a statewide data governance framework aligned with DAMA-DMBOK principles.
• Create and maintain practical guidance, templates, and playbooks to support agency adoption.
• Establish and operate a data governance center of excellence to enable agency maturity.
• Support development of enterprise data literacy initiatives to improve data-driven decision-making.
• Drive adoption of consistent data governance practices across agencies.
• Establish standardized approaches for enterprise assessments, including cybersecurity risk and maturity evaluations.
• Coordinate enterprise-level audit activities in partnership with agencies and oversight bodies.
• Ensure findings are integrated into enterprise reporting, maturity models, and improvement planning.
• Maintain visibility into remediation progress and systemic risk themes across agencies.
• Other duties as required.

Knowledge, skills, and abilities, including utilization of equipment, required for the position: 

• Advanced knowledge of enterprise GRC practices across cybersecurity, data management, and program oversight domains 
• Strong understanding of NIST Cybersecurity Framework, risk management methodologies, and compliance requirements 
• Knowledge of data governance principles and DAMA-DMBOK framework 
• Experience designing and implementing maturity models and continuous improvement programs 
• Ability to synthesize complex, multi-domain inputs into clear enterprise-level insights and reporting 
• Strong communication skills, with the ability to influence across executive, technical, and business audiences 
• Ability to operate effectively in an influence-based, cross-agency environment without direct authority 
• Demonstrated ability to lead and integrate work across a small, domain-specialized team 
• Strong analytical and critical thinking skills, particularly in identifying systemic risks and trends

MINIMUM QUALIFICATIONS 

Education: 

• Bachelor’s degree from an accredited institution in information systems, cybersecurity, data management, business administration, public administration, or a related field. Graduate degree preferred.

Highly Preferred Certifications:

• CISM, CISA, CRISC, CGEIT

Preferred Certifications:

• CDMP, CISSP, PMP

On-the-Job Certification/Training Schedule:
Within 12 months maintain or obtain one of the following certifications – CDMP, CISM, CISA, CRISC, CGEIT
Within 24 months obtain and/or maintain certifications relevant to assigned domains (e.g., CISSP, CDMP, PMP, or privacy certifications).
Maintain all required certifications through ongoing continuing professional education (CPE) in alignment with industry and regulatory expectations

Other job-related requirements for this position: 

• Ability to sit for extended periods of time. Ability to stand for extended periods of time. Ability to drive and/or fly long distances. Ability to lift, push and pull up to 30lbs. 
• Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes and the Federal Bureau of Investigation’s CJIS Security Policy CJISD-ITS-DOC-08140.

Our Organization and Mission:

Under the direction of Governor Ron DeSantis, Interim Secretary Tom Berger and DMS’ Executive Leadership Team, the Florida Department of Management Services (DMS) is a customer-oriented agency with a broad portfolio that includes the efficient use and management of real estate, procurement, human resources, group insurance, retirement, telecommunications, fleet, and federal property assistance programs used throughout Florida’s state government. It is against this backdrop that DMS strives to demonstrate its motto, “We serve those who serve Florida.”

Special Notes:

DMS is committed to successfully recruiting and onboarding talented and skilled individuals into its workforce. We recognize the extensive training, experience and transferrable skills that veterans and individuals with disabilities bring to the workforce. Veterans and individuals with disabilities are encouraged to contact our recruiter for guidance and answers to questions through the following provided email addresses:
DMS.Ability@dms.myflorida.com
DMS.Veterans@dms.myflorida.com
An individual with a disability is qualified if he or she satisfies the skills, experience, and other job related requirements for a position and can perform the essential functions of the position with or without reasonable accommodation. Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must contact the DMS Human Resources (HR) Office at (850) 488-2707. DMS requests applicants notify HR in advance to allow sufficient time to provide the accommodation.
Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes and the Federal Bureau of Investigation’s CJIS Security Policy CJISD-ITS-DOC-08140.
Pursuant to F.S. 215.422 every officer or employee who is responsible for the approval or processing of vendors’ invoices or distribution of warrants to vendors are mandated to process, resolve and comply as section 215.422 requires
 

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.

The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.