Information Security Governance, Risk, and Compliance Specialist

Information Security Governance, Risk, and Compliance Specialist

Requisition ID req714 Department Information Technology Campus SY-Sylvania Campus Employment Type Classified-Full Time Job Close Date Apply Immediately; This job posting will be closed once sufficient qualified applications have been received. Position Summary

Portland Community College is seeking an Information Security Governance, Risk and Compliance (GRC) Specialist to join our team.

In this important role, you will coordinate and perform PCC’s security assessment functions and control testing reporting and activities in accordance with PCC’s Internal Controls compliance, regulatory and departmental policy and procedures. As the Information Security Assessment Specialist, updating and maintaining control matrices and spreadsheets, and providing recommendations for management’s consideration are key responsibilities. This position ensures compliance with PCC’s internal controls, regulatory and information security policies and procedures, and works with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable. As PCC’s Information Security GRC Specialist, you will take a lead role in ensuring the security of all protected information collected, used, maintained, or released by PCC.

If this sounds like a team you would like to join, and an important role you would like to play at Portland Community College, please review the qualifications section below and apply today!

See the classification description for additional information: https://www.pcc.edu/hr/employment/classified-jobs/information-security-governance-risk-compliance-gr

Candidate Profile

These qualifications, skills and abilities are critical for success in this position.
Throughout the screening process, you will be evaluated based on the demonstration of these qualifications.

• Demonstrated understanding of risk-based information security programs and the ability to implement information security governance, risk and compliance processes
• Extensive experience performing and documenting internal and external information security risk assessments, investigations, and remediation efforts
• Demonstrated collaboration and communication skills to partner and align with users at all technical skill levels and roles across the organization
• Comprehensive knowledge of the cyber threat landscape, cyber-security product categories and their application, and available technologies
• Experience in compliance with regulatory requirements, security and privacy laws and Frameworks, including but not limited to PCI, SOX or GLBA, HIPPA, ISO 27001/2, NIST, or IRS Publication 1075
• Understanding of project lifecycle management, including demonstrated experience coordinating a technical project, working with a project team, and influencing without direct authority

Minimum Qualifications

To be considered, your application must demonstrate these minimum qualifications. (Experience is calculated based on the start and end dates you provide multiplied by the number of hours per week worked).

• High school diploma or equivalent. Associate’s Degree in Computer Information Systems or related discipline ( Note: Relevant experience may substitute for the degree requirement on a year-for-year basis.)
• 4 years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management

Preferred Qualifications

• CISSP, CRISC, CISN, CISA, and/or GIAC; or comparable certification
• Proven leadership in project management, auditing, and risk management techniques
• Experience in business continuity and/or disaster recovery planning
• Understanding of connections among technology, the organization and leadership in relation to business processes and problem resolution
• Ability to identify a problem or opportunity and take action to address current or future problems and opportunities
• Ability to administer GRC reforms in the public sector
• Ability to think through problems, organize information, and identify key factors and underlying causes to generate solutions
• Ability to foster a culture of diversity, respect and inclusion
• Ability to develop and maintain internal controls during transitions between legacy and new systems
• Strong technical experience with cyber analytics techniques, including threat hunting, system configurations, forensics, and data preservation activities to help the team with cybersecurity incidents, as required

Position Grade 26 Starting Salary Expectations The first two steps of the range are: $64,695 to $66,633 per year. Higher salary placement may be available based on qualifications, experience and internal equity. Position Grade Salary Range $64695 to $103812 Annual Salary FTE 1.0 PCC Benefits

PCC offers a comprehensive benefit package designed to provide employees and their families, including domestic partners, with access to a broad range of benefit options. Includes Health, Dental, and Vision options, Group Life, Long-term Disability, Long-term Care, and Auto and Home Insurance programs.

PCC currently fully funds the Oregon Public Employees Retirement System (PERS/OPSRP) pension and contributes an additional 6% into the employee's Individual Account Program under PERS/OPSRP. PCC offers a tax deferred annuity program and a deferred compensation program where employees may save additional pre-tax dollars for retirement.

Additionally, PCC provides a tuition waiver for yourself, domestic partner, and dependent children under 24 years of age. Partial tuition reimbursement for yourself at other accredited institutions (full-time employees only).

Paid Leave: (Pro-rated by FTE for Part-Time Employees)

• Starts at 8 hours of vacation leave per month (additional vacation hours with years of service)
• 8 hours of sick leave per month
• 24 hours of additional personal leave days per year
• 11 Paid holidays

View a complete list of PCC benefits .

Working Conditions and Physical Requirements Work environment includes frequent disruptions and changes in priorities. Work is performed in an office environment or using standard information technology equipment combined with specialized information security products. Working conditions may require various shifts and/or weekends to provide incident response operations, business continuity plans, or disaster recovery operations. There is occasional travel between campuses or to off-site meetings. Position requires routine periods of standing and walking, lifting of equipment (30-50 pounds) and physical agility. Physical skills are required for keyboarding and operating complex network and computing equipment. Background Check Required Yes

Portland Community College complies with the Oregon Veterans' Preference in Public Employment law which provides qualifying veterans and disabled veterans with preference in employment. You will be given instructions during the application process to claim Veterans' Preference in the recruitment of this position, and to provide the documents required for verification of eligibility. Please do not send your documentation to the hiring manager directly. For verification of eligibility, please submit the following documentation:

• Veterans: DD214
• Disabled Veterans: DD214 and Letter from the Department of VA

Portland Community College is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or any other protected class.