SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST Series

About the position The Maryland State Retirement and Pension System (MSRPS) administers benefits for over 397,000 members, including active employees, retirees, and vested participants across 12 retirement systems—supporting the financial security of Maryland’s public servants. Located in Baltimore’s Central Business District, MSRPS offers a purpose-driven workplace with modern amenities, including panoramic city and harbor views, renovated common areas, upgraded elevators, and an on-site café. Employees enjoy comprehensive state benefits including; medical, dental, prescription coverage, generous paid leave, participation in the state pension system, and supplemental retirement savings options (401(k), 457(b), and more). Additional perks include an on-site fitness center with showers and lockers, 24/7 building security, and easy access to restaurants, shops, free public transit, and major highways. If you are a qualified technology professional, here’s what MSRPS has to offer: Professional development Work with advanced & leading cybersecurity technologies Work in an organization that fosters teamwork and cooperation This classification is eligible for a Hybrid work schedule. The main purpose of the position is the responsibility for the coordination and workflow management of cybersecurity compliance initiatives in the IS’ Cybersecurity Division to include coordinating tasks for ongoing audits, cybersecurity policy development and lifecycle management, co-administering the GRC (Governance, Risk & Compliance) platform, administer and manage SRA’s security awareness training program. Knowledge of and competence in applying cybersecurity standards (State of MD/NIST/CSF, etc.) and their control integrations within SRA to achieve a high compliance maturity level within the Cybersecurity program. Responsibilities • Administer the GRC platform; populate the controls library with fresh content/artifacts, monitor/integrate data imports from connectors, onboard new audits (internal & external), build custom profiles, run cybersecurity risk reports/heat maps, update the risk register, monitor Jira GRC task flows (40%) • Administer & manage the security awareness training platform; setup new training & phishing campaigns, monitor & notify users in policy non-compliance, run risk/training completion reports. (20%) • Onboard new cybersecurity audit campaigns (internal & external); ingest audit requirements into the GRC platform, assemble/update artifact repositories, build workspaces for auditors to review RDL items (20%) • Maintain the cybersecurity policy and document repository, perform policy lifecycle tasks (update/create/deprecate material, and manage authorization processes), design data maps & process workflow diagrams, & document cybersecurity procedures. (10%) • Research & stays abreast of changes in cybersecurity standards (such as NIST, CSF and State of MD/DoIT), and assists in efforts to maintain standards compliance, manages the Capability Maturity Model Integration (CMMI) cybersecurity program to maintain a minimum Level III maturity. (10%) Requirements • Graduation from an accredited high school or possession of a high school equivalency certificate. • SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST I Experience: Two years of experience in the data security compliance discipline, working knowledge of Governance, Risk and Compliance (GRC) platforms, security audit management and procedures, compiling reports and analytics from completed security audits and risk assessments (internal and external sources), and administering security awareness training services/products. • SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST II Experience : Three years of experience in the data security compliance discipline, working knowledge of Governance, Risk and Compliance (GRC) platforms, security audit management and procedures, compiling reports and analytics from completed security audits and risk assessments (internal and external sources), and administering security awareness training services/products. • Candidates may substitute the possession of a Bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for two years of the required experience. • Candidates may substitute an Associate’s degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for one year of the experience. • Candidates may substitute a graduate level degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for the required experience • Six months working experience in cybersecurity management, cybersecurity & information assurance, or data/network security engineering technology. • Must have one industry certification highly desirable (e.g. CompTIA's: Security+, and/or Certified Information Systems Auditor (CISA)). Nice-to-haves • A bachelor's degree in Cybersecurity Management and Policy, Cybersecurity Technology, Cybersecurity and Information Assurance, Network Engineering and Security, or similar field of study. • Prior experience conducting and managing IS network and/or cybersecurity audits, or cybersecurity information assurance assessment. • Prior experience and working knowledge of Governance, Risk & Compliance (GRC) platforms (i.e., Drata, Logic Manager, ProofPoint, StandardFusion, Workiva, etc.) • Prior experience administering and managing cybersecurity and/or security awareness training platforms and services. Benefits • health insurance, dental, and vision plans offered at a low cost. • Personal Leave - new State employees are awarded six (6) personnel days annually (prorated based on start date). • Annual Leave - ten (10) days of accumulated annual leave per year. • Sick Leave - fifteen (15) days of accumulated sick leave per year. • Parental Leave - up to sixty (60) days of paid parental leave upon the birth or adoption of a child. • Holidays - State employees also celebrate at least thirteen (13) holidays per year. • Pension - State employees earn credit towards a retirement pension. Apply tot his job Apply To this Job