Governance, Risk, and Compliance Manager (Special Assistant, NS)
Indexed description
The Department of Financial Services is seeking candidates for the position of Governance, Risk and Compliance Manager within Information Security. This position will report directly to the Deputy Superintendent for Information Security, and will be responsible for ensuring that NYS DFS operates within internal boundaries (governance), manages operational and security (risk), and complies with legal and regulatory requirements (compliance) for all information technology efforts. They will act as bridge between technical teams, the DFS legal department, and executive leadership to maintain a robust, secure, and legally compliant environment.
Duties Include, But Are Not Limited To, The Following
- Develops and maintains policies: Drafts, reviews, and updates DFS information security, privacy, and operational policies to align with best practices and business goals;
- Ensures internal controls are mapped effectively. Knowledge of frameworks (e.g., NIST CSF, ISO 27001, CIS Controls);
- Conducts information security risk assessments across various units to identify vulnerabilities and potential threats;
- Collaborates with IT, and other teams to develop, track, and implement risk mitigation plans;
- Maintains and updates the DFS risk register to support leadership in addressing information security risk;
- Stays up to date on global regulatory changes (e.g., HIPAA, PCI-DSS) and assesses their impact on DFS;
- Performs continuous testing of information security internal controls to ensure they are operating effectively and remediate any gaps identified; and
- Other duties as assigned.
- Minimum of seven (11) years of experience in risk management, internal control, compliance, information security or information technology fields, two years of which must have been at a managerial level.
- Substitutions: An associates degree may substitute for two (2) years of experience; a bachelor’s degree may substitute for four (4) years of experience; a master’s degree may substitute for five (5) years of experience; a J.D. may substitute for six (6) years of experience; and a Ph.D. may substitute for seven (7) years of experience.
- Experience in a leadership role is preferred. Employment history should demonstrate increasing levels of responsibility.
- Knowledge of common information security management frameworks, such as NIST 800-53, CIS Controls.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Additional Comments
Please note that a change in negotiating unit may affect your salary, insurance and other benefits.
Salary: $127,507 - $160,911 (salary commensurate with experience)
Appointment Status: This is an appointment to a position in the exempt jurisdictional class.
Appointment to this position is pending Governor Appointment’s Office and Division of Budget approval.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search