Security Compliance Manager

CONTRACT TERM: Contract to Hire

LOCATION: Hybrid - Two days a week in office (Dallas, TX)

POSITION TYPE: Full Time

LOCATION: Dallas, TX

OVERVIEW:

The Security Compliance Manager is responsible for facilitating the effective
planning, management, and governance of the County’s regulatory compliance programs. Compliance
frameworks include NIST 800-53, CJIS, PCI-DSS, HIPAA, vendor management, IT policy administration and
all internal governance reviews. Responsible for responding to and coordinating all inquiries from the Internal
and External Audit teams related to the Technology services, initiatives, projects, platforms and products.
Ensures that all processes related to the IT security program and compliance initiative are successfully
prioritized, launched, executed and delivered with regular status reporting.

Responsibilities and duties include, but are not limited to:

• Facilitates annual, quarterly, monthly, weekly and periodic reviews, findings, and corrective measures for IT controls and record in the GRC repository tool. Identifies and recommends IT control improvements to enhance the County’s security compliance posture. Provides bi-weekly summary reports and\or presentations for the Security Compliance Committee. Ensures that IT security controls are followed per the County’s security policy. Updates IT policies annually.
• Acts as the primary point of contact for IT security walkthroughs, data center reviews\visits and audits with internal and external audit and compliance entities. Completes security and compliance questionnaires for Federal and State government officials, HIPAA, PCI-DSS, risk assessments and vendor management. Creates and maintains audit compliance flow charts,
  documentation and control dependencies.
• Manages and oversees CJIS, HIPAA and PCI-DDS periodic engagement with external vendors. Assumes the role of liaison between the PCI QSA’s and IT staff. Produces regular progress reports for the CISO and the CIO. Consolidates and maintains all of the artifacts necessary to sustain compliance with each framework. Maintains separate action plans for each framework and work with PMO and IT team to remediate findings. Coordinates with vendors for required services such as penetration tests, external network scans etc.
• Implements, manages and maintains a vendor management program with a vendor questionnaire for new partnerships that require remote access to County IT assets or data. Records and updates the policy, questionnaire and vendor artifacts as needed. Performs other duties as assigned

SKILL REQUIREMENTS:

• Education, Experience and Training: Education and experience equivalent to a Bachelor's degree from an accredited college or university in Computer Science, Information Technology, Mathematics, Engineering, Business Administration or in a job-related field of study. Six (6) years of related work experience directly involved with IT security compliance and audit. CISA or CISM strongly preferred, including one (1) year supervisory experience.

• Special Requirements/Knowledge, Skills & Abilities: The successful candidate will possess experience with NIST 800-53, Criminal Justice Information Systems
  (CJIS), HIPAA and PCI-DSS and IT security compliance. Ability to effectively communicate both verbally and in writing, and establish and maintain effective working relationships with employees, departments and the general public. Must possess a valid Texas driver’s license, with a good driving record. Must pass a background investigation. Required to be on call on a rotating basis.

“Individuals holding or considered for a position which has, or may have, access to criminal justice databases including the FBI Criminal Justice Information Systems, NCIC/TCIC, et. al., must pass a national fingerprint-based records check prior to placement in such position and may be denied placement in such positions and/or access to such systems. Incumbents must also maintain the ability to pass the records check while in the position or until such time that the Commissioners Court and the County Civil Service Commission deem this position no longer has this requirement.”

• Physical/Environmental Requirements: Standard office environment.