Applications are submitted online until the position is filled and/or the posting is closed. After reviewing this job announcement, please click on the link at the bottom of the page to apply online. A resume is required with the application. Further instructions on submission of documents are available in the online application. A resume may not be substituted for an application.

Reporting to the Deputy CIO of Operations, this position is responsible for the effective operations of the Governance, Risk, and Compliance team. The Governance, Risk, and Compliance Manager is responsible for assessing, documenting and improving Allegheny County’s compliance and risk posture as they relate to its information assets. The incumbent must have a deep knowledge of security, compliance, regulatory frameworks, platform management, vendor security reviews and be able to lead teams to meet requirements and project deadlines. This role is a working manager position, so strong technical skills in security, governance, risk, and compliance are crucial to the success of this position.

• Leads the organization’s compliance efforts across PCI, CJIS, HIPAA, and others.
• Leads the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Leads the execution and reporting of outcomes derived from third-party risk assessments.
• Drives resolutions for audit findings through effective control implementation.
• Evaluates, recommends, and manages the implementation of security and risk frameworks to assess and enhance security maturity.
• Collaborates with legal and security teams to set compliance and security standards for contracts.
• Conducts security assessments of third-party vendors and partners.
• Responds to inquiries regarding security attestations and compliance.
• Fosters synergy between security and compliance functions, ensuring aligned strategies and initiatives.
• Set goals, standards, and processes for the Governance, Risk, and Compliance team.
• Directly supervises subordinates, holding assigned staff accountable for appropriate adherence to standards, practices, and procedures.
• Evaluates the performance of staff under supervision and conducts regular staff meetings.
• Provides project management and tracking for governance, risk, and compliance projects and works with Senior IT management to communicate plans and gain necessary approvals.
• Assists in preparing technical specifications for bidding of equipment and or software.
• Provides weekly status and planning reports for IT and County Management.
• Performs other duties as required or requested.

• Information security risk management frameworks and compliance practices.
• Securing network technologies, client, and server operating systems.
• Documenting risk and compliance activities.
• Performing information security audits or risk assessments.

• Microsoft Office products.

• Develop security standards and guidelines based on best practices and industry standards.
• Manage vendor relationships.
• Lead effectively and mentor employees and staff in administrative practices, new technology, and organizational skills.
• Communicate effectively, both orally and in writing.
• Present ideas and concepts clearly in user-friendly language to users, staff, and disparate groups throughout the County.
• Troubleshoot complex issues involving disparate systems in a decentralized environment.
• Recommend technology solutions to complex business needs.
• Work in a technically diverse and complex IT operational environment.
• Effectively prioritize and problem-solve in a fast-paced environment.