*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*
THIS IS AN INTERNAL "ONLY" JOB POSTING, AVAILABLE TO CURRENT MONTGOMERY COUNTY GOVERNMENT EMPLOYEES
*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*
This Position is ONLY Open to Montgomery County Government Employees:
Please note: The salary range above represents this position’s earning potential. The anticipated hiring range for this position will be $121,845.00 to $191,708.00, based on the candidate’s qualifications and experience.
WHO WE ARE
The Department of Technology and Enterprise Business Solutions (TEBS) assists the County in using information technology where it adds the most value and increases productivity. The Department's efforts also help to deliver information and services to citizens at work, at home, and in the community.
WHO WE ARELOOKING FOR
The incumbent will lead the TEBS/OEIS Cyber Governance, Risk, and Compliance (Cyber GRC) program and serve as the lead Cyber GRC strategist for enterprise initiatives within the TEBS Cyber GRC program.
The Cyber Governance, Risk, and Compliance (GRC) Team Lead serves as the strategic authority for cybersecurity governance across a large county government environment, ensuring that information assets, public services, and critical infrastructure are protected in alignment with regulatory, legal, and operational requirements. This role is responsible for developing and executing a comprehensive cyber governance framework that integrates policy development, enterprise risk management, regulatory compliance, and vulnerability oversight across diverse departments, agencies, and technology platforms.
A criminal background and credit history check will be conducted on the selected candidate prior to appointment and will be a significant factor in the hiring decision.
This position requires completion of a pre-employment Medical History Form and a drug screening to assess your ability to safely perform the essential duties of the role.
The individual will implement and maintainan enterprise-wide cyber risk management program, including developing and operationalizing a formal cyber risk register. This includes identifying, assessing, prioritizing, and tracking cybersecurity risks; defining risk tolerance levels; partnering with executive leadership and department heads to assign risk ownership; and presenting clear, actionable risk reporting to senior leadership and governing bodies. The role requires establishing consistent methodologies for risk assessment, control evaluation, and remediation tracking to ensure transparency and accountability across the organization.
A core responsibility of the position includes leading the county’s cyber vulnerability management governance program. This encompasses oversight of vulnerability identification processes, risk-based prioritization, remediation coordination, exception management, and metrics reporting. The Cyber GRC Team Lead will collaborate closely with security operations, IT infrastructure, and application teams to ensure vulnerabilities are addressed in accordance with defined service-level objectives and aligned with enterprise risk priorities.
The role also plays a critical role in regulatory and statutory compliance, including oversight and coordination of cybersecurity requirements under the Health Insurance Portability and Accountability Act (HIPAA) and the Maryland Protection of Information by Government Agencies (PIGA). Responsibilities include interpreting regulatory requirements, conducting gap assessments, implementing corrective action plans, maintaining audit-ready documentation, and serving as the primary liaison for internal and external audits. The individual will ensure that policies, procedures, and technical safeguards align with applicable federal, state, and local requirements, and will provide guidance to departments handling protected health information and public records.
Additionally, the Cyber GRC Team Lead will establishand maintain cybersecurity policies, standards, and governance committees; drive continuous monitoring and control validation efforts; and deliver executive-level reporting on risk posture, compliance status, and program maturity. The position requires strong cross-functional leadership, the ability to translate technical risk into business impact, and a commitment to building a culture of accountability and security awareness throughout the county government.
EXPERIENCE:Eight (8) years of experience in the Technology field in areas such as:
EDUCATION: Master’s degree in computer science or a related field from an accredited college or university.
EQUIVALENCY:An equivalent combination of education, experience, and training may be substituted, provided there is evidence of attainment of expert-level knowledge and skill in at least one specialty.
MEDICAL: pre-employment Medical History Form and a drug screening.
All Applicants will be reviewed by the Office of Human Resources (OHR) for minimum qualifications. Those applicants who meet minimum qualifications will be rated “Qualified,” placed on the Referred List, and may be considered for an interview. Preference for interviews will be given to applicants with experience in the following: