Security Compliance Manager.Info Tech Services

The Security Compliance Manager is responsible for facilitating the effective planning, management, and governance of the County’s regulatory compliance programs. Compliance frameworks include NIST 800-53, CJIS, PCI-DSS, HIPAA, vendor management, IT policy administration and all internal governance reviews. Responsible for responding to and coordinating all inquiries from the Internal and External Audit teams related to the Technology services, initiatives, projects, platforms and products. Ensures that all processes related to the IT security program and compliance initiative are successfully prioritized, launched, executed and delivered with regular status reporting.

Management Scope: Supervises exempt staff. 1. Facilitates annual, quarterly, monthly, weekly and periodic reviews, findings, and corrective measures for IT controls and record in the GRC repository tool. Identifies and recommends IT control improvements to enhance the County’s security compliance posture. Provides bi-weekly summary reports and\or presentations for the Security Compliance Committee. Ensures that IT security controls are followed per the County’s security policy. Updates IT policies annually.

2. Acts as the primary point of contact for IT security walkthroughs, data center reviews\visits and audits with internal and external audit and compliance entities. Completes security and compliance questionnaires for Federal and State government officials, HIPAA, PCI-DSS, risk assessments and vendor management. Creates and maintains audit compliance flow charts, documentation and control dependencies.

3. Manages and oversees CJIS, HIPAA and PCI-DDS periodic engagement with external vendors. Assumes the role of liaison between the PCI QSA’s and IT staff. Produces regular progress reports for the CISO and the CIO. Consolidates and maintains all of the artifacts necessary to sustain compliance with each framework. Maintains separate action plans for each framework and work with PMO and IT team to remediate findings. Coordinates with vendors for required services such as penetration tests, external network scans etc…

4. Implements, manages and maintains a vendor management program with a vendor questionnaire for new partnerships that require remote access to County IT assets or data. Records and updates the policy, questionnaire and vendor artifacts as needed.

5. Performs other duties as assigned. Education, Experience and Training:
Education and experience equivalent to a Bachelor's degree from an accredited college or university in Computer Science, Information Technology, Mathematics, Engineering, Business Administration or in a job related field of study. Six (6) years of related work experience directly involved with IT security compliance and audit. CISA or CISM strongly preferred, including one (1) year supervisory experience.

Special Requirements/Knowledge, Skills & Abilities:
The successful candidate will possess experience with NIST 800-53, Criminal Justice Information Systems (CJIS), HIPAA and PCI-DSS and IT security compliance. Ability to effectively communicate both verbally and in writing, and establish and maintain effective working relationships with employees, departments and the general public. Must possess a valid Texas driver’s license, with a good driving record. Must pass a background investigation. Required to be on call on a rotating basis

“Individuals holding or considered for a position which has, or may have, access to criminal justice databases including the FBI Criminal Justice Information Systems, NCIC/TCIC, et. al., must pass a national fingerprint-based records check prior to placement in such position and may be denied placement in such positions and/or access to such systems. Incumbents must also maintain the ability to pass the records check while in the position or until such time that the Commissioners Court and the County Civil Service Commission deem this position no longer has this requirement.”

Physical/Environmental Requirements:
Standard office environment.