Job Summary:

Under supervision, installs, configures, and supports a local area network, wide area network, internet system, computers, desktops and/or mobile devices. Performs necessary maintenance to support network availability.

Primary Duties & Responsibilities:

· Establish and maintain the Enterprise IT Risk Register. Identify, categorize, and track operational and technical risks, providing leadership with a clear "threat map" of the environment.

· Lead the mapping of IT controls against state-mandated frameworks (e.g., NIST CSF). Perform gap analyses and recommend specific technical or process remediations.

· Draft, maintain, and audit the agency's IT policies. Ensure that infrastructure "Standard Operating Procedures" (SOPs) are documented and followed by engineering teams.

· Provide regular, clear updates on the progress of infrastructure builds, risks and dependencies.

· Improve inter-departmental communication to reduce misalignment on environment requirements.

· Conduct security and compliance reviews for all outside vendors and cloud service providers to ensure taxpayer data is never exposed to unvetted third-party risk.

· Act as the primary liaison for state auditors. Manage the "Library of Evidence," ensuring that Change Control logs, access reviews, and patching reports are ready for inspection at any time.

· Oversee the periodic review of user privileges for mission-critical systems, ensuring that access is strictly limited based on the "Principle of Least Privilege."

Entry Qualifications:

High school diploma/GED and two (2) years of related experience.

Agency Specific Qualifications:

· Demonstrated understanding of NIST SP 800-53, and comparable state-level security regulations.

· Demonstrated ability to discuss complex infrastructure concepts (CMDB, Cloud, Virtualization) with engineers while translating them into "Risk Language" for leadership.

· Demonstrated professional courage to identify and report risks, even when they conflict with operational deadlines.

· Demonstrated experience in technology assessment.

· Demonstrated proven ability to translate complex, multi-tier physical infrastructure into logical risks and procedures.

· Demonstrated experience independently managing multiple assignments.

· Demonstrated strong customer service orientation, anticipating and meeting the needs of clients in a time sensitive environment.

· Demonstrated strong ability to communicate process requirements to senior engineering teams and leadership, with a firm commitment to enforcing governance standards.

· Demonstrated commitment to fiscal stewardship and mission resilience, recognizing that infrastructure stability is essential to serving the citizens of the state.

· Demonstrated excellent oral and written communication skills.

Agency Preferred Qualifications:

• 3–5 years of experience IT Audit, Compliance, or Information Security. Working experience with GRC platforms for centralized management of governance, risks and compliance activities
• Strong familiarity of NIST SP 800-53 framework and comparable state-level security regulations.
• Exceptional organizational and communication skills.
• Comfortable working with many teams in a fast-moving and occasionally ambiguous environment.
• CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control) is highly preferred. (preferred)

GDOT IS AN EQUAL OPPORTUNITY EMPLOYER

(5/27/26)