GRC Compliance Lead.

Job Overview

The Colorado Department of Revenue (CDOR) Taxation Division is seeking a Governance, Risk, and Compliance (GRC) Compliance Lead to provide assurance services and ensure adherence to all applicable laws, regulations, and security policies.

Responsibilities

• Ensure continuous compliance with all applicable federal and state laws, regulations, and security control requirements, focusing on safeguarding Federal Tax Information (FTI).
• Act as a technical consultant to internal business units, the Office of Information Technology (OIT), and external vendors on matters regarding IRS Publication 1075 and NIST SP 800-53 standards.
• Lead the preparation and submission of critical federal reports, including the semi-annual IRS Corrective Action Plan (CAP) and the annual IRS Safeguards Security Report (SSR).
• Manage and track the implementation of all internal and external audit findings, ensuring that business units provide necessary documentation and meet remediation deadlines.
• Design and deliver mandatory training programs, including annual federal data security training, for all personnel and vendors who access sensitive tax information.
• Serve as Colorado’s Disclosure Officer, coordinating and responding to information-sharing requests from the IRS and other tax administration agencies.
• Conduct physical site inspections of Department of Revenue facilities, vendor sites, and associated data centers to verify regulatory and security compliance.
• Proactively analyze and synthesize new or evolving compliance requirements to drive the development of enforceable division-wide policies and procedures.
• Collaborate with GRC staff to identify and implement opportunities for automating compliance activities, aligning them with the Division’s Quality Assurance and Insider Threat Programs.
• Establish a comprehensive annual compliance roadmap to track all mandated activities, regulatory deadlines, and scheduled internal inspections.

Residency Requirement

This posting is only open to residents of the State of Colorado.

Minimum Qualifications

• Eight (8) years of relevant experience in an occupation related to the work assigned to this position.
• Combination of related education and/or relevant experience equal to eight (8) years.
• Current, valid licensure as a CPA from the Colorado Board of Accountancy or current, valid CIA certificate will substitute for five (5) years of the requirement.

Preferred Qualifications

• Extensive experience implementing and auditing security controls specifically mandated by IRS Publication 1075 to ensure the confidentiality and safeguarding of federal tax data.
• Deep professional knowledge of NIST SP 800-53 (Rev. 5) standards, Social Security Administration (SSA) compliance requirements, Colorado privacy statutes, and state-level data security policies.
• Proven track record of serving as a lead liaison for internal and external audits, including the management of Corrective Action Plans (CAP) and Safeguards Security Reports (SSR).
• Demonstrated ability to synthesize evolving federal and state laws into enforceable, division-wide policies and standard operating procedures.
• Experience acting as a subject matter expert for technical teams (such as OIT) and business units during system upgrades or the implementation of new technologies.
• Background in planning, designing, and delivering mandatory federal security training to diverse groups, including employees, external agency personnel, and vendors.
• Ability to identify and implement opportunities to streamline compliance activities through automation, ideally aligned with a Quality Assurance and/or Insider Threat Program(s).
• Experience conducting physical site inspections of data centers and government facilities to verify adherence to logical and physical security controls.
• Strong interpersonal skills used to mediate between technical IT execution and legal mandates, ensuring a unified approach to data protection.
• Ability to manage high-stakes regulatory deadlines and prioritize audit remediations based on risk ratings and organizational urgency.
• Experience translating highly technical compliance requirements into understandable, actionable terms for managers and/or business users.
• Experience with GenTax, especially from a compliance perspective.
• Experience in tax administration.
• CISA certification or other relevant certification(s).

Equity, Diversity, and Inclusion

The State of Colorado strives to create a Colorado for All by building and maintaining workplaces that value and respect all Coloradans through a commitment to equal opportunity and hiring based on merit and fitness. The State is resolute in non-discriminatory practices in everything we do, including hiring, employment, and advancement opportunities. The State of Colorado believes that equity, diversity, and inclusion drive our success, and we encourage candidates from all identities, backgrounds, and abilities to apply.

The State of Colorado is an equal‑opportunity employer committed to building inclusive, innovative work environments with employees who reflect our communities and enthusiastically serve them. Therefore, in all aspects of the employment process, we provide employment opportunities to all qualified applicants without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity or expression, pregnancy, medical condition related to pregnancy, creed, ancestry, national origin, marital status, genetic information, or military status, with preference given to military veterans.

If you have a disability and require reasonable accommodation to ensure you have a positive experience applying or interviewing for this position, please direct your inquiries to our ADAAA inbox at [email protected].