|
Commonwealth of Pennsylvania |
|
|
POSITION DESCRIPTION FOR JOB POSTING |
|
|
Position Number: 00133524 |
Description Activated On: 1/29/2026 4:20:30 PM |
Position Purpose: Describe the primary purpose of this position and how it contributes to the organization’s objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively. The incumbent in the position will serve as a senior contributor within the Enterprise Information Security Office (EISO) Governance, Risk, and Compliance (GRC) Department, leading enterprise information security risk management activities, supporting IT audit remediation efforts, and coordinating updates to Continuity of Operations (COOP) plans to enhance the Commonwealth’s overall security, governance, risk, and compliance posture. |
|
Description of Duties: Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor. Maintain and manage the enterprise information security risk register, including identifying, documenting, assessing, prioritizing and tracking risks in coordination with agencies, IT stakeholders and business owners Facilitate periodic risk assessments and risk review sessions to ensure risks are actively captured, evaluated and aligned with Commonwealth risk tolerance and security and GRC frameworks. Track and monitor risk treatments plans, ensuring mitigation activities are documented, progressing as planned and escalated appropriately when risks exceed defined thresholds. Support IT audit remediation activities by coordinating with agency and technical teams to document corrective action plans, track remediation milestones and validate closure of audit findings. Assist in responding to internal and external audit requests by gathering evidence, preparing documentation and supporting status reporting related to information security controls. Provides recommendations on risk prioritization, remediation tracking, and improvements to continuity planning. Coordinate updates to Continuity of Operations Plans (COOP), including annual reviews, testing support and documentation updates to ensure plans remain current and actionable. Responsible for conducting data analysis and escalating issues appropriately, as needed. Prepare risk, audit and COOP status reports and dashboards for leadership, highlighting trends, key risks and areas requiring management attention. Escalates significant risks, overdue audit items or continuity gaps to leadership when thresholds are exceeded. Maintain working knowledge of Commonwealth IT Policies, Management Directives and applicable security frameworks (e.g., NIST) to ensure governance, risk and compliance activities are aligned. Collaborate with the Governance, Risk and Compliance (GRC) Department staff to support continuous improvement of risk management processes and tooling. Serve as a subject matter resource to agencies regarding risk documentation, audit remediation expectations and continuity planning requirements. Independently analyzes risk, audit and COOP data to identify issues, trends and recommendations. Travel as required, including overnight stays. Performs other duties as assigned. |
Decision Making: Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisor’s signature. The incumbent independently analyzes enterprise risk, audit, and COOP data to identify trends, gaps, and issues requiring action. Judgment is exercised to prioritize risks and remediation efforts in alignment with Commonwealth risk tolerance, security frameworks, and governance requirements. The role determines when risks, audit findings, or continuity gaps exceed defined thresholds and require escalation to leadership. The incumbent develops recommendations to strengthen risk treatment strategies, remediation tracking, and continuity planning effectiveness. Collaboration with agencies, IT stakeholders, and business owners ensures recommendations are informed, balanced, and operationally feasible. Leadership is supported through clear reporting and data-driven insights that enable timely and informed action. |
||||||||||||||||||||
Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License Experience: Licenses, registrations, or certifications: 1. N/A 2. N/A 3. N/A 4. 5. 6. |
||||||||||||||||||||
Essential Functions: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.
|