Job Description

Requisition No: 873623

Agency: Management Services

Working Title: GOVERNANCE, RISK, & COMPLIANCE ANALYST - 72004167

Pay Plan: Career Service

Position Number: 72004167

Salary: $70,000 - $95,000

Posting Closing Date: 04/27/2026

Total Compensation Estimator Tool

Governance, Risk, and Compliance Analyst
Florida Digital Service
State of Florida Department of Management Services
This position is located in Tallahassee, FL

The Governance, Risk, & Compliance (GRC) Analyst supports enterprise-wide governance, risk, and compliance functions across data, cybersecurity, project management oversight, and enterprise architecture domains. This role advances statewide Digital Forward initiatives and ensures alignment with FLDS, NIST, and DAMA-DMBOK frameworks.

DUTIES & RESPONSIBILITIES:

Governance & GRC Program Activities

• Support GRC operations across multiple domains (cybersecurity, data governance, enterprise architecture, and project oversight).
• Assist in implementation and adoption of a Unified Enterprise GRC Solution, enabling centralized risk tracking, compliance monitoring, and reporting.
• Participate in governance activities including development, review, and maintenance of policies, standards, procedures, and guidelines.
• Develop and maintain templates, playbooks, and process guides aligned with FLDS requirements, NIST CSF, and DAMA-DMBOK.
• Support enterprise governance forums, working groups, and cross-agency collaboration efforts.
• Assist in development and delivery of training, awareness materials, and governance documentation.

Risk Management & Assessment Activities

• Support development, facilitation, and tracking of:
  o Triennial enterprise cybersecurity risk assessments
  o Annual agency strategic and operational plans
  o Risk remediation plans and recommendations
• Track risk findings, remediation progress, and maturity improvements across agencies.
• Integrate vulnerability, audit, and assessment findings into enterprise risk management processes.
• Assist agencies in identifying risks, prioritizing mitigation strategies, and aligning with statewide standards.
• Contribute to maturity model assessments that measure agency capability and progress over time.

Compliance & Audit Support Activities

• Support compliance monitoring and audit readiness across multiple regulatory domains.
• Assist with internal and external audits, documentation collection, and remediation tracking.
• Analyze compliance against:
  o FLDS policies and standards
  o NIST Cybersecurity Framework
  o DAMA-DMBOK data governance practices
• Facilitate coordination with agencies and stakeholders for audit activities and reporting.
• Support development of compliance metrics, dashboards, and reporting capabilities.

Data Governance & Enterprise Initiatives

• Support implementation of a Data Governance Framework that promotes secure data sharing and collaboration.
• Assist with development of governance artifacts including:
  o Data standards
  o Data sharing agreements
  o Authoritative data source identification
• Contribute to enterprise data maturity assessments and data literacy initiatives.
• Support federated governance efforts that balance enterprise oversight with agency autonomy.

Digital Forward Initiative Support

Support key statewide initiatives including:

• Strengthening enterprise cybersecurity maturity through a unified GRC solution
• Establishing maturity models for continuous improvement
• Implementing secure data sharing and interoperability frameworks
• Increasing operational technology (OT) cybersecurity maturity to ensure resilient environments

Professional Development & Other Duties

• Maintain knowledge of emerging GRC, cybersecurity, data governance, and enterprise architecture practices.
• Obtain and maintain relevant certifications and continuing education.
• Perform other duties as assigned.
• Other duties as required.

Knowledge, skills, and abilities, including utilization of equipment, required for the position

• Knowledge of governance, risk, and compliance principles across cybersecurity, data, and enterprise IT domains
• Familiarity with frameworks such as NIST CSF, NIST 800-53, and DAMA-DMBOK
• Ability to analyze risk, compliance, and governance data to support decision-making
• Ability to develop policies, standards, and procedural documentation
• Strong stakeholder engagement and facilitation skills
• Ability to manage multiple initiatives in a fast-paced environment
• Strong analytical, organizational, and problem-solving skills

MINIMUM QUALIFICATIONS:

Education

• Experience in governance, risk, compliance, audit, or IT-related functions
• Experience working with frameworks such as NIST, ISO, or data governance standards
• Ability to support enterprise-level initiatives and cross-functional collaboration

Nice to have

• Experience with GRC tools or enterprise risk platforms
• Experience with public sector governance or statewide IT initiatives
• Knowledge of data governance frameworks and practices
• Experience supporting audits, risk assessments, or compliance programs

Highly Preferred Certifications
CISA, GSEC, CISSP-ISSEP, CRISC, CGEIT, DAMA CDMP

Preferred Certifications
Security+, CISSP, CISM, SSCP, PMI-RMP

Desirable education

• Bachelor’s degree in information systems, cybersecurity, data management, public administration, or related field
• Graduate degree preferred.

On-the-Job Certification/Training Schedule
Within 12 months obtain one of the following professional certifications: CompTIA Security+, ISACA CISA, DAMA CDMP Associate

Within 24 months obtain one of the following professional certifications
ISC2 CISSP, ISACA CRISC, PMI-RMP, or DAMA CDMP Practitioner

Other job-related requirements for this position

Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes, and the Federal Bureau of Investigation’s CJIS Security Policy CJISD-ITS-DOC-08140-4.5

Pursuant to F.S. 215.422 every officer or employee who is responsible for the approval or processing of vendors’ invoices or distribution of warrants to vendors are mandated to process, resolve, and comply as section 215.422 requires

Ability to sit for extended periods of time. Ability to stand for extended periods of time. Ability to drive and/or fly for long distances. Ability to lift, push and pull up to 30lbs.

Our Organization and Mission:

Under the direction of Governor Ron DeSantis, Interim Secretary Tom Berger and DMS’ Executive Leadership Team, the Florida Department of Management Services (DMS) is a customer-oriented agency with a broad portfolio that includes the efficient use and management of real estate, procurement, human resources, group insurance, retirement, telecommunications, fleet, and federal property assistance programs used throughout Florida’s state government. It is against this backdrop that DMS strives to demonstrate its motto, “We serve those who serve Florida.”

Special Notes:

DMS is committed to successfully recruiting and onboarding talented and skilled individuals into its workforce. We recognize the extensive training, experience and transferrable skills that veterans and individuals with disabilities bring to the workforce. Veterans and individuals with disabilities are encouraged to contact our recruiter for guidance and answers to questions through the following provided email addresses:
DMS.Ability@dms.myflorida.com
DMS.Veterans@dms.myflorida.com
An individual with a disability is qualified if he or she satisfies the skills, experience, and other job related requirements for a position and can perform the essential functions of the position with or without reasonable accommodation. Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must contact the DMS Human Resources (HR) Office at (850) 488-2707. DMS requests applicants notify HR in advance to allow sufficient time to provide the accommodation.
Criminal background investigation including fingerprinting and statewide and national criminal history records check per Section 110.1127 Florida Statutes, Chapter 435 Florida Statutes and the Federal Bureau of Investigation’s CJIS Security Policy CJISD-ITS-DOC-08140.
Pursuant to F.S. 215.422 every officer or employee who is responsible for the approval or processing of vendors’ invoices or distribution of warrants to vendors are mandated to process, resolve and comply as section 215.422 requires

Candidates requiring a reasonable accommodation, as defined by the Americans with Disabilities Act, must notify the agency hiring authority and/or People First Service Center (1-866-663-4735). Notification to the hiring authority must be made in advance to allow sufficient time to provide the accommodation.

The State of Florida supports a Drug-Free workplace. All employees are subject to reasonable suspicion drug testing in accordance with Section 112.0455, F.S., Drug-Free Workplace Act.

VETERANS’ PREFERENCE. Pursuant to Chapter 295, Florida Statutes, candidates eligible for Veterans’ Preference will receive preference in employment for Career Service vacancies and are encouraged to apply. Certain service members may be eligible to receive waivers for postsecondary educational requirements. Candidates claiming Veterans’ Preference must attach supporting documentation with each submission that includes character of service (for example, DD Form 214 Member Copy #4) along with any other documentation as required by Rule 55A-7, Florida Administrative Code. Veterans’ Preference documentation requirements are available by clicking here All documentation is due by the close of the vacancy announcement.