Senior Compliance & Risk Specialist

Senior Compliance & Risk Specialist

(IT Security-Senior Specialist)

WaTech: Join an exciting team!

Washington Technology Solutions (WaTech) is a national leader in adopting new, innovative technologies that transform the way Washingtonians receive state services. We provide information technology oversight and central services for Washington state government, all of which makes this an exciting time to join our team of experienced IT professionals. As a part of this agency, you will have a unique opportunity to help advance the latest IT technologies and practices used by state government to meet the needs of Washingtonians.

About the position

This position is a part of WaTech’s Office of Cybersecurity (OCS), which is focused on advancing the state’s leadership in cybersecurity across the public sector. OCS delivers core cybersecurity services, including the Security Operations Center (SOC), Computer Incident Response Team (CIRT), statewide security projects, and security policy and compliance oversight.

The Senior Compliance and Risk Specialist serves as a statewide subject matter expert in cybersecurity risk management and compliance, supporting WaTech’s statutory responsibilities for cybersecurity oversight, policy implementation, and statewide risk management. This position guides agencies in applying statewide IT security policies and standards, aligns state practices with national frameworks such as NIST, and contributes to implementing statewide practices that strengthen cybersecurity risk management. The role applies advanced knowledge of cybersecurity principles and practices to the most complex assignments, devises innovative methods to evaluate and mitigate risks, translates technical risks into business and mission impact terms for executives and governance bodies, and provides authoritative guidance to agency partners and staff. Recognized as a statewide resource, this position maintains a holistic view, focusing on strategic impacts while ensuring high-quality, efficient, and measurable outcomes. Through proactive risk management and collaborative support, this role safeguards Washington state’s information systems, supports secure digital services, ensures compliance with applicable state and federal requirements, and sustains public trust in government operations.

Some of what to expect in this role:

• Develop and execute a comprehensive cybersecurity risk assessment strategy across state agencies, applying nationally recognized frameworks, state policies and standards.
• Leverage automation and analytics to monitor statewide progress, track remdiation effectiveness, and provide real-time insights into evolving risk posture.
• Identify, analyze and prioritize cybersecurity risks based on impact, likelihood and risk tolerance thresholds applying consistent statewide methodologies.
• Provide agencies with forward-looking guidance on risk treatment options.
• Aggregate and communicate statewide risk posture by consolidating agency-level risk assessments into centralized reports and dashboards.
• Provide subject matter expertise to align Washington state IT security chapter policies and standards with national and federal frameworks.
• Identify systemic barriers to effective risk remediation and champion statewide-level solutions that improve agency adoption and strengthen overall resilience.
• Translate statewide cybersecurity policies and standards into practical, risk-informed guidance and tools.
• Provide senior-level consultation to agency leaders on interpreting and applying policy, bridging the gap between compliance requirements and operational realities.
• Continuously refine statewide reporting practices to incorporate new data sources, analytics and predictive insights that support forward-looking risk governance.
• Foster a statewide community of practice among agency CISOs, CIOs, and risk managers to share knowledge, strengthen collaboration and drive consistent adoption of risk management practices.

Scope and impact:

This work has statewide impact across more than 80 executive branch agencies, affecting nearly 85,000 state end users and supporting the secure delivery of mission-critical services to nearly 8 million residents. The position helps strengthen statewide cybersecurity resilience, improve consistency in compliance and risk management, and support informed decision-making by agency leaders and statewide governance bodies.

Here’s what we’re looking for:

• Ten years of experience in the field of information technology, including four years of recent experience in information security in each of the following areas:
  • Leading or conducting large scale cybersecurity risk assessments, including application of NIST RMF, NIST SP 800-53, ISO 27005, or equivalent frameworks.
  • Assessing security threats and recommending appropriate mitigation strategies and compensating controls across diverse IT environments (cloud, hybrid, on-premises).
  • Cybersecurity compliance management, including interpreting, implementing or auditing against IT security policies, standards and regulatory requirements (e.g., FISMA, HIPAA, CJIS, IRS Pub 1075).
  • Developing or operationalizing cybersecurity policies, standards or risk management frameworks.

A bachelor’s degree in computer science, business administration, information security, or a related field may substitute for four years of the required experience. A master’s degree in one of these fields may substitute for six years of the required experience.

• Knowledge of federal and state cybersecurity laws, regulations and compliance frameworks, including but not limited to FISMA, HIPAA, CJIS, PCI DSS, IRS Pub 1075, and FedRAMP.
• The ability to take action to learn and grow.
• The ability to take action to meet the needs of others.

Preference may be granted to applicants with the following:

• Professional certifications (demonstrating recognized expertise in risk, compliance and governance):
  • CISSP (Certified Information Systems Security Professional): Broad mastery of security domains, including governance, risk and compliance.
  • CISM (Certified Information Security Manager): Focused on governance, program management, and risk oversight, aligning well with statewide responsibilities.
  • CRISC (Certified in Risk and Information Systems Control): Specialized in IT risk identification, assessment and mitigation.
  • CISA (Certified Information Systems Auditor): Relevant for auditing against state and federal compliance standards.
  • CGRC (Certified in Governance, Risk and Compliance): NIST-specific (formerly CAP) certification demonstrating ability to apply RMF and federal standards.
  • CIPP/US (Certified Information Privacy Professional – U.S.): Useful for understanding regulatory privacy obligations that overlap with state security policy. Or equivalent.
• Knowledge of Zero Trust architecture principles and their integration into statewide cybersecurity risk management practices.
• Proficiency in applying automation, data analytics, and dashboarding tools to streamline statewide risk assessments, remediation tracking and executive reporting.
• Experience integrating supply chain risk management and vendor oversight into statewide risk frameworks, ensuring compliance with NIST 800-161 and federal directives.
• Experience applying business continuity and disaster recovery principles (COOP integration) within statewide risk management.
• Familiarity with emerging technology risk management (AI/ML, IoT, OT/SCADA, quantum) to future-proof policies and standards.

Telework

This position is eligible for telework; however, the incumbent must maintain residence within a reasonable commuting distance of the assigned duty station and be able to report onsite when required for business purposes. Onsite attendance does not follow a fixed schedule but is mandatory when needed for meetings, training, operations, or other agency needs.

We value diversity and different perspectives:

WaTech is committed to providing equal access and opportunities to all qualified applicants and employees. We seek to attract and retain a diverse staff and welcome your experiences, perspectives and unique identity.We invite you to include your preferred name and pronouns in your material to ensure we address you correctly throughout the application process.

What WaTech offers:

As an employee of WaTech, you’ll have access to an outstandingemployee benefits package that includes medical and dental plan options for you and your family, paid leave and holidays, retirement plan options and more.

While WaTech is headquartered in Olympia, Washington, which is near some of the country’s mostscenic national parks,we are able to offer many of our positions telework and flexible schedule options to help support a healthy work-life balance.

To learn more about WaTech and what our employees enjoy about working here, pleasevisit our website.

Additional information about this role:

• This position requires a background check. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability to perform in the position and is a continued condition of employment.

How to apply:

Applications for this recruitment will be accepted electronically. Please select the large “apply” button at the top of this announcement. In addition to completing your online application, please also include the following attachments:

• A current resume detailing your applicable experience, training and/or education.
• A letter of interest highlighting how your experience aligns with the outlined job posting.

Top candidates will be asked to provide a list of their professional references with contact information.

Reminders:

• A real person is reviewing your application material. It is in your best interest to complete the application in its entirety and review thoroughly before submitting. You will not be eligible to re-apply for this posting for 30 days.
• Applications with missing or incomplete fields, or supplemental question responses such as “see resume” may be considered incomplete and removed from consideration.
• WaTech complies with the employment eligibility verification requirements of the federal Form I-9. The selected candidate must be able to provide proof of identity and eligibility to work in the United States. WaTech does not use the E-Verify system. We are not eligible to extend STEM Optional Practice Training (OPT) opportunities. For more information, please visithttps://www.uscis.gov.
• Applicants wishing to claim Veterans Preference should attach a copy of their DD-214 (Member 4 copy), NGB 22, or signed verification of service letter from the United States Department of Veterans Affairs to their application. (Please redact any personally identifiable data such as social security number and date of birth prior to submittal.)

By submitting your materials, you affirm that all information is true and correct. Any untruthful information is cause for removal from the applicant pool. If hired as a result of this recruitment, the discovery of incorrect or falsified information may lead to disciplinary action or dismissal.

Recruitment process:

The first round of application assessments will be conducted seven days after the initial job posting date. The hiring authority reserves the right to offer the position at any time after the initial seven-day job posting date. It is to the applicant's advantage to apply as early as possible. This recruitment may be used to fill multiple positions.

The salary range reflected above reflects the full potential for this position. The base pay offered to the selected candidate will consider the candidate’s specific qualifying experience and internal equity of the existing team.

Contact us:For inquiries about this position, please contact Rebekah Wilkesat (360) 407-8646or email torecruitment@watech.wa.gov

If you’d like to request an accommodation for any part of the selection process, or to receive the application material in an alternate format, please contact Human Resources at (360) 407-8242 orHuman.Resources@watech.wa.gov.Persons of disability or those who are deaf or hard of hearing can call the Washington Relay Service by dialing 7-1-1 or 1-800-833-6388.