GRC Project Manager DoIT Technology Platform Manager II

The State of Maryland manages security, privacy, and compliance requirements across its agencies and platforms. The GRC directorate requires a dedicated project manager to oversee the strategic development and management of Maryland’s cybersecurity and privacy policy suite, the State’s cybersecurity and privacy risk management program, and the AI Governance program. This is a contractual position with limited benefits.

Department of Information Technology
100 Community Place
Crownsville, MD 21038

The GRC Project Manager (PM) will manage and oversee the implementation of comprehensive programs within the GRC directorate, including cybersecurity and privacy policy suite, risk management, AI governance, and IT policy initiatives.

Responsibilities include:

• Reporting and Governance:
  Provide weekly updates on scope, budget, schedule, milestones, and risks related to the Cybersecurity and Privacy Program.
• Program Leadership:
  Lead cross-functional teams and technical resources to deliver high-quality programs that meet business needs and mandated requirements.
• Planning and Artifacts:
  Oversee the development and approval of program plans, charters, business objectives, scope statements, and success criteria for GRC initiatives.
• Alignment and Scope:
  Ensure alignment between State CISO priority initiatives and the GRC directorate’s strategic direction; manage program scope to align work efforts to GRC goals.
• Development and Management:
  Manage work activities to conform to scope, timelines, and budgets; develop and track budgets and resourcing plans using Azure Dev Ops or the State’s program management tool.
• Metrics and Quality:
  Develop performance and quality measures; track, analyze, and report on metrics, including key risk indicators and key performance indicators.
• Program Implementation:
  Develop transition activities and roll‑out schedules for new security and privacy controls or compliance frameworks; ensure deliverables meet legal, regulatory, and policy mandates.
• Stakeholder Management:
  Motivate program teams, foster consensus, promote a customer‑service relationship among peers, and implement communication strategies to improve transparency.
• Change Control:
  Integrate change management and control practices into programs as required, especially for changes to GRC processes or security controls.
• Documentation:
  Maintain an organized repository for project documentation, including presentations, plans, reports, and relevant correspondence.

• Bachelor’s degree from an accredited college or university in Information Technology, Cybersecurity, Public Policy, Business Administration, or a related field.
• Three years of experience performing project management work in an IT Security, Risk Management, or Compliance GRC environment.

• Experience with Agile methodologies and project management tools such as Azure Dev Ops or Jira.
• Ability to lead cross‑functional teams and communicate complex security or regulatory requirements to non‑technical stakeholders.
• Professional certification (PMP, CISA, CRISC, or similar).
• One year of experience or understanding of Cybersecurity and AI Governance/Ethics frameworks related to the State’s AI Governance projects.

• Contractual employees working 30 or more hours per week or an average of 130 hours per month are eligible for subsidized health benefits coverage for themselves and their dependents.
• Paid leave accrues at a rate of one hour for every 30 hours worked.

People with disabilities and bilingual candidates are encouraged to apply. We thank our Veterans for their service to our country.

As an equal opportunity employer, Maryland is committed to recruitment, retention, and promotion of employees who reflect the State’s diversity.