JOB
Together, we innovate for a stronger ColoradoThe work of employees at the Governor's Office of Information Technology (OIT) is challenging and diverse because the needs of agencies, customers and Coloradans constantly evolve. But our focus never changes: improve the lives of all Coloradans through innovation and collaboration. We're building one of the nation's leading government IT organizations by reimagining how we support agencies, building first-of-their-kind applications, and creating an inclusive, collaborative culture, together. Join us in the important work of providing equitable access to services.Watch this video to learn more about how we're Serving People. Serving Colorado.
EXAMPLE OF DUTIES
IMPORTANT NOTE: Please review your application to ensure completion. For the most equitable applicant experience, OIT’s hiring team considers only the contents of your application to review your qualifications. Please do not include any attachments (such as resume or cover letter) with your application as these items are not used by OIT’s hiring team. The Governor’s Office of Information Technology (OIT) is seeking a Senior Security Engineer (Risk) to join the Office of Information Security (OIS). Our team is currently advancing a strategic transformation to modernize our Risk Management capabilities. We are evolving our security oversight into a highly integrated, automated maturity model designed to provide a data-driven view of the state's threat landscape.As the Senior Security Engineer (Risk), you will serve as a technical leader and subject matter expert dedicated to the identification, quantification, and mitigation of technical risk across the state enterprise. This role requires a seasoned professional with demonstrated leadership experience who can provide technical guidance across the organization and offer strategic direction during complex security evaluations.A primary function of this role is performing comprehensive technical risk assessments on diverse systems and services to ensure they align with the state’s security posture. You will be a key contributor in enabling the creation of a Third-Party Risk Management (TPRM) program designed to scale significantly, performing assessments for a high volume of vendors with efficiency and precision. You will act as a senior technical liaison between system engineers, project managers, and executive leadership, translating high-level vulnerabilities into actionable risk narratives. Your work will directly support the risk management strategic roadmap, ensuring state technology remains resilient through consistent, expert-level evaluation. Key Job Responsibilities: Cross-Functional Technical Guidance & Collaboration: Act as a key security advisor and collaborator for teams across the organization. You will partner with technical teams to provide technical guidance on risk mitigation. You will serve as a technical point of escalation during the daily standups to ensure cross-team alignment on remediation strategies.Perform Complex Risk Assessments: Execute deep-dive technical risk assessments for high-profile state systems. You will evaluate control implementations across a variety of technical environments, including on-premise, cloud, and hybrid, identifying critical gaps and architecting technical remediation plans.Support Scalable TPRM Architecture: Serve as a key member in designing a TPRM program capable of handling an enterprise volume of vendors. You will define technical standards for reviewing technical support documentation and helping establish the automated intake workflows necessary to scale these assessments.Strategic Roadmap Contribution: Support the execution and refinement of the risk management strategic roadmap. You will be responsible for driving milestones related to risk intake maturity and expanding risk services to state agencies and local government partners.Enable Automation (ServiceNow IRM): Support the transition from legacy workflows to automated processes within the ServiceNow IRM module. You will provide the technical expertise needed to ensure the platform delivers real-time, asset-level risk visibility for leadership.Threat Landscape Visibility: Partner with data and engineering teams to help build "Top 10" Enterprise Risk Dashboards in Splunk. You will contribute "Actionable Insight Statements" that help leadership prioritize resources based on data-driven risk findings.
SUPPLEMENTAL INFORMATION
If this posting indicates “remote from anywhere in CO” in the title, periodic reporting to the primary state work location designated for the position is required. All remote work must be performed in Colorado. While candidates from out of state will be considered for this role, the candidate selected for the position must relocate and reside in Colorado on the first day of their new position. A reasonable timeframe for relocation will be established on an individual basis, while considering business needs, and determining a start date.We know it's important to support each other, and that means having a healthy balance of work and personal time. Visit our benefits to learn more about some of our great offerings that allow us all to have fulfilling lives. Visit our How to Apply webpage to learn more about our application process and what to expect after you apply.The State of Colorado strives to create a Colorado for All by building and maintaining workplaces that value and respect all Coloradans through a commitment to equal opportunity and hiring based on merit and fitness. The State is resolute in non-discriminatory practices in everything we do, including hiring, employment, and advancement opportunities.The Governor's Office of Information Technology is committed to the full inclusion of all qualified individuals. As part of this commitment, our agency will assist individuals who have a disability with any reasonable accommodation requests related to employment, including completing the application process, interviewing, completing any pre-employment testing, participating in the employee selection process, and/or to perform essential job functions where the requested accommodation does not impose an undue hardship. If you have a disability and require reasonable accommodation to ensure you have a positive experience applying or interviewing for this position, please direct your inquiries to our ADA Coordinator at
[email protected] or call (303) 764-7900.This posting may be used to fill multiple vacancies based upon business need. The Governor's Office of Information Technology does NOT offer sponsored Visas for employment purposes.