Posting Number: F004497
Position Status: Full Time
Assignment Length: This field only applies to Faculty
Grant Funded: No
Class Code: 12
Pay Rate: Commensurate with education and experience.
Department: DT Info Security Office
Reporting to the Director of Information Security, the IT Security Compliance Officer is responsible for leading cybersecurity risk and compliance management, including the ongoing identification and management of information security risks and other governance, risk, and compliance (GRC) functions. In addition, they will participate in the governance processes of the organization’s information security steering committee (ISSC).
Essential Duties and Responsibilities
- Conducts periodic District risk assessments to ensure that legal, regulatory, and audit requirements are met
- Provides security metrics required for federal and state security compliance directives
- Plans and coordinates security awareness training for all employees
- Recommends programmatic and technical directions and operates with a high degree of independence in matters relating to the investigation, impact, analysis, and remediation of security incidents, decisions regarding risks, measures, and reports findings for TCC computer systems and network security
- Internally assess, evaluate, and make recommendations to management regarding the adequacy of security controls for the College’s information and technology systems
- Leads district-wide risk assessment by ensuring IT activities, processes, and procedures meet defined requirements, policies, standards, regulations, and guidelines
- Manages the IT audit and third-party risk management (TPRM) practices for the college
- Executes strategy for dealing with an increasing number of audits, compliance checks, and external assessment processes for internal/external auditors, FERPA, HIPAA, COPPA, GLBA, IT General Control Reviews, etc.
- Plans, maintains, and executes an enterprise-wide GRC platform by coordinating and tracking all information technology and security related audits, including the scope of reviews, departments involved, timelines, auditing agencies, and outcomes
- Works with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities while also supplying guidance, evaluation, and advocacy on audit responses
- Attends the workplace regularly, reports to work punctually, and follows a work schedule to keep up with the demands of the worksite
- Completes all required training and professional development sessions sponsored through the Tarrant County College (TCC) Institute
- Supports the values of the College: diversity, teaching excellence, student success, innovation, and creativity and service to the College
- Supports the mission, values, and 3 goals and 8 principles of the College
Works under the general supervision of the Director of Information Security.
* Performs other related tasks as required
The duties listed are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related or a logical assignment to the position. The job description does not constitute an employment agreement between the employer and employee and is subject to change by the employer as the needs of the employer and requirements of the job change.
Required Education, Experience, Certifications, Licensures
- Bachelor’s degree
- Five (5) years of information security risk management experience
- Three (3) years of managing processes, and/or projects
- Certified Information Systems Auditor (CISA)
Desired Education, Experience, Certifications, Licensures
- Master’s degree in Business Administration
- Experience with leading IT audits and risk management programs Experience with RSA Archer or Galvanize GRC platform
- Experience with ISO 27001/2 Information Security Management Systems (ISMS)
- Experience with KPI/KRI reporting
- Certified Information Systems Security Professional (CISSP)
Knowledge, Skills and Ability
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
- Knowledge of cyber threats and vulnerabilities
- Knowledge of specific operational impacts of cybersecurity lapses Knowledge of Security Assessment and Authorization process
- Skilled in discerning the protection needs (i.e., security controls) of information systems and networks
- Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities
- Ability to relate strategy, business, and technology in the context of organizational dynamics
- Ability to understand the basic concepts and issues related to cyber and its organizational impact
- Proficiency with Microsoft Office tools to include collaboration components such as Teams
The work environment characteristics described here are representatives of those an employee encounters while performing the essential functions of this job. While performing the duties of this job, the employee occasionally works near moving mechanical parts and is occasionally exposed to risk of electrical shock. The noise level in the work environment is usually quiet.
Contact: Peggy Leis
Tarrant County College is an equal opportunity institution that provides educational and employment opportunities on the basis of merit and without discrimination because of race, color, religion, sex, age, national origin, veteran status or disability.