Skip to Main Content

SRA Cybersecurity Defense Compliance Specialist II

Recruitment #23-005849-0001


The Maryland State Retirement Agency (MSRA) administers the Maryland State Retirement and Pension System’s (MSRPS) death, disability, and retirement benefits on behalf of more than 405,000 active members, retirees, and beneficiaries. The System is a multi-employer, public employees’ defined benefit retirement system composed of twelve (12) separate retirement and pension systems which includes active and former State employees, teachers, State police, judges, and law enforcement. The Agency manages a $65 billion trust fund, invested globally. This is an exciting time to join MSRA's technology team in this critical cybersecurity and information assurance position.

This is a Hybrid position that will require the candidate to be in the office up to 2 days per week.

If you are a qualified technology professional, here’s what MSRPS has to offer:

· Professional development

· Work with advanced & leading cybersecurity technologies

· Work in an organization that fosters teamwork and cooperation.

· Work only a few blocks from Baltimore’s historic inner harbor, convenient to Metro, Light Rail and busses (all at no charge to State Employees in the Baltimore metro area)

· Attractive medical, dental, leave, & retirement plan benefits

· Enjoy other State of Maryland employee benefits.


STD 0019


Maryland State Retirement and Pension System 
120 East Baltimore Street 
Baltimore, Maryland 21202 

Main Purpose of Job

The qualified candidate will be responsible to coordinate and manage workflow tasks associated with cybersecurity compliance and training initiatives within SRA to include: 1) coordinating tasks for ongoing audits, 2) cybersecurity policy development and lifecycle management, 3) co-administering the Governance, Risk & Compliance (GRC) platform, and 4) administer and manage SRA’s cybersecurity awareness training program.


Education: Graduation from an accredited high school or possession of a high school equivalency certificate.

Experience: Three years of experience in the data security compliance discipline, working knowledge of Governance, Risk and Compliance (GRC) platforms, security audit management and procedures, compiling reports and analytics from completed security audits and risk assessments (internal and external sources), and administering security awareness training services/products.


1. Candidates may substitute the possession of a Bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for two years of the required experience.

2. Candidates may substitute an Associate’s degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for one year of the experience.

3. Candidates may substitute a graduate level degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for the required experience.


The ideal candidate must have experience working with IS and/or cybersecurity audits involving security standards such as the State of MD, NIST 800-53/Cybersecurity Framework including the assessment of the security controls associated with them and the applicant should have the following:

· College degree specializing in: Cybersecurity Management and Policy, Cybersecurity Technology, Cybersecurity and Information Assurance Network Engineering and Security or similar field of study.

· 3+ years’ working experience in conducting and managing IS network and/or cybersecurity audits, or cybersecurity information assurance assessments.

· Experience & working knowledge of Governance, Risk & Compliance (GRC) SaaS platforms (i.e., Drata, Logic Manager, ProofPoint, StandardFusion, Workiva, etc.).

· Experience in administering and managing cybersecurity and/or security awareness training platforms and services.


Must have one industry certification highly desirable (e.g. CompTIA's: Security+, and/or Certified Information Systems Auditor (CISA)).


Employees in this classification may be subject to call-in 24 hours a day and be required to work evenings, weekends, and holidays when systems are down or to work on systems that need to be repaired or replaced during non-business hours and, therefore, may be required to provide the employing agency with a telephone number where the employee can be reached. Employees may be furnished with a pager or cell phone.

Applicants for this classification may handle sensitive data. This will require a full scope background investigation prior to appointment. A criminal conviction may be grounds for rejection of the applicant.

Employees may occasionally be required to travel to the main office during off hours, or field locations, and must have access to an automobile in the event a state vehicle cannot be provided. Standard mileage allowance will be paid for use of a privately owned vehicle.

The work may require moving computers, printers and other IT related equipment weighing up to 80 pounds.


Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date. Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the eligible (employment) list for at least one year.


The assessment may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.

For education obtained outside the U.S., a copy of the equivalent American education as determined by a foreign credential evaluation service must be provided prior to hire.



Online applications are highly recommended.  We are requesting you to upload your resume and cover letter. However, if you are unable to apply online, the paper application and supplemental questionnaire may be submitted to: Department of Budget and Management, Recruitment and Examination Division, 301 W. Preston St., Room 608, Baltimore, MD 21201. Paper application materials must be received in our office by the closing date for the recruitment. No postmarks will be accepted.

For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at or 410-767-4850, MD TTY Relay Service 1-800-735-2258.

We thank our Veterans for their service to our country.

People with disabilities and bilingual candidates are encouraged to apply.

As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.

Powered by JobAps