Summary: The Manager of ITSecurity Risk Management is responsible for the CCHCS information security riskmanagement (ISRM) program within the Information Security Office. ISRMsupports the CCHCS mission through the use governance, risk and complianceactivities that detect, prevent or mitigate threats to confidentiality,integrity and/or availability of information resources. In addition tomentoring, coaching and developing staff members, the Manager will utilize thecomponents of the risk management program to identity, quantify and monitorrisk on-behalf of CCHCS stakeholders. He/she will ensure stakeholdershave sufficient decision information with regard to balancingoperational/business needs with risk including any activities that could leadto a violation of federal/state regulations and/or CCHCS policy. TheManager will recommend administrative and technical controls to enforcecompliance with CCHCS policies as well as guidelines and standards set forth bythe Information Security Office. He/she will be responsible for reportingkey performance indicators that will be used to gauge the effectiveness of therisk management program and foster an environment of continuous processimprovement.
Bachelor's degree in the field of computer science and 10years of professional IT experience in progressively responsible roles.
At least 5 years of experience leading and/or buildinginformation security risk management programs that comply with regulations suchas FISMA, FERPA, HIPAA, PCI/DSS, and the Texas Identity Theft PreventionAct.
At least 3 years assessing or implementing securityframeworks such as NIST CSF or HITRUST CSF.
At least 3 years of professional experience managing atleast two or more individuals.
Required qualifications plus 3 years of experience workingwith Governance, Risk and Compliance tools such as Archer or RSAM.
Additional 3 years of professional experience with technicalwriting and enterprise security document creation.
Additional 3 years of technical knowledge of industryenterprise security solutions including vulnerability scanners, data lossprevention, intrusion detection and prevention, firewalls, Mobile DeviceManagement, or other solutions.