Information Security Portfolio Manager (ISPM)

TX-HHSC-DSHS-DFPS•Austin, TX

3d•$7,015 - $10,417•Onsite

About The Position

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. This position performs senior-level information security analysis with emphasis on Archer eGRC development and administration functions. Researches, evaluates, and recommends managerial, technical and operational controls and procedures for the appropriate protection and reduction of risk for information resources. Evaluates business objectives and advises business partners on the security and compliance requirements as well as the risks within various business initiatives. Develops, recommends and evaluates the implementation of plans designed to safeguard information systems and information resources against accidental or unauthorized modification, destruction, or disclosure for agency administered systems as well as third party administered systems. Develops, monitors, evaluates, and maintains system security plans and corrective action plans to ensure the protection of information systems and information resources from unauthorized users. Designs and develops solutions in the eGRC platform. Provides guidance to agency staff on the eGRC platform. Coordinates/interacts/trains HHS Agencies on the development of eGRC solutions. Independently interfaces with executive management throughout the agency and enterprise to assist the CISO in the delivery of the Information Security Program.

Requirements

Knowledge of enterprise security program management using Enterprise Governance Risk and Compliance solutions.
Knowledge of effective project management practices and ability to effectively manage multiple priorities within a security function providing services to numerous clients.
Knowledge of compliance requirements including 1 TAC 202, HIPAA/HITECH, IRS Publication 1075, Social Security Administration requirements, Texas Business and Commerce Code, and Texas Health and Safety Code.
Knowledge in analyzing, recommending, and developing enterprise-wide security policies, standards, and guidelines within appropriate organizational risk tolerances.
Knowledge and understanding of audit principles for the coordination and advisement of appropriate management action plans that will address the cause of control deficiencies.
In-depth knowledge and understanding of the National Institute of Standards (NIST) Special Publications (800 Series) with particular emphasis on the SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations.
Knowledge and understanding of security program deficiencies and articulating those deficiencies to stakeholders.
Extensive knowledge of the control structures and application of controls.
Knowledge and understanding of audit principles related to responding to IT and Security audits.
Knowledgeable of National Institute of Standards and Technology (NIST) classes and families.
Experience performing risk assessments.
Professional presentation skills.
Skill and demonstrated ability in interpersonal communications and collaboration as part of a team providing security services to multiple clients.
Skill in critical thinking, root cause analysis and complex problem solving of information technology security threats relating to confidentiality, integrity and availability of agency data and systems.
Skill in implementing enforcement of security policy within technology solutions.
Skill in evaluating enterprise networks and systems for assurance of control requirements as specified by the IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies.
Ability to manage the control assertion and corrective action plan processes including the coordination of status updates and report submission.
Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions.
Bachelor’s degree in information security, Information Technology, or related field, or equivalent experience on a year-for-year basis.
Minimum of five (5) years of experience in cybersecurity governance, risk management, or compliance.
Experience implementing RMF and security authorization processes.
Experience working with enterprise GRC and IT service management tools.

Nice To Haves

Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Global Information Assurance Certification (GIAC), RSA Archer Certified Administrator 5.x or similar certifications preferred.
Experience in public sector or healthcare security governance environments.

Responsibilities

Provides highly advanced consultative and technical assistance regarding development and administration of the Archer eGRC platform.
Provides Archer eGRC subject matter leadership to other personnel where applicable.
Performs needs assessment to identify requirements of automated systems and evaluates enterprise information security compliance standards.
Provides security and risk management services by performing risk identification, assessment, and remediation as well as regulatory and internal compliance monitoring using standards and processes as required to adequately protect HHS personnel, facilities, infrastructure, information, and business operations.
Advises management and users regarding enterprise security program functions.
Attends work on a regular and predictable schedule in accordance with agency leave policy and performs other duties as assigned.