IT Governance, Risk, and Compliance Manager

The Information Services Division (ISD) is looking for a highly motivated individual to join our team as a IT Governance, Risk, and Compliance Manager.

* Manage a dynamic team while helping them grow in their positions and keeping them motivated and informed of agency direction. Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner. Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security. Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.

* Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored. Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the agency's information and technology systems.

* Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures to meet defined requirements, policies and regulations. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, MARS-E 2.0, HIPAA, NIST 800-53, and more.

* Interacts in both oral and written communications with all levels of staff both internally to the agency and state.

* Work with lines of business, state governing agencies, sister agencies and other entities to complete required agency audits. Coordinate and track all information technology and security related audits including scope of audits, parties involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the agency in its best light. Provide guidance, evaluation and advocacy on audit responses.

* Must be able to assess computer hardware, software, and systems for security risks or violations and work with agency staff and technology vendors to recommend solutions. Develop strategies to address awareness and training for all stakeholders as well as technical solutions. Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.

* Knowledge of information security risk management frameworks and compliance practices.

* Knowledge of securing network technologies, client, and serve operating systems.

* Understanding of common security standards and regulations relating to a higher education environment (e.g., PCI DSS, NIST 800-53, ISO2700x, etc.)

* Must be well versed with laws and guidelines affecting healthcare entities in the following areas: Protected Health Information (PHI), Health Insurance Portability and Accountability Act (HIPAA), Center for Medicare & Medicaid Services (CMS), Compliance research, Arizona State regulations

* Ability to develop security standards and guidelines based on best practices and industry standards.

* Experience responding to, analyzing, and communicating information security incidents.

* Excellent interpersonal, communication, and presentation skills, including formal report writing experience.

* At least 3 years managing high-performance teams.

* At least 3 years of advanced IT skills with high level of information security experience and expertise.

At AHCCCS, we promote the importance of work/life balance by offering workplace flexibility and a variety of learning and career development opportunities. Among the many benefits of a career with the State of Arizona, there are 10 paid holidays per year, accrual of sick and annual leave, affordable medical benefits and participation in the Arizona State Retirement Plan.

For a complete list of benefits provided by The State of Arizona, please visit our benefits page

Persons with a disability may request a reasonable accommodation such as a sign language interpreter or an alternative format by contacting 602-417-4497.

Requests should be made as early as possible to allow time to arrange the accommodation. Arizona State Government is an AA/EOE/ADA Reasonable Accommodation Employer.