SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST Series

The Maryland State Retirement and Pension System (MSRPS) administers benefits for over 397,000 members, including active employees, retirees, and vested participants across 12 retirement systems—supporting the financial security of Maryland’s public servants.

Located in Baltimore’s Central Business District, MSRPS offers a purpose-driven workplace with modern amenities, including panoramic city and harbor views, renovated common areas, upgraded elevators, and an on-site café.

Employees enjoy comprehensive state benefits including; medical, dental, prescription coverage, generous paid leave, participation in the state pension system, and supplemental retirement savings options (401(k), 457(b), and more). Additional perks include an on-site fitness center with showers and lockers, 24/7 building security, and easy access to restaurants, shops, free public transit, and major highways.

If you are a qualified technology professional, here’s what MSRPS has to offer:

• Professional development
• Work with advanced & leading cybersecurity technologies
• Work in an organization that fosters teamwork and cooperation

This classification is eligible for a Hybrid work schedule.

SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST I: Grade 18

SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST II: Grade 19

Salary offered will be based on the candidate’s education and experience

120 East Baltimore Street

Baltimore, Maryland 21202

The main purpose of the position is the responsibility for the coordination and workflow management of cybersecurity compliance initiatives in the IS’ Cybersecurity Division to include coordinating tasks for ongoing audits, cybersecurity policy development and lifecycle management, co-administering the GRC (Governance, Risk & Compliance) platform, administer and manage SRA’s security awareness training program. Knowledge of and competence in applying cybersecurity standards (State of MD/NIST/CSF, etc.) and their control integrations within SRA to achieve a high compliance maturity level within the Cybersecurity program.

This position will be responsible and perform at either the intermediate (Level I) or full (Level II) performance level for:

• Administer the GRC platform; populate the controls library with fresh content/artifacts, monitor/integrate data imports from connectors, onboard new audits (internal & external), build custom profiles, run cybersecurity risk reports/heat maps, update the risk register, monitor Jira GRC task flows (40%)
• Administer & manage the security awareness training platform; setup new training & phishing campaigns, monitor & notify users in policy non-compliance, run risk/training completion reports. (20%)
• Onboard new cybersecurity audit campaigns (internal & external); ingest audit requirements into the GRC platform, assemble/update artifact repositories, build workspaces for auditors to review RDL items (20%)
• Maintain the cybersecurity policy and document repository, perform policy lifecycle tasks (update/create/deprecate material, and manage authorization processes), design data maps & process workflow diagrams, & document cybersecurity procedures. (10%)
• Research & stays abreast of changes in cybersecurity standards (such as NIST, CSF and State of MD/DoIT), and assists in efforts to maintain standards compliance, manages the Capability Maturity Model Integration (CMMI) cybersecurity program to maintain a minimum Level III maturity. (10%)

Education: Graduation from an accredited high school or possession of a high school equivalency certificate.

SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST I

Experience: Two years of experience in the data security compliance discipline, working knowledge of Governance, Risk and Compliance (GRC) platforms, security audit management and procedures, compiling reports and analytics from completed security audits and risk assessments (internal and external sources), and administering security awareness training services/products.

SRPS CYBERSECURITY DEFENSE COMPLIANCE SPECIALIST II

Experience: Three years of experience in the data security compliance discipline, working knowledge of Governance, Risk and Compliance (GRC) platforms, security audit management and procedures, compiling reports and analytics from completed security audits and risk assessments (internal and external sources), and administering security awareness training services/products.

Notes:

1. Candidates may substitute the possession of a Bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for two years of the required experience.

2. Candidates may substitute an Associate’s degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for one year of the experience.

3. Candidates may substitute a graduate level degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university for the required experience.

Please note that your answers to the supplemental questionnaire must correspond to the information provided on your application to receive credit

Preferred candidates will possess the following qualifications:

· A bachelor's degree in Cybersecurity Management and Policy, Cybersecurity Technology, Cybersecurity and Information Assurance, Network Engineering and Security, or similar field of study.

· Prior experience conducting and managing IS network and/or cybersecurity audits, or cybersecurity information assurance assessment.

· Prior experience and working knowledge of Governance, Risk & Compliance (GRC) platforms (i.e., Drata, Logic Manager, ProofPoint, StandardFusion, Workiva, etc.)

· Prior experience administering and managing cybersecurity and/or security awareness training platforms and services.

Employees in this classification may be subject to call-in 24 hours a day and be required to work evenings, weekends, and holidays when systems are down or to work on systems that need to be repaired or replaced during non-business hours and, therefore, may be required to provide the employing agency with a telephone number where the employee can be reached. Employees may be furnished with a pager or cell phone.

Applicants for this classification may handle sensitive data. This will require a full scope background investigation prior to appointment. A criminal conviction may be grounds for rejection of the applicant.

Employees may occasionally be required to travel to the main office during off hours, or field locations, and must have access to an automobile in the event a state vehicle cannot be provided. Standard mileage allowance will be paid for use of a privately owned vehicle.

The work may require moving computers, printers and other IT related equipment weighing up to 80 pounds.

Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date. Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the eligible (employment) list for at least one year. 

Due to the confidential nature of the work, selected candidates must undergo and pass a background check. 

For education obtained outside the U.S., a copy of the equivalent American education as determined by a foreign credential evaluation service must be provided prior to hire. 

STATE OF MARYLAND BENEFITS

As an employee of the State of Maryland, you will have access to outstanding benefits, including: health insurance, dental, and vision plans offered at a low cost.  

• Personal Leave - new State employees are awarded six (6) personnel days annually (prorated based on start date). 
• Annual Leave - ten (10) days of accumulated annual leave per year. 
• Sick Leave - fifteen (15) days of accumulated sick leave per year.   
• Parental Leave - up to sixty (60) days of paid parental leave upon the birth or adoption of a child. 
• Holidays - State employees also celebrate at least thirteen (13) holidays per year.   
• Pension - State employees earn credit towards a retirement pension.