Security Compliance Manager VI

Under the general supervision of the Governance, Risk, and Compliance Director, this position provides leadership and supervision essential to in developing and supporting the HHSC (Health and Human Services Commission) Information Security Program and developing strategies for compliance with information security requirements. This includes overseeing the development and implementation of compliance programs, conducting audits and assessments, and guidance on maintaining a secure environment as well as the establishment of policies, procedures, and controls to ensure that cybersecurity risks are effectively managed, and compliance requirements are met.

The manager works closely with other teams within the organization to ensure cybersecurity requirements are met and that any non-compliance issues are addressed promptly. Participates in internal and external compliance and regulatory audits and recommends security requirements or enhancements. Reviews new and modified regulatory requirements regarding information security to determine if new policies and procedures are needed and monitors related "best practices" and emerging security technologies for a potential application.

Guides agency users in adhering to the agency and HHS (Health and Human Services) Security Policy, Guidelines and Standards, Texas Administrative Code (TAC 202), Health Insurance Portability and Accountability Act (HIPAA), and other state and federal rules and regulations. Provides information security expertise and leadership, in partnership with HHS agency Information Security Officers and staff, in addressing security vulnerabilities. Consults on high visibility/high-risk IT (Information Technology) projects and guides team members and information security staff on security and compliance matters.

This position performs highly complex (senior-level) information security analyst work. Plays a role in developing and supporting the HHSC Information Security Program and developing strategies for compliance with information security requirements.

Oversees the establishment, implementation, adherence to, and documentation of HHSC information security controls, procedures, and processes to protect computer systems, infrastructure, and data from unauthorized access. Reviews new and modified regulatory requirements about information security to determine if new policies and procedures are needed and monitor related "best practices" and emerging security technologies for a potential application. Participates in internal and external compliance and regulatory audits and recommends security requirements or enhancements.

Guides agency users in adhering to the agency and HHS Security Policy, Guidelines and Standards, Texas Administrative Code (TAC 202), Health Insurance Portability and Accountability Act (HIPAA), and other state and federal rules and regulations. Provides information security expertise and leadership, in partnership with HHS agency Information Security Officers and staff, in addressing security vulnerabilities. Consults on high visibility/high-risk IT projects and guides team members and information security staff on security and compliance matters. Essential Job Functions:

(30%) Represents CISO (Chief Information Security Officer) Office and acts as liaison for Cybersecurity related questions for Information owner (IO)/Information Custodians, and other agency staff, attends meetings, represents security, participates in incident response.

(30%) Leads and supervises in the design and deployment of the Information Security Compliance Program activities including assisting with all relevant security services. This includes assisting in all aspects of the risk management framework from initiation through the disposal of the HHS information systems including categorization, System Security Plan (SSP) development, Risk Assessments, Informing Risk Team of any major changes to a system that would require a security assessment, and reviewing Vendor Attestations of Compliance. Assists Information Owners and Custodians in the requirements for security assessments, and assists with Plans of Action and Milestones (POA&M) and Risk Based Decision (RBD)s.

(20%): Leads security and compliance functions and assists with security requirements for HHS information systems, projects, and procurements. Coordinates the issuance of Authorities to Operate (ATO)s , assists the IO/IC with agency published ATO process through completion for HHS information systems, and ensures completed ATOs (Authority To Operate) are tracked in the agency GRC (Governance, Risk, and Compliance) platform. Assists IO/IC with external and internal audits.

(10%) Supports security and compliance controls through the development of strategic program/portfolio roadmaps. Collects, analyzes metrics, manages, and communicates requirements, metrics, trends and requirements to IO/IC and leadership.

Tracks security findings to ensure appropriate risk rating and remediation by IO/IC within defined agency timelines. Assists IO/IC with the identification of mitigating controls that could reduce the overall risk.

(5%) Champions the Security Program through the agency. Assists IO/IC with the HHS training and awareness program training for stake holders of information systems including Information owners and custodians.

Solicit and communicate IO/IC training needs to the training awareness coordinator. Assists in the delivery of both required and on-demand training.

(5%) Performs or leads other duties as assigned. Knowledge Skills Abilities:

1.Excellent written and verbal communication skills.

2.Superior problem-solving skills and ability to comprehend complex technical topics quickly.

3.Knowledge of cyber security methodologies and processes.

4.Skill at creating and implementing security program policies, standards, controls, and procedures.

5.Skill at coordinating risk assessments, security assessments, and audits.

6.Skill in assessing risks and forming mitigation alternatives to define compensating controls.

7.Broad technology skills in networking, operating systems, applications, and databases.

8.Knowledge of compliance requirements including HIPAA/HITECH, PCI, SOX, 1 TAC 202, IRS Publication 1075, Texas Business and Commerce Code, and Texas Health and Safety Code.

9.Knowledge of security and risk frameworks including NIST, SANS, HITRUST, ISO, COBIT. Registration or Licensure Requirements:

One or more of the following is preferred. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Certified Enterprise Defender (GCED), or other comparable career level cybersecurity certification. Initial Selection Criteria:

5 years of experience including leadership in information technology, cybersecurity, or a related field.

Experience in researching, authoring, or supporting the development of information security programs Preferred.

Experience developing security and risk performance metrics and reporting dashboards for executive, business, and technical audiences Preferred.

Graduation from an accredited post-secondary college or university with major coursework in information technology or cyber security, computer information systems, computer science, management information systems, or a related field is strongly preferred.

Education and experience may be substituted for one another. Additional Information:

MOS Code:

There are no direct military occupation(s) that relate to the responsibilities, and registration or licensure requirements for this position. All active duty, reservists, guardsmen, and veterans are encouraged to apply if they meet the qualifications for this position.

HHS agencies use E-Verify. You must bring your I-9 documentation with you on your first day of work.

I-9 Form - Click here to download the I-9 form.

In compliance with the Americans with Disabilities Act (ADA), HHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.

Top 10 Tips for Success when Applying to Jobs at HHSC and DSHS