What are the responsibilities and job description for the Manager - CISO - GRC - Compliance position at Texas Health and Human Services?
Date: Mar 27, 2025
Location:
AUSTIN, TX
Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.
Functional Title: Manager - CISO - GRC - Compliance
Job Title: Manager VI
Agency: Health & Human Services Comm
Department: CHIEF INFO SECURITY OFFICE
Posting Number: 4408
Closing Date: 06/25/2025
Posting Audience: Internal and External
Occupational Category: Computer and Mathematical
Salary Group: TEXAS-B-27
Salary Range: $7,015.16 - $11,864.50
Shift: Day
Additional Shift: Days (First)
Telework
Travel: Up to 60%
Regular/Temporary: Regular
Full Time/Part Time: Full time
FLSA Exempt/Non-Exempt: Exempt
Facility Location:
Job Location City: AUSTIN
Job Location Address: 701 W 51ST ST
Other Locations:
MOS Codes
0203,0207,0302,0370,0520,0602,0802,1802,1803,2340,5502,6302,6502,7202,7208,7210,7220,7502,8005,8858
9702,16GX,3D0X1,60C0,611X,612X,63G0,641X,712X,86M0,86P0,8U000,9G100,BOSN,ELC,ISS,MAT,MED,MLES,MSSD
MSSE,MSSR,OSS,WEPS
Brief Job Description
Under the general supervision of the Deputy Chief Information Officer, this position provides leadership and supervision essential to in developing and supporting the HHSC (Health and Human Services Commission) Information Security Program and developing strategies for compliance with information security requirements. This includes overseeing the development and implementation of compliance programs, conducting audits and assessments, and guidance on maintaining a secure environment as well as the establishment of policies, procedures, and controls to ensure that cybersecurity risks are effectively managed, and compliance requirements are met. The manager works closely with other teams within the organization to ensure cybersecurity requirements are met and that any non-compliance issues are addressed promptly. Participates in internal and external compliance and regulatory audits and recommends security requirements or enhancements. Reviews new and modified regulatory requirements regarding information security to determine if new policies and procedures are needed and monitors related “best practices” and emerging security technologies for a potential application. Guides agency users in adhering to the agency and HHS (Health and Human Services) Security Policy, Guidelines and Standards, Texas Administrative Code (TAC 202), Health Insurance Portability and Accountability Act (HIPAA), and other state and federal rules and regulations. Provides information security expertise and leadership, in partnership with HHS agency Information Security Officers and staff, in addressing security vulnerabilities. Consults on high visibility/high-risk IT (Information Technology) projects and guides team members and information security staff on security and compliance matters.
Essential Job Functions (EJFs)
Leads and supervises in the design and deployment of the Information Security Compliance Program activities. (30%)
Leads cybersecurity and compliance functions. (30%)
Supports security and compliance controls through the agency's Governance, Risk and Compliance (GRC) tool. (20%)
Champions the Security Program through the agency. (10%)
Performs or leads other duties as assigned. (10%)
Knowledge, Skills And Abilities (KSAs)
Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.
A clean criminal background check may be required for this position.
Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.
Active Duty, Military, Reservists, Guardsmen, And Veterans
Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.
ADA Accommodations
In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
Pre-Employment Checks And Work Eligibility
Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.
HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form
Telework Disclaimer
This position may be eligible for telework. Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.
Nearest Major Market: Austin
Location:
AUSTIN, TX
Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.
Functional Title: Manager - CISO - GRC - Compliance
Job Title: Manager VI
Agency: Health & Human Services Comm
Department: CHIEF INFO SECURITY OFFICE
Posting Number: 4408
Closing Date: 06/25/2025
Posting Audience: Internal and External
Occupational Category: Computer and Mathematical
Salary Group: TEXAS-B-27
Salary Range: $7,015.16 - $11,864.50
Shift: Day
Additional Shift: Days (First)
Telework
Travel: Up to 60%
Regular/Temporary: Regular
Full Time/Part Time: Full time
FLSA Exempt/Non-Exempt: Exempt
Facility Location:
Job Location City: AUSTIN
Job Location Address: 701 W 51ST ST
Other Locations:
MOS Codes
0203,0207,0302,0370,0520,0602,0802,1802,1803,2340,5502,6302,6502,7202,7208,7210,7220,7502,8005,8858
9702,16GX,3D0X1,60C0,611X,612X,63G0,641X,712X,86M0,86P0,8U000,9G100,BOSN,ELC,ISS,MAT,MED,MLES,MSSD
MSSE,MSSR,OSS,WEPS
Brief Job Description
Under the general supervision of the Deputy Chief Information Officer, this position provides leadership and supervision essential to in developing and supporting the HHSC (Health and Human Services Commission) Information Security Program and developing strategies for compliance with information security requirements. This includes overseeing the development and implementation of compliance programs, conducting audits and assessments, and guidance on maintaining a secure environment as well as the establishment of policies, procedures, and controls to ensure that cybersecurity risks are effectively managed, and compliance requirements are met. The manager works closely with other teams within the organization to ensure cybersecurity requirements are met and that any non-compliance issues are addressed promptly. Participates in internal and external compliance and regulatory audits and recommends security requirements or enhancements. Reviews new and modified regulatory requirements regarding information security to determine if new policies and procedures are needed and monitors related “best practices” and emerging security technologies for a potential application. Guides agency users in adhering to the agency and HHS (Health and Human Services) Security Policy, Guidelines and Standards, Texas Administrative Code (TAC 202), Health Insurance Portability and Accountability Act (HIPAA), and other state and federal rules and regulations. Provides information security expertise and leadership, in partnership with HHS agency Information Security Officers and staff, in addressing security vulnerabilities. Consults on high visibility/high-risk IT (Information Technology) projects and guides team members and information security staff on security and compliance matters.
Essential Job Functions (EJFs)
Leads and supervises in the design and deployment of the Information Security Compliance Program activities. (30%)
Leads cybersecurity and compliance functions. (30%)
Supports security and compliance controls through the agency's Governance, Risk and Compliance (GRC) tool. (20%)
Champions the Security Program through the agency. (10%)
Performs or leads other duties as assigned. (10%)
Knowledge, Skills And Abilities (KSAs)
- Cybersecurity Methodologies & Processes – In-depth knowledge of cybersecurity frameworks, risk management processes, and data protection strategies tailored to healthcare and government-regulated environments.
- Security Policy & Program Development – Knowledge and expertise in designing, implementing, and maintaining security policies, standards, and controls in alignment with CMS Minimum Acceptable Risk Standards for Exchanges (MARS-E), HIPAA, and HITECH to safeguard federal healthcare data.
- Risk & Security Assessments – Proven knowledge and experience conducting MARS-E security control assessments, risk assessments, and audits to ensure compliance with CMS security and privacy requirements for systems handling Personally Identifiable Information (PII) and Protected Health Information (PHI).
- Strong Communication Skills – Exceptional written and verbal communication skills to effectively convey security policies, risks, and compliance requirements to both technical and non-technical stakeholders, including CMS auditors and regulatory bodies.
- Advanced Problem-Solving Abilities – Ability to quickly analyze complex security risks and develop effective mitigation strategies within healthcare IT environments while ensuring compliance with CMS security requirements.
- Risk Mitigation & Control Implementation – Ability to assess security risks, develop compensating controls, and implement risk mitigation strategies to protect CMS-regulated data, state health exchanges, and Medicaid/Medicare systems.
- Technical Security Expertise – Broad knowledge and experience with securing networking, cloud environments, operating systems, enterprise applications, and healthcare databases while ensuring compliance with CMS MARS-E and HIPAA security rules.
- Regulatory Compliance Knowledge – Strong understanding of federal and state regulatory frameworks, including:
- CMS MARS-E 2.0 (Minimum Acceptable Risk Standards for Exchanges)
- HIPAA/HITECH (Health Insurance Portability and Accountability Act)
- 1 TAC 202 (Texas Administrative Code Information Security Standards)
- IRS Publication 1075 (Federal Tax Information Security Guidelines)
- Texas Business and Commerce Code & Texas Health and Safety Code
- Security & Risk Frameworks – Expertise in applying security frameworks such as:
- NIST SP 800-53 & NIST Cybersecurity Framework (CSF) for risk and security management
- HITRUST CSF for healthcare security and compliance
- ISO 27001 for information security governance
- COBIT for IT governance and control
- Preferred certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Bachelor’s or higher degree in the IT field or related study. Work experience in the IT field may be substituted year for year for the education requirement with a maximum of four (4) years.
- 5 years of hands-on experience in cybersecurity and/or IT security.
- Experience supervising the work of others.
Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.
A clean criminal background check may be required for this position.
Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.
Active Duty, Military, Reservists, Guardsmen, And Veterans
Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.
ADA Accommodations
In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.
Pre-Employment Checks And Work Eligibility
Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.
HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form
Telework Disclaimer
This position may be eligible for telework. Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.
Nearest Major Market: Austin
Salary : $7,015 - $11,865
