Full job description Position Summary The Governance, Risk, and Compliance Manager will work under the guidance of the ACCS Chief Information Security Officer to further implement, maintain, and mature the Enterprise Information Security Program utilized by ACCS and its member institutions. This position also serves as the head of auditing ACCS systems against the Enterprise Information Security Program to ensure compliance and security best practice implementation.
Essential Duties and Responsibilities PRIMARY DUTIES: Further implement, and mature the Enterprise Information Security (NIST 800-53r5) program foundation developed by the Chief Information Security Officer Implement and mature the ACCS vulnerability management program. Assist the Information Security Officer in implementing a 3-year cyber strategic plan centered around IT risk management among ACCS institutions. This strategic plan will be redone and mature every three years to address modern security initiatives and challenges. Maintain Governance, Risk, and Compliance auditing processes and standard operating procedures that will be utilized to ensure compliance with the Enterprise Information Security Program as well as all federal, state, and local regulatory requirements. Work with the Splunk Enterprise Architect to develop workflows and use-cases that increase risk visibility and mitigation across the enterprise and its' member institutions. Work in parallel with the ACCS Security Operations Center Manager to develop, implement, and mature incident response, business continuity, and disaster recovery planning of the enterprise. Remain active in internal and external technical and functional user groups. Work with ACCS member institutions to promote cybersecurity and information security best practices in a manner that fosters and builds strong relationships with the member institutions. Coordinate functional and technical staff at ACCS and member institutions in the use of the ERP and ancillary systems and discuss potential security risks or problems that those systems present. Coordinate and resolve competing priorities from multiple internal and external groups. Develop and maintain reports as needed for the ACCS System Office and the State of Alabama. SECONDARY DUTIES: Assist third party assessors and auditors in auditing and verifying compliance of our institutions with the ACCS Enterprise Information Security Program. Other related duties as assigned. TOOLS USED ON JOB:
NIST documentation (NIST 800, 500, 1800)
Office Productivity Software (MS Word; MS Excel, Sharepoint, Teams, OneNote), Computer/laptop, Phone, Copier, Scanner, E-mail
Qualifications REQUIRED: Bachelor's degree in Information Technology from a regionally accredited institution OR five (5) years of information security related experience. Strong project management skills A demonstrated ability to build consensus among stakeholders. Ability to communicate effectively. PREFERRED: MA/MS degree in a technical discipline from a regionally accredited institution OR ten (10) years of information security specific related experience at the enterprise level. Certified Information Systems Security Professional (CISSP) Certification Six (6) years of directly related experience (former GRC). Application Procedures/Additional Information APPLICATION PROCEDURES:
Applications must be filed online at:
A complete application packet must be submitted by the posted deadline in order to be considered for this position. Applicants who fail to submit all required information will be disqualified. A complete application packet consists of:
Online application Cover letter Current resume Separate list of four (4) professional references (not letters) with complete contact information Unofficial or official transcripts showing degree(s) conferred and conferral dates All application materials must be scanned . It is recommended that you have digital (preferably .pdf) copies of your cover letter, resume, list of references, and transcripts showing degree(s) and conferral dates, ready to upload before you begin the application process. WE DO NOT ACCEPT E-MAILED APPLICATIONS. When you finish the online application procedure, you will receive an on-screen notice that you have successfully applied. HOWEVER, this does not mean that your application materials are complete in accordance with the vacancy announcement. It is the responsibility of the applicant to ensure they have submitted all necessary application materials in accordance with the vacancy announcement. Please direct any questions regarding the application process to Charlene Finkelstein at or , or Nikita Payne at or .
If you need technical assistance after reviewing the instructions, please contact:
NEOGOV Customer Service Monday-Friday 8:00 am – 5:00 pm PST AGENCY INFORMATION: The Alabama Community College System is an equal opportunity employer. It is the policy of the Alabama Community College System, including all postsecondary community and technical colleges under the control of the Alabama Community College System Board of Trustees, that no employee or applicant for employment or promotion, on the basis of any impermissible criterion or characteristic including, without limitation, race, color, national origin, religion, marital status, disability, sex, age, or any other protected class as defined by federal and state law, shall be excluded from participation in, be denied the benefits of, or be subjected to discrimination under any program, activity, or employment. Any offer of employment is contingent upon a satisfactory criminal background investigation. This employer participates in E-Verify. The Alabama Community College System reserves the right to withdraw this job announcement at any time prior to the awarding. More than one position in the same job classification may be filled from the applicants for this position should another vacancy occur during the search process. Agency ACCS
Website 1
