IT Compliance Specialist

Job Posting Title

IT Compliance Specialist

Agency

695 OKLAHOMA TAX COMMISSION

Supervisory Organization

Administration

Job Posting End Date (Continuous if Blank)

Note: Applications will be accepted until 11:59 PM on the day prior to the posting end date above.

Estimated Appointment End Date (Continuous if Blank)

Full/Part-Time

Full time

Job Type

Regular

Compensation

Job Description

IT Compliance Specialist

Salary- $70,000.00

Why you’ll love it here!

TRANSPARENCY. FAIRNESS. COMPLIANCE. The Oklahoma Tax Commission is committed to leading Oklahoma with unparalleled customer service. Our mission is to promote tax compliance through serving taxpayers with transparency and fairness in administration of the tax code and unparalleled customer service. Check out our About Us page to learn why we are passionate about tax compliance and believe it is the career for you!

There are perks to working for the OTC. We know that benefits matter, and that is why we offer a competitive benefits package for all eligible employees:

• Generous state-paid benefit allowance to help cover insurance premiums.
• A wide choice of insurance plans with no pre-existing condition exclusions or limitations.
• Flexible spending accounts for health care expenses and/or dependent care.
• A Retirement Savings Plan with a generous match.
• 15 days of paid vacation and 15 days of sick leave for full-time employees the first year.
• 11 paid holidays a year.
• Paid Maternity leave for eligible employees.
• Employee discounts with a variety of companies and venders.
• A Longevity Bonus for years of service

JOB SUMMARY

The IT Compliance Specialist is responsible for ensuring that our agency’s IT systems and processes comply with relevant laws, regulations, and industry standards. This role involves monitoring, assessing, and auditing IT practices to ensure compliance with regulatory requirements such as data protection laws, cybersecurity standards, and industry-specific frameworks. The IT Compliance Specialist will also provide guidance to IT teams, assist with audits, and manage risk assessments to maintain a compliant and secure technology environment.

DUTIES AND RESPONSIBILITIES

• Ensure the agency’s IT practices comply with relevant regulations, including NIST 800-53, NIST CSF, IRS Publication 1075, and others specific to the industry.
• Monitor and interpret regulatory changes and provide recommendations for necessary updates to IT policies and procedures.

• Conduct regular internal audits to assess compliance with IT-related regulations and company policies.
• Evaluate IT processes, controls, and systems for potential risks and areas of non-compliance.
• Assist with external audits by providing necessary documentation and addressing findings.

• Develop, implement, and maintain IT compliance policies, procedures, and best practices.
• Ensure that policies align with both internal security standards and external regulatory requirements.

• Identify, assess, and document IT risks related to compliance and cybersecurity.
• Work closely with IT and cybersecurity teams to implement risk mitigation strategies and corrective actions.

• Provide training and awareness programs for employees on IT compliance and security best practices.
• Promote a culture of compliance throughout the agency.

• Respond to compliance-related incidents and breaches, ensuring timely reporting and resolution.
• Work with the legal and security teams to investigate and remediate any IT compliance violations.

• Maintain accurate records of compliance activities, audits, and assessments.
• Generate regular reports for senior management detailing compliance status, risks, and remediation efforts.

COMPLEXITY OF KNOWLEDGE, SKILLS, AND ABILITIES

• Knowledge of           

• IRS Publication 1075 requirements for safeguarding federal tax information (FTI).
• NIST Special Publication 800-53, including implementation of security controls, risk management frameworks (RMF), and security and privacy guidelines.
• FedRAMP, and other data protection and governance requirements.
• IT system architecture, encryption methodologies, network security, and identity and access management (IAM) practices required by IRS and NIST standards.
• GRC (Governance, Risk, and Compliance) platforms to track and document compliance activities.

• Ability to
  • Interpret and effectively apply the provisions of IRS Publication 1075 and NIST 800-53 to organizational processes, policies, and systems.
  • Analyze regulatory updates and assess their impact on the agency’s compliance posture.
  • Design, implement, and validate security controls to meet the requirements of IRS and NIST standards.
  • Map organizational IT processes and infrastructure to compliance frameworks and ensure alignment with best practices.
  • Conduct detailed risk assessments and security reviews to identify compliance gaps and vulnerabilities.
  • Prioritize and execute remediation activities based on risk and compliance impact.
  • Create detailed compliance reports, audit documentation, and security policies required by IRS Publication 1075 and NIST 800-53.
  • Document technical processes, risk assessments, and control implementations clearly and comprehensively.
  • Coordinate with internal and external stakeholders to prepare for audits, including IRS Safeguard Reviews.
  • Lead audit activities by gathering evidence, responding to audit findings, and addressing corrective action plans.
  • Provide clear, actionable guidance to leadership and teams regarding compliance initiatives and responsibilities.
  • Work collaboratively across IT, legal, and operations teams to implement compliance measures.
  • Coordinate with external partners, vendors, and agencies to ensure third-party compliance.

• Skills in  
  • Outstanding written and verbal communication and interpersonal skills;
  • Excellent listening and analytical skills;
  • Excellent problem-solving, critical thinking, and attention to detail skills;
  • Integrity and ethical judgement;
  • Organization and time management
  • Managing GRC (Governance, Risk, and Compliance) platforms to track and document compliance activities.
  • Creating detailed compliance documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and risk assessment reports.
  • Preparing and submitting IRS Safeguard Security Reports (SSRs) and Safeguard Procedures Reports (SPRs).
  • Effectively collaborating with cross-functional teams to implement technical compliance solutions.
  • Communicating complex IT compliance concepts to non-technical stakeholders and training teams on compliance best practices.
  • Managing security and compliance in cloud environments, ensuring alignment with NIST SP 800-53 and IRS guidelines.
  • Investigating and responding to security incidents, including breaches involving FTI.
  • Documenting incident response actions and lessons learned to enhance compliance processes.

MINIMUM QUALIFICATIONS

• Bachelor’s degree in Computer Science, Information Systems, Computer Information Systems, or related discipline.

• 3 years of experience in IT compliance, cybersecurity, and/or risk management required.
• Certifications such as CISSP, CISM, or CompTIA Security+ are a plus.
• OR an equivalent combination of education and experience.

PREFERRED QUALIFICATIONS

• Preference will be given to candidates with demonstrated experience in IT support and cybersecurity, particularly in environments requiring compliance with federal regulations such as IRS Publication 1075 and NIST 800-53.
• Strong knowledge of Governance, Risk, and Compliance (GRC) platforms, including their use for managing compliance workflows, risk assessments, and audit documentation, is highly desirable.
• Candidates with expertise in implementing security measures, providing technical support, and ensuring the operational integrity of IT systems within highly regulated frameworks will be prioritized.

PHYSICAL DEMANDS

• Ability to sit and stand for extended periods of time. Exhibit manual dexterity and hand-eye coordination to operate a computer, keyboard, photocopier, telephone, calculator and other office equipment. Ability to see and read a computer screen and printed material with or without vision aids. Ability to hear and understand speech at normal levels, with or without aids. Ability to communicate clearly. Physical ability to lift up to 15 pounds, to bend, stoop, climb stairs, walk and reach. Duties are normally performed in an office environment with a moderate noise level.

SPECIAL REQUIREMENTS

The Oklahoma Tax Commission’s normal work hours are Monday through Friday, 7:30am to 4:30pm.  This schedule may require minor flexibility based on the needs of the agency.

Telework may be required based on the needs of the agency, division, and section.  If applicable, applicant must be willing and able to work both on-site and telework at an off-site location, generally in the applicant’s home.  Applicant must have a secure internet connection and a dedicated telephone (landline) or smart phone device during scheduled working hours.

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities may change at any time with or without notice.

Equal Opportunity Employment

The State of Oklahoma is an equal opportunity employer and does not discriminate on the basis of genetic information, race, religion, color, sex, age, national origin, or disability.

Current active State of Oklahoma employees must apply for open positions internally through the Workday Jobs Hub.