Share this Job


Date:  Nov 3, 2022


The State Personnel System is an E-Verify employer. For more information click on our E-Verify Website.

Requisition No: 741281 

Agency: Management Services

Working Title: GOVERNANCE AND RISK MANAGER - 72004175

Position Number: 72004175 

Salary:  $90,000 - $114,500 

Posting Closing Date: 12/18/2022 

Governance and Risk Manager

Florida Digital Service

State of Florida Department of Management Services

This position is located in Tallahassee, FL


The Florida Digital Service (FL[DS]) was established to propose innovative solutions that securely modernize state government, including technology and information services, to achieve value through digital transformation and interoperability, and to fully support the state’s cloud-first policy. It is also the lead entity responsible for enterprise cybersecurity.


Responsible for architecting and deploying Florida’s first ever enterprise cybersecurity program, the FL[DS] is aggressively recruiting a team to lead our state’s efforts. Florida has made historic financial investments into the creation of statewide cybersecurity capabilities and continues to demonstrate support for the mission. Florida’s Chief Information Security Officer (CISO) is a critical part of the FL[DS] executive leadership team and is empowered to lead this team through continued successes. The opportunity to build statewide cybersecurity operations is a once in a lifetime opportunity and will be focused first and foremost on attracting and supporting the right people for this mission.


Position Overview and Responsibilities:

Reporting to the Deputy CISO (Strategy, Training, Analysis, and Risk), the Governance & Risk Manager is a key role, leading governance, risk, and compliance (GRC) activities across the State of Florida Enterprise. The overarching goal of the Governance & Risk Manager is to improve the enterprise security posture of the state enterprise, state agencies, and the whole of the state (local governments) based on security frameworks, such as NIST CSF.

  • Serve as the senior GRC and risk management leader for the state of Florida.
  • Lead team responsible for the achievement of security reviews and tracking organizational compliance with regulatory standards and information security policy leveraging GRC software solutions.
  • Lead team responsible for security governance activities and track compliance and remediation activities of risk-based security assessments for technologies, systems, processes, and other components of the IT and business environments.
  • Lead in the review and update of security policies, procedures, guidelines, and standards.
  • Lead in projects related to information security regulatory and policy compliance, and security training.
  • Collaborates with team members, enterprise agencies and other stakeholders to achieve documentation workflows and requirements for compliance, assisting with third-party Business Associate Agreements and external party risk assessments, security-related exceptions, and data gathering for various internal and external audits.
  • Provides security compliance expertise for entire compliance and monitoring activities. This includes, but is not limited to, facilitating the following functions: CJIS, HIPAA, FERPA, and related Security regulatory requirements understanding and interpretation, compliance monitoring, risk assessments, audit design and process workflows, remediation tracking,
  • Request for Proposal development, vendor evaluation and selection, and contract negotiation and development.
  • Ensures information security and regulatory compliance, risk analysis, audit and project tracking, and audit facilitation and management.
  • Responsible for working with internal and external operational partners in developing and planning audit reviews and monitoring project timelines.
  • Conduct internal self-audit efforts of IT asset compliance including crucial software licenses to document non-compliance with contract's terms and conditions.
  • Provide data analysis, manipulation and BI reporting using data toolsets such as Excel.
  • Works with Senior team members to ensure compliance with FLDS and NIST Security Standards and effect remediation efforts and assist in balancing compliance efforts with given resources.
  • Works to ensure appropriate assignment of compliance resources to each audit and has overall responsibility for completion of the compliance monitoring activity and/or audit. conducts and manages the audit within established time and budget parameters.
  • Maintains a solid grasp of Federal, State, regulatory agency standards/guidelines as it relates to security (CJIS, HIPAA, FERPA, ISO17799/27002), providing policy mentorship and assistance for the enterprise.
  • Coordinates approvals and annual review of security exceptions and technical security review assignments.
  • Integrates vulnerability findings into the risk management program.
  • Assist in the development and delivery of user training, security awareness programs and security documentation such as policies, standards, and operating procedures.
  • Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
  • Assist in the development of security policies, reports, and analysis, as needed.


Knowledge, Skills, and Abilities:

  • Senior level communications and execution, with an ability to bridge across varying levels of leadership and technical audiences.
  • Demonstrated experience and leadership running risk management and GRC functions at a large private, public, government, or defense organization.
  • Requires compliance, audit or risk management experience, using standard methodologies, such as NIST, ITIL, HIPAA, PCI-DSS, ISO 27000 series principles.
  • Demonstrated experience in security auditing or compliance management, systems analysis, and vendor/customer interactions.
  • Ability to troubleshoot and solve complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
  • Ability to review security assessments with stakeholders and develop recommendations for improvements.
  • Ability to multi-task with a calm demeanor and work under pressure in a fast-paced environment.
  • Attention to detail and excellent problem-solving skills.
  • Ability to lead a team of GRC and risk analysts, both directly assigned and matrixed.


Minimum Qualifications:

  • Undergraduate degree in a technical field. Graduate degree preferred.
  • Working knowledge of governance, risk, and compliance management software and processes.
  • Previous experience with CJIS controls, readiness, and compliance.
  • Previous experience with NIST CSF and NIST 800.53.
  • Experience interpreting, writing, and assessing rules and frameworks.
  • Ability to lead conversations and working groups.
  • Ability to sit for extended periods of time. Ability to stand for extended periods of time.
  • Ability to drive and/or fly for long distances. Ability to lift, push and pull up to 30lbs.


Preferred Qualifications:

  • Highly preferred certifications: CISA, GSEC, CISSP-ISSEP, CRISC, CGEIT
  • Preferred certifications: Security+, CISSP, CISM, SSCP


Our Organization and Mission:

The Florida Department of Management Services (DMS) is a customer-oriented agency responsible for managing various business-related functions throughout state government. Under the direction of Governor Ron DeSantis and DMS’ Executive Leadership Team, the agency oversees the real estate, procurement, human resources, group insurance, retirement, telecommunications, private prisons, and fleet and federal property assistance programs utilized throughout Florida’s state government. DMS is relied upon to establish, maintain and improve the business processes used by state employees to create a better, not bigger government.  DMS facilitates the delivery of these programs and services and provides tools and training to bolster the efficiency and effectiveness of the state’s workforce. It is against this backdrop that DMS strives to demonstrate its motto, “We serve those who serve Florida.” Under the leadership of DMS Secretary Pedro Allende, DMS’ employees embody four pillars on a daily basis: establishing a process-oriented mindset; challenging the status quo; creating efficiencies; and respecting state employees.


Special Notes:
DMS is committed to successfully recruiting and onboarding talented and skilled individuals into its workforce. We recognize the extensive training, experience and transferrable skills that veterans and individuals with disabilities bring to the workforce.  Veterans and individuals with disabilities are encouraged to contact our recruiter for guidance and answers to questions through the following provided email addresses:
An individual with a disability is qualified if he or she satisfies the skills, experience, and other job related requirements for a position and can perform the essential functions of the position with or without reasonable accommodation. Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must contact the DMS Human Resources (HR) Office at (850) 488-2707. DMS requests applicants notify HR in advance to allow sufficient time to provide the accommodation.
Successful completion of background screening will be required for this position.

Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes, and the Federal Bureau of Investigation’s CJIS Security Policy CJISD-ITS-DOC-08140-4.5

Pursuant to F.S. 215.422 every officer or employee who is responsible for the approval or processing of vendors’ invoices or distribution of warrants to vendors are mandated to process, resolve, and comply as section 215.422 requires.



The State of Florida is an Equal Opportunity Employer/Affirmative Action Employer, and does not tolerate discrimination or violence in the workplace.

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.

The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.

Nearest Major Market: Tallahassee