Manager, Information Security & Compliance (CJIS)

The Company 

Serving the People Who Serve the People 

Granicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and its constituents together. We are on a mission to support our customers with meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn.  

Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers power an unmatched Subscriber Network that use our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe. 

Want to know more? See more of what we do here.  

We are looking for an Information Security Manager with CJIS compliance experience. This role will be responsible for the management of the criminal justice information systems, including maintaining the CJIS compliance program, managing the CJIS audits, and staying current with evolving CJIS policies and procedures. This role will manage a complex information security and compliance program, which includes CJIS, ISO 27001, SOC 2, PCI, FISMA, HIPAA, CyberEssentials, StateRAMP, and TxRAMP. This role will report to the Head of GRC and partner with the manager of the FedRAMP program. You will have a strong background in cybersecurity and compliance, with proven experience managing multiple compliance audits, multiple products, and large security initiatives with cross-functional teams. You will manage projects related to compliance controls mapping, organizational security improvements, and external audits. The compliance program encompasses FedRAMP, StateRAMP, TxRAMP, ISO 27001, SOC 2, PCI, HIPAA, FISMA, CJIS, and Cyber Essentials. CJIS experience is a must.

• Manage the CJIS program, including CJIS policies, procedures, and audits.
• Serve as the CJIS expert, providing guidance for planned product or roadmap changes that may impact the CJIS environment or program
• Perform regular internal CJIS compliance audits and manage the external CJIS audits, including to support customer CJIS programs or FBI audits
• Manage overall compliance and audit program, including TxRAMP, StateRAMP, ISO 27001, SOC 2, PCI, HIPAA, FISMA, and Cyber Essentials
• Lead and manage the security program initiatives, ensuring alignment with Granicus’ security objectives
• Maintain and develop additional audit runbooks, documenting control implementation, evidence requirements, and internal references
• Manage internal and external audits, including scheduling the audits, preparing internal teams for audit discussions, managing evidence requests, and tracking findings or continuous improvement recommendations
• Drive compliance control management program improvements, including common control mapping and template creation
• Collaborate with cross-functional teams for PCI program efficiencies across multiple products
• Lead continuous improvement reviews for response and recovery, including incident response, backups, failover / switchover, disaster recovery, and business continuity
• Manage the Third Party Risk Management program and partner with the Procurement working group
• Manage review and update of CJIS policies and procedures documents
• Support review and update cycles of other information security policies and trainings, along with other security stakeholders
• Manage internal and external customer requests
• Manage and grow the security answer library, customer resources, and internal FAQ
• Maintain and create additional customer security collateral to enable pre and post sales customer resources
• Other duties as assigned

• 7+ years in information security, with at least 3 years managing an information security team
• 5+ years managing CJIS compliance programs and audits
• Demonstrated expert level knowledge and experience with CJIS policies, procedures, and compliance requirements
• Experience managing multiple compliance frameworks, such as FedRAMP, other *RAMP programs, FISMA, CJIS, SOC 2 Type II, HIPAA, PCI, ISO 27001, CyberEssentials
• Experience working in a highly regulated environment is a plus (e.g., CJIS, HIPAA, FISMA, government, finance/banking, healthcare, or FedRAMP / DoD IL)
• Proven track record of managing large-scale security programs and initiatives, working with cross-functional teams
• Experience managing third party audits, such as FedRAMP, ISO 27001, and SOC 2 in order to manage audit planning, audit activities, and projects to build out audit runbooks
• Experience working with a robust product set of software and cloud services, including SaaS offerings hosted in AWS, Azure and/or GCP
• Strong understanding of cloud security controls, including network security and data protection controls
• Familiarity with common security technologies, including SIEM, firewalls, IDS/IPS, encryption tools, and endpoint protection
• Excellent leadership and interpersonal skills; strong communication skills, written and verbal
• Experience working with software development and cloud operations teams at a SaaS and software company
• Ability to communicate complex requirements and security concepts to technical and non-technical teams
• Detail-oriented and able to manage multiple projects effectively
• Relevant degrees or security certifications are a plus, such as CISSP, SEC+, CISM, CISA, CDPSE, or equivalent

Don’t have all the skills/experience mentioned above? At Granicus, we are trying to build diverse, inclusive teams. We do not have degree requirements for most of our roles. If you don’t meet every requirement above but are excited to learn more, we encourage you to apply. We might just be able to find another role that could be a perfect fit! 

Security and Privacy Requirements

-     Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program.

-     Responsible for ensuring the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies.

The Team

- We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.

The Culture

- At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be

a part of our journey.

- A few culture highlights include – Employee Resource Groups to encourage diverse voices

- Coffee with Mark sessions – Our employees get to interact with our CEO on very important and

sometimes difficult issues ranging from mental health to work-life balance and current affairs. 

- Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more.-=- - We bring in special guests from time to time to discuss issues that impact our employee

population 

The Impact

- We are proud to serve dynamic organizations around the globe that use our digital solutions to make the world a better place — quite literally. We have so many powerful success stories that illustrate how our solutions are impacting the world. See more of our impact here.

The Benefits 

At Granicus, we offer a competitive benefits package that allows employees to tailor benefits to their needs. Benefits listed below are for employees based in the U.S.

- Flexible Time Off

- Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance

- 401(k) plan with matching contribution

- Paid Parental Leave

- Employer-paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance

- Group legal coverage 

- And more!

Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status with regard to public assistance, familial status, military or veteran status or any other status protected by applicable law.