0000002092.GOVERNANCE, RISK, AND COMPLIANCE ANALYST.INFO TECH SERVICES

About The Position

Requirements

• Education and experience equivalent to a Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or job-related field of study.
• Five (5) years of work-related experience in GRC, IT audit, cybersecurity risk, or compliance.
• Excellent organizational, analytical, and communication skills.
• Ability to work independently and manage multiple initiatives.
• Ability to write clear, concise policies and reports.
• Ability to coordinate across diverse business and technical teams.
• Ability to participate in an on-call rotation for after-hours security incident escalation.
• Knowledge of GRC principles and program operations.
• Knowledge of enterprise IT environments, including Windows Server, Active Directory, Azure and Microsoft 365 cloud services, and core networking concepts and configurations.
• Knowledge of document management systems and ticketing platforms (e.g., SharePoint, Jira, ServiceNow).
• Ability to interpret and apply regulatory or policy requirements in practical IT/security environments.
• Knowledge of IT governance frameworks, compliance requirements, and security best practices.
• Knowledge of CJIS, NIST 800-53, HIPAA, or PCI-DSS compliance programs.
• Knowledge of internal or external IT audit process.
• Ability to translate technical security controls into business-impact terms.
• Ability to assist with third-party risk assessments, security reviews, and compliance gap analyses.
• Must have a valid Texas Driver's License and good driving record.
• Will be required to provide a copy of 10-year driving history.
• Must maintain a good driving record and remain in compliance with Article II, Subdivision II of Chapter 90 of the Dallas County Code.
• Individuals holding or considered for a position which has, or may have, access to criminal justice databases including the FBI Criminal Justice Information Systems, NCIC/TCIC and similar databases, must pass a national fingerprint-based records check prior to placement in such position and may be denied placement in such positions and/or access to such systems. Incumbents must also maintain the ability to pass the records check while in the position or until such time that the Commissioners Court and the County Civil Service Commission deem this position no longer has this requirement.

Nice To Haves

• Relevant compliance/governance certifications

Responsibilities

• Conducting control assessments
• Supporting regulatory audits
• Coordinating policy management
• Assisting with vendor risk and compliance processes
• Ensuring that security, privacy, and compliance requirements are documented, implemented, and tracked through their lifecycle
• Assisting in the coordination and documentation of compliance activities related to NIST, CJIS, HIPAA, and other frameworks
• Gathering evidence, preparing reports, and supporting audit requests
• Tracking remediation activities
• Maintaining GRC platform records and supports reporting and dashboard updates
• Participating in policy and standard development, ensuring version control, stakeholder review, and publication across systems
• Assisting with the management, tracking and reporting of security awareness training and phishing simulation campaigns
• Supporting vendor risk management activities by distributing and reviewing vendor questionnaires, documenting findings, and assisting in risk decisions
• Collaborating with cross-functional teams to capture risk information, assesses threats to systems and data, and documents findings in risk registers
• Performing other duties as assigned