Governance, Risk, & Compliance Business Associate (BPA 1)
About The Position
The Office of Information Services (OIS) works to support the business functions and the delivery of health, human, and employment services through the application of information technology. OIS supports the delivery of programs to millions of recipients through the development and round-the-clock operation of automated information systems. Due to the number of end-users and technologies supported, OIS is one of the largest and most complex IT organizations within Ohio state government. Learn more about the Office by visiting the ODJFS OIS webpage. The Governance, Risk, and Compliance (GRC) pillar within OIS is responsible for managing cyber-security risk, regulatory compliance, and audit readiness across the Agency and its associated County partners. The GRC Business Associate supports cyber-security assessments, IT risk evaluations, and audit activities to ensure compliance with federal, state, and contractual requirements. This role contributes to protecting sensitive public data, strengthening security controls, and improving the overall risk posture of County and Agency systems.
Requirements
- Option 1: 36 months work experience in any combination of the following: creating and coordinating technical and business requirements for processes, projects and procedures, working with business users and technical staff to develop strategies and leading modification or creation of new systems for implementation of information technology solutions.
- Option 2: 18 months work experience in any combination of the following: creating and coordinating technical and business requirements for processes, projects and procedures, working with business users and technical staff to develop strategies and leading modification or creation of new systems for implementation of information technology solutions. Completion of Associate's core program in Computer Science or Information Systems
- Option 3: 12 months work experience in any combination of the following: creating and coordinating technical and business requirements for processes, projects and procedures, working with business users and technical staff to develop strategies and leading modification or creation of new systems for implementation of information technology solutions. Completion of undergraduate core program in Computer Science or Information Systems
- Option 4: Equivalent of minimum class qualifications for employment noted above.
Responsibilities
- Assist and support maintenance of the Agency’s IT GRC policies, procedures, and related tools and services.
- Perform IT risk assessments using established methodologies and procedures.
- Apply cyber security frameworks to scope assessments, evaluate controls, document findings, and communicate results.
- Support assessments of County agencies, including the County Department of Job and Family Services (CDJFS), County Child Support Enforcement Agencies (CSEA), and County Public Children Services Agencies (PCSA).
- Support third-party risk assessments based on data sharing agreements and contractual security requirements.
- Assist with review of System Security Plans (SSPs), Security Impact Analyses, IT Risk Profile Assessments, and Privacy Impact Assessments (PIAs).
- Assist with internal and external audits and remediation tracking.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
Education Level
Associate degree
