Protected Data Compliance Administrator

Technology Services is seeking an Protected Data Compliance Administrator to join its team and to assist in customer-focused governance, risk and compliance initiatives.

The secret is out: Denver is the nation's top place to live, work, and play. Being the best place to live isn't easy; maintaining such a reputation means we need the best people working for the residents of Denver. People who want to make a difference; people who want to give back; people who want to be at the heart of this city and have a hand in creating our future. When you join us, you will employ your unique skills to do important and meaningful work critical to the success of both your organization and the city as a whole. Be a part of the city that you love. #WhereDenverWorks­­

The Technology Services division (TS) of the City and County of Denver is using state-of-the-art technologies and methodologies to deliver and improve the systems, applications and operations that we deliver to our Mile High City. TS supports the people, agencies and ideas that make the City and County of Denver a great place to live and work. The City offers a unique opportunity to work with a diverse business and technology environment on a large scale as we employ over 12,000 people, of which 9,000+ are daily technology consumers in support of a diverse population in excess of 500,000 citizens.

As a Protected Data Compliance Administrator, you will be part of the Information Security Team. The candidate will aid and support the planning and execution of engagements where they would interact with business executives and IT professionals to evaluate compliance to a variety of information security and privacy data protection rules and regulations. You will be an information governance compliance subject matter expert capable of partnering across functional disciplines to bring clarity to complex protected data compliance initiatives, including PCI, CJIS, and HIPAA. You will articulate thoughts clearly, plan compliance initiatives, and execute audits and reviews with appropriate urgency as well as demonstrate drive, intelligence, maturity, and energy and will be a proven change agent.

You will be expected to play a pivotal role in supporting the governance, risk, and compliance functions to help promote improvements in information security and data protection. You will also help execute risk assessments, information security metrics, and senior management reporting. You will be expected to have a deep understanding of the functionality and have the ability to manage GRC using the ServiceNow platform and associated modules.

Additionally, as the Protected Data Compliance Administrator, you will:

• Perform information security control reviews, security audits and protected data compliance audits within a variety of environments and industries and document using ServiceNow
• Provide compliance, risk, and controls expertise using ServiceNow to support various information security and compliance initiatives and activities
• Using ServiceNow, enforce information assurance and security and data protection policies and procedures utilized throughout the City
• Regularly coordinate and interact with external auditors, IT administrators, and city agencies
• Consult with and advise city agencies and IT administrators on various operational issues related to information security and data protection.
• Prepares audit finding memoranda and working papers to ensure that adequate documentation exists to support the completed audit and conclusions
• Follow up on audit findings to ensure that management has taken a corrective action(s)
• Assist and train other audit staff on various audit techniques, and with developing methods for review and analysis of data security and protection
• Develop information security, data protection and governance policies and standards to align with the compliance frameworks
• Maintain the data protection and information security knowledge bases for consistent format, language and function
• Prepares and presents written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to management
• Research and stay up to date with current information security topics, information technology, equipment, GRC topics, and/or systems
• Simultaneously manage and prioritize multiple projects
• Perform miscellaneous job-related duties as assigned
• Ensure compliance with any applicable federal, state, or local laws and regulations
• For this Protected Data Compliance Administrator, you should be knowledgeable in standards and frameworks, such as, Payment Card Industry, Criminal Justice Information Services, Health Insurance Portability and Accountability Act, Colorado State elections regulations, Federal Information Systems Computer Audit Manual, International Standards Organization, and National Institute of Standards and Technology. Additionally, you must have a deep understanding of how ServiceNow is used to track, maintain and verify compliance to these frameworks. Knowledge of OneTrust is highly desirable.