Information Technology Governance, Risk and Compliance Section Manager

TECHNICAL MANAGER VI – INFORMATION TECHNOLOGY GOVERNANCE, RISK AND COMPLIANCE SECTION MANAGER – IPR# 47506/REQ# 40872

 

Agency :  Department of Transportation 
Closing Date/Time: 09/09/2024 
Salary:   $7,076 - $11,692 Monthly  

Anticipated Starting Salary Range:  $7,076 - $8,576 Monthly
Job Type:   Salaried 
County:   Sangamon  
Number of Vacancies:   1  

Plan/BU: NR916 Pro-Tech Teamsters

*This position is covered by the Revolving Door Prohibition policy.

 

This position is a union position; therefore, provisions of the relevant collective bargaining agreement/labor contract apply to the filling of this position.

 

All applicants who want to be considered for this position MUST apply electronically through the illinois.jobs2web.com website. State of Illinois employees should click the link near the top left to apply through the cloud.com/sf/careers/jobsearch?bplte_company=SILHCM20P1" target="_blank">SuccessFactors employee career portal.

Applications submitted via email or any paper manner (mail, fax, hand delivery) will not be considered.

 

Agency Mission Statement

 

The Illinois Department of Transportation is seeking to hire an Information Technology Governance, Risk and Compliance Section Manager.

 

The IDOT team works diligently to provide safe, cost-effective transportation for Illinois in ways that enhance quality of life, promote economic prosperity, and protect our environment. We are problem solvers and leaders, constantly searching for innovations and improvements in support of our commitment to providing the best multimodal transportation system for Illinois.

 

Our team fosters a culture of inclusivity. We value diversity and hold ourselves to the highest ethical standards as we work together for a common purpose. Team members frequently collaborate with colleagues and others outside the department to best meet customer needs. 

 

The department offers extensive training and career advancement opportunities. Employees also receive a robust benefit package including:

• Monday-Friday work schedule
• Flexible work schedules in several program areas (flexible time, hybrid scheduling)
• Health, Life, Vision, and Dental Insurance
• Pension Plan
• (12) Weeks paid Maternity/Paternity Leave
• Deferred Compensation Program and other pre-tax benefit programs (Medical/Daycare)
• Employees earn (12) paid Sick Days annually
• New Employees earn (10) paid Vacation Days their first year of service and can earn up to (25) paid Vacation Days annually
• Employees earn (3) paid Personal Days annually
• (13-14) paid holidays annually (based on start date)
• Tuition Reimbursement
• Employee Assistance Program and/or mental health resources

 

We invite qualified applicants to apply to become part of our team. We are confident that you will take pride in serving Illinois and its residents and visitors.

Job Responsibilities

This position is accountable for managing the Information Technology Governance Risk and Compliance (GRC) Section in the Bureau of Information Processing (BIP) which includes Information Technology (IT) staff responsible for assessing and documenting the department’s governance, risk, and compliance posture as they relate to IT information assets. This is accomplished through directing highly trained IT project, data, and security staff whose goal is to develop and implement department-wide IT initiatives as well as the development of policies, standards, and guidelines. The incumbent is responsible for providing skilled technical information technology-specific risk management and project management expertise. This position is accountable for staying informed of applicable governance, and compliance principles, practices, laws, rules, and regulations, as well as remaining current on best practices and technological advancements.

 

This position reports to the Bureau Chief of Information Processing. Reporting to this position are IT Security and Data Unit Manager, IT Compliance Unit Manager, Enterprise Program Office Manager, GIS Unit Manager, Digital Documentation Services Unit Manager, and Lead Data Warehouse Developers.

This position functions in an environment where the incumbent is responsible for the development and implementation of enterprise governance, risk, and compliance strategies and solutions.  Due to the senior nature of this position, the incumbent must possess extensive leadership and project management experience, the expertise needed to ensure effective system-wide standards and testing, risk assessment, awareness, and education, and the expertise to develop policies, standards, and guidelines. This position provides oversight on IT project activities in support of agency operations including all IT project audit functions. The incumbent is a reference resource and continuously researches best practices and technological advancements.

Typical problems include developing a flexible and comprehensive governance, risk, and compliance framework; aligning processes with agency goals; and defining strategies that bring relevant, insightful data together. Additionally, it is a challenge to prioritize critical tasks and high-impact audit activities to make well-informed risk management decisions and mitigate exposure to incidents that cause risk or loss. The greatest challenge of this position is managing the compounding effects of change and its impact on enterprise architecture by keeping external risk environments, internal business environments, and regulatory environments in sync.

 

 

Job Responsibilities Continued

The incumbent is personally responsible for recommending programmatic and technical direction to the Bureau Chief of Information Processing and is responsible for improving the department’s approach to governance, risk management, and compliance in the context of the agency’s enterprise architecture and alignment with the overall mission.  The incumbent identifies risks and assists with the development of suitable loss control and intervention strategies and ensures risk-related considerations are viewed from an agency-wide perspective. The incumbent ensures the management of Information System-related security risks is consistent across the department. As part of the risk and controls assessments, the incumbent will implement a GRC program that generates and manages risk registers, issue tracking, corrective action plans (CAPs), and key metric reporting for the BIP Bureau Chief/CIO and agency leadership; and facilitates the sharing of security risk-related information among authorizing officials. The incumbent provides oversight to the data classification and system categorization process to ensure that agency risk to mission and business success is considered in decision-making. The incumbent considers all sources of risk, including aggregated risk from individual Information Systems. The incumbent oversees the creation, management, and execution of risk and controls assessments, including but not limited, to state agency compliance assessments, vendor risk assessments and SOC reviews, and application assessments.

 

The incumbent accomplishes accountabilities through the following staff:

 
Information Technology Security and Data Manager who is responsible for organizing, storing, and analyzing the department’s data as professionally and effectively as possible, while also safeguarding the department’s security and confidentiality standards. 

 

Information Technology Compliance Manager who is accountable for directing and coordinating the research and planning of detailed reviews of Information Technology (IT) systems and applications to ensure security and compliance with department, state, and federal regulations.  The incumbent is responsible for creating and implementing IT policies and procedures based on best practices and legal requirements. This position provides support for compliance strategy development in collaboration with IT leadership and internal audits as they pertain to IT projects. 

Enterprise Program Manager who is responsible for ensuring successful execution of IT projects and builds IT program and project management capabilities within the agency.

 

GIS Unit Manager who is responsible for overseeing the creation and maintenance of a geographic information system, which is used to store, manage, analyze, and display all types of data that have a location component. 

Digital Documentation Services Unit Manager who is responsible for the administration of the department’s Forms Management Program, Adobe Experience Management (AEM) content management system, and electronic signatures platforms. 

Lead Data Warehouse Developers who are responsible for the creation, design, development, and implementation of departmental business intelligence (BI) and data warehousing solutions. The incumbent utilizes BI best practices, relational structures, dimensional data modeling, structured query language (SQL) skills, and data warehouse and reporting techniques to support the agency’s business initiatives. 

Job Responsibilities Continued

The incumbent has a great deal of latitude in implementing security controls, risk assessment framework, and programs that align to regulatory requirements, ensuring documented and sustainable compliance that advances the mission of the agency. Limiting factors include frequency of change, limited staff to update processes, and limited workflow and task management.  Highly sensitive issues are referred to the Bureau Chief of Information Processing with resolutions.  

Internal contacts are primarily with departmental management staff and key stakeholders to develop and implement the governance, risk, and compliance posture for the agency. This position promotes collaboration and cooperation with internal and external contacts.  External contacts are with other state agencies and various vendors as needed.  Occasional statewide travel with overnight stays is required. 

The effectiveness of this position can best be measured by the incumbent’s ability to develop a successful GRC program that will define and understand GRC as a process to translate the department’s mission and strategies into effective enterprise-wide oversight and alignment. 

Principal Accountabilities

1.    Develops and implements enterprise governance, risk management and regulatory compliance strategies and solutions.
2.    Ensures effective system-wide standards and testing, risk assessment, awareness, and education.
3.    Develops Governance, Risk and Compliance (GRC) policies, standards, and guidelines.
4.    Recommends programmatic and technical direction to the Bureau Chief of Information Processing.
5.    Improves the department’s approach to governance, risk management and regulatory compliance in the context of the agency’s enterprise architecture and alignment with the overall mission.
6.    Identifies risks and assists with the development of suitable loss control and intervention strategies.
7.    Ensures the management of Information System-related security risks is consistent across the department.
8.    Implements a GRC program that generates and manages risk registers, issue tracking, corrective action plans (CAPs), and key metric reporting for the BIP Bureau Chief and agency leadership.
9.    Provides oversight of IT project activities in support of agency operations.
10.    Provides oversight to the data classification and system categorization process.
11.    Implements security controls, risk assessment framework, and programs that align to regulatory requirements, ensuring documented and sustainable compliance that advances the mission of the department.
12.    Oversees the creation, management, and execution of risk and controls assessments, including but not limited to state agency compliance assessments, vendor risk assessments and SOC reviews, and application assessments.
13.    Performs duties in compliance with departmental safety rules. Performs all duties in a manner conducive to the fair and equitable treatment of all employees.
14.    Performs other duties as assigned.

Position Requirements

•    Education/Experience

• Completion of a bachelor’s degree majoring in computer science, information security, information technology, or information systems management, PLUS four years of experience in the Information Technology arena including information systems management, strategic planning, and risk management, preferably in a government agency or organization, PLUS two years of supervisory experience OR
• Twelve years of experience in the Information Technology arena including information systems management, strategic planning, and risk management preferably in a government agency or organization, PLUS five years of supervisory experience

•    Occasional statewide travel which may include overnight stays
•    Valid driver’s license
•    Successful completion of a background screening

Position Desirables

•    Experience managing governance, risk, and compliance programs in Federal, State, or Local Government organizations.
•    Experience in information security management, governance, and compliance principles, practices, laws, rules, and regulations.
•    Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process.
•    Knowledge of information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
•    Knowledge of Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
•    Ability to evaluate, update and/or revise program materials.
•    Knowledge of incident response management.
•    Knowledge of risk assessment and management methodology.
•    Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Project Management Professional (PMP) certification and/or Information Technology Infrastructure Library (ITIL) certifications.
•    Experience managing and/or executing on internal and external security assessments and audits.

Work Hours:  8:00 am - 4:30 pm Monday-Friday  
Work Location: 2300 S Dirksen Pkwy Springfield, IL 62764-0001 

Office: Office of Finance and Administration/Bureau of Information Processing 
Agency Contact: DOT.CONTACTHR@ILLINOIS.GOV

Posting Group:  Transportation ; Leadership & Management; Legal, Audit & Compliance; Science, Technology, Engineering & Mathematics  

 

Certain provisions of the revolving door restrictions contained in 5 ILCS 430/5-45 apply to this position. As a result, the employee should be aware that if offered non-State employment during State employment or within one year immediately after ending State employment, the employee shall, prior to accepting any such non-State employment offer, notify the Office of the Executive Inspector General for the Agencies of the Illinois Governor (“OEIG”) or may be subject to a fine.

 

APPLICATION INSTRUCTIONS

Use the “Apply” button at the top right or bottom right of this posting to begin the application process.

If you are not already signed in, you will be prompted to do so. 

State employees should sign in to the career portal for State of Illinois employees – a link is available at the top left of the Illinois.jobs2web.com homepage in the blue ribbon. 

Non-State employees should log in on the using the “View Profile” link in the top right of the Illinois.jobs2web.com homepage in the blue ribbon.  If you have never before signed in, you will be prompted to create an account.

If you have questions about how to apply, please see the following resources:

State employees: Log in to the career portal for State employees and review the Internal Candidate Application Job Aid

Non-State employees: on Illinois.jobs2web.com – click “Application Procedures” in the footer of every page of the website.

 

Seasonal and temporary workers should use a personal e-mail address when applying for jobs.

 

The main form of communication will be through email. Please check your “junk mail”, “spam”, or “other” folder for communication(s) regarding any submitted application(s). You may receive emails from the following addresses:

• donotreply@SIL-P1.ns2cloud.com
• systems@SIL-P1.ns2cloud.com