GRC Data and Security Lead

Full Job Description

The mission of the Colorado Department of Revenue (CDOR) is to become a trusted partner to every Coloradan to help them navigate the complexities of government so they can thrive. We are driven by our values of service, teamwork, accountability, integrity, and respect.

The vision of the department is to empower businesses and individuals through quality customer service, innovation, and collaboration.

We celebrate diversity and support an equitable and inclusive culture. We embrace our differences because we believe this brings innovation to our work.

For more exciting information about the Department of Revenue, please enjoy this brief video!

Helpful tips for applying:

Applying for a Job with the State of Colorado.

What Happens After You Apply.

Requirements

The Colorado Department of Revenue (CDOR) is seeking a highly skilled and strategic professional to fill the Governance, Risk, and Compliance (GRC) Data and Security Lead role.

This position is a critical cornerstone in the Taxation Division’s mission to protect sensitive tax data through a robust governance framework and rigorous security controls.

As a designated subject matter expert, you will bridge the gap between complex legal mandates and technical IT execution to ensure the integrity of the state’s tax data universe.

You will be relied upon by management and peers department-wide to maintain sound tax data security practices and provide essential consultation on program direction.

This role centralizes the mandate for protecting and governing sensitive tax information across all CDOR divisions.

You will lead the establishment and enforcement of a comprehensive data governance framework that dictates how information is collected, processed, and retired.

By applying advanced technical safeguards—such as data masking, tokenization, and encryption—you will mitigate information security risks and ensure the continuous availability of taxation data.

What You'll Do:

• Establish and enforce a comprehensive data governance framework to ensure the accuracy, security, and consistent management of tax-related information across all CDOR divisions.

• Interpret and apply federal and state mandates, including IRS Publication 1075, NIST SP 800-53, and Colorado privacy statutes, to all internal data workflows.

• Negotiate and draft complex legal agreements, such as Memorandums of Understanding (MOUs) and Data Sharing Agreements (DSAs), ensuring strict usage limitations for shared tax data.

• Design technical access controls and audit user permissions to prevent unauthorized access to sensitive records.

• Apply technical safeguards, including data masking, tokenization, and encryption, to protect sensitive datasets in both production and non-production environments.

• Serve as the primary liaison for internal and external auditors, certifying the security "artifacts" and logs required to prove compliance with legal mandates.

• Lead incident response in coordination with the Security Operations Center (SOC) during potential breaches to determine the scope of compromised data and manage legal notifications.

• Utilize AI and Machine Learning tools to monitor information system logs for anomalies, suspicious activity, and opportunities for security automation.

• Oversee the data lifecycle, assuring robust backup schedules for data availability while ensuring the permanent destruction of records past their legal retention period.

• Audit GenTax system integrity by reviewing incoming file quality, mapping data warehousing, and validating accuracy during system upgrades or new tax type implementations.

Qualifications

Residency Requirement:

This posting is only open to residents of the State of Colorado at the time of submitting your application.

Class Code & Classification Description:

H8D5XX AUDITOR IV

Experience Only:

• Eight (8) years of relevant experience in an occupation related to the work assigned to this position

OR

Education and Experience:

• A combination of related education and/or relevant experience in an occupation related to the work assigned equal to eight (8) years

• Current, valid licensure as a CPA from the Colorado Board of Accountancy or current, valid CIA certificate will substitute for five (5) years of the requirement

Preferred Qualifications:

The ideal candidate will possess the following skills:

• Extensive experience drafting and implementing enterprise-wide data governance frameworks, specifically regarding the collection, storage, and retirement of sensitive information.

• In-depth knowledge of IRS Publication 1075 (FTI), NIST SP 800-53 standards, and state-level privacy statutes to ensure strict legal and federal compliance.

• Practical experience in implementing technical safeguards such as data masking, tokenization, and encryption within both production and non-production environments.

• Strong background in conducting risk audits, reviewing information system activity logs, and certifying "artifacts" for internal and external auditors (e.g., State Auditor or IRS).

• Ability to leverage Artificial Intelligence (AI) and Machine Learning (ML) tools to automate log analysis, risk scoring, and the detection of unauthorized user access.

• Expert-level understanding of the Principle of Least Privilege and Separation of Duties (SOD), including the ability to configure and remediate complex user access rights.

• Experience collaborating with a Security Operations Center (SOC) to determine the scope of data breaches and managing mandatory legal notification requirements.

• Proven ability to serve as a lead mediator between technical IT teams and business units to resolve conflicting data definitions or database mapping issues.

• Familiarity with GenTax or similar large-scale tax processing systems.

• Prior knowledge of or experience with the IRS’ Governmental Liaison Data Exchange Program (GLDEP) Specification Books and Secure Large File Transfer (SLFT) systems.

• Demonstrated experience in negotiating and drafting Memorandums of Understanding (MOUs) and Inter-Agency Data Sharing Agreements (DSAs).

• Experience in tax administration.

• Familiarity with and experience writing Structured Query Language (SQL) queries.

• CISA, CRISC or other relevant certification(s).

Conditions of Employment with the CDOR:

Employees are in a position of public trust in the performance of their job duties and must operate in a manner that maintains the highest standards of honesty, integrity, and public confidence.

As a condition of employment with the CDOR, all personnel must file all necessary Colorado Individual Income Tax (CIIT) returns and pay tax obligations, therefore all employees must undergo a pre-employment evaluation of their tax records/accounts to ensure compliance with this policy.

Final candidates must also complete a successful background investigation and reference check prior to appointment. Certain positions based on duties may require scheduled background investigations.

Pursuant to the Universal Driving Standards Policy, any worker who will be expected to drive a State-owned vehicle is responsible for maintaining a safe driving record and a valid driver license prior to driving any State-owned vehicle.

To be compliant with the new fleet vehicle policy, Motor Vehicle Records (MVRs) will be pulled for review for workers who:

• Have an assigned State fleet vehicle

• Are required to operate a vehicle as part of the position

• Utilize a State fleet vehicle as a pool vehicle

Minimum Qualification Screening

A Human Resources Analyst will only review the work experience/job duties sections of the online job application, to determine whether you meet the minimum qualifications for the position for which you are applying.

Only complete applications submitted before the closing date of this announcement will be reviewed.

• Applicants must meet the minimum qualifications to continue in the selection process for this position. Do not use "see resume" or "see attached" statements on your application.

• Cover letters and resumes will not be accepted in lieu of the official State of Colorado online application. Part-time work experience will be prorated.

• Recommended attachments: Resume, Cover letter

• List your employment history starting with the most recent job, including part-time, temporary, and volunteer jobs. If more than one job was held with a given organization, list each job held as a separate period of employment.

• Information must be accurate, including dates of employment. If it is found that information provided is falsified, you will not be considered for a job with the State of Colorado and/or may be removed from a job after hire.

• The eligible list established from this posting may be used to fill additional vacancies.

Email Address:

All correspondence regarding your status in the selection/examination process will be conducted via email.

Please set up your e-mail to accept messages from "state.co.us" and "info@governmentjobs.com" addresses.

It is your responsibility to ensure that your email will accept these notices and/or review your junk mail and spam filtered email.

If you receive notice that you have been eliminated from consideration for this position, you may file an appeal with the State Personnel Board or request a review by the State Personnel Director.

An applicant who has been removed from an employment list or removed from consideration during the selection process may request a review by the State Personnel Director.

As an applicant directly affected by the results of the selection or comparative analysis process, you may file a written appeal with the State Personnel Director.

Review of the completed, signed and submitted appeal will be timely on the basis of written material submitted by you, using the official appeal form signed by you or your representative.

This form must be completed and delivered to the State Personnel Board by email at dpa_state.personnelboard@state.co.us within ten (10) calendar days from your receipt of notice or acknowledgement of the Department’s action.

For further information on the Board Rules, you can refer to 4 Colorado Code of Regulations (CCR) 801-1, State Personnel Board Rules and Personnel Director's Administrative Procedures, Chapter 8, Resolution of Appeals and Disputes, at spb.colorado.gov/board-rules.

Additional Information

Equity, Diversity, and Inclusion Compliance

The State of Colorado strives to create a Colorado for All by building and maintaining workplaces that value and respect all Coloradans through a commitment to equal opportunity and hiring based on merit and fitness.

The State is resolute in non-discriminatory practices in everything we do, including hiring, employment, and advancement opportunities.

The State of Colorado believes that equity, diversity, and inclusion drive our success, and we encourage candidates from all identities, backgrounds, and abilities to apply.

The State of Colorado is an equal opportunity employer committed to building inclusive, innovative work environments with employees who reflect our communities and enthusiastically serve them.

Therefore, in all aspects of the employment process, we provide employment opportunities to all qualified applicants without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity or expression, pregnancy, medical condition related to pregnancy, creed, ancestry, national origin, marital status, genetic information, or military status (with preference given to military veterans), or any other protected status in accordance with applicable law.

The Colorado Department of Revenue is committed to the full inclusion of all qualified individuals.

As part of this commitment, our agency will assist individuals who have a disability with any reasonable accommodation requests related to employment, including completing the application process, interviewing, completing any pre-employment testing, participating in the employee selection process, and/or to perform essential job functions where the requested accommodation does not impose an undue hardship.

If you have a disability and require reasonable accommodation to ensure you have a positive experience applying or interviewing for this position, please direct your inquiries to our ADAAA inbox, dor_ohr@state.co.us.

We are committed to building work environments that are inclusive and reflect our communities and the diverse talents of all people. We strongly encourage candidates from all backgrounds and abilities to apply.

If not applying online, submit application to:

If you are not able to submit an online application, a paper application is available at this link: PDF State Paper Application(Download PDF reader).

Paper applications must be received via email to dor_ohr@state.co.us by the closing date and time of the application period listed on this announcement.

Methods of Appointment:

Appointment to the vacancy or vacancies represented by this announcement is expected to be from the eligible list created. However, at the discretion of the appointing authority, the position(s) may be filled by another method of appointment for a valid articulated business reason.

Step Pay Program:

Per the requirements of the Step Pay Program, any former or current State employee must be paid a rate that is equal to or greater than the appropriate step pay rate within their classification's pay range based on completed years in their current class series.