Cybersecurity Specialist - GRC
Description:
Cybersecurity Specialist - GRC - District Office FUNCTION: Supports governance, risk, and compliance programs as part of SJC's overall information security strategic plan and program. Assist with the development and management of the information security risk register and assist stakeholders in managing risk and documentation of risk decisions. Aid in the development, monitoring, and enforcement of security policies, procedures, standards, and guidelines in support of industry best practices and compliance requirements. Supports incident management processes and related activities. Reviews effectiveness of controls to ensure the safeguard of college information resources against accidental or unauthorized modification, destruction, or disclosure. Essential Job Functions:
Supports the development, maintenance, and administration of a College-wide information security plan and program, including governance, risk, and compliance functions, as required by Texas Administrative Code Chapter 202, NIST Cybersecurity Framework, FERPA, PCI-DSS, GLBA, and other applicable state and federal requirements.
Assist in the development and maintenance of information security policies, procedures, standards, and guidelines that address regulatory requirements, best practices, and the College's information security risks.
Support and ensure annual information security risk assessments, controls review, and related audits are performed and documented by information-owners.
Reviews effectiveness of controls to ensure the safeguard of college information resources against accidental or unauthorized modification, destruction, or disclosure.
Support application security assessment processes, including identiting security requirements and risk mitigation plans, prior to the purchase or introduction of information technology hardware, software, and systems development services for any new high impact computer applications or computer applications that receive, maintain, and/or share confidential data.
Aid in the development of information technology disaster recovery and business continuity plans and incident response procedures.
Support the review and classification of College's inventory of information systems, data, and related ownership and responsibilities in conjunction with data management office.
Collaborate and advise information-owners, information custodians, and end users concerning their information security responsibilities under applicable regulations and SJC policies and procedures.
Supports IT Security incident response processes, procedures, and related activities. Knowledge, Skills and Abilities:
Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
Ability to interpret and articulate security technologies and regulatory requirements into college-specific policies, procedures, guidelines, and practices
Evidenced experience designing, implementing, and executing cybersecurity governance solutions, tools, and technologies across complex, large-scale environments, all the way from project initiation to the desired end state of operationally healthy and sustainable services
Proficient knowledge of cybersecurity standards (NIST Cybersecurity Framework, NIST 800-53, ISO, COBIT) and compliance requirements, including but not limited to TAC 202, FERPA, GLBA, GDPR, and PCI-DSS
Excellent communication skills - providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders
Flexible and adaptable - capable of changing direction where required and showing flexibility to meet new demands Required Education:
Bachelor's degree in computer science or related field; or equivalent combination of education and experience Preferred Education:
Master's degree in business administration or related field Required Experience:
5 years of experience in IT security or directly related subject matter
Demonstrated experience with developing and maintaining information security policies, procedures, and practices
In depth knowledge and practical experience with implementing or auditing risk frameworks, e.g. NIST 800 series, NIST CSF, ISO 27001, CIS Top 18, and CMMC Preferred Experience:
6 years of experience in IT security
Technical knowledge of operating systems, defense-in-depth concepts, networks, security related technologies, security configurations, and application security best practices
Knowledge of common GRC tools such as LogicManager, RSA Archer, ISORA, HECVAT, or ServiceNow Governance Risk and Compliance Required Licenses/Certifications (one of the following):
Certified Information Systems Auditor (CISA)
Certified Cloud Security Professional (CCSP)
Certified Risk and Information Systems Control (CRISC) Preferred Licenses/Certifications:
Certified Information Systems Security Professional (CISSP) Note: This position has opportunity for remote work arrangements with appropriate approvals and in accordance with the policies, procedures, and needs of the College.
Salary Grade: 123
Salary is based on the Board-approved salary schedule for the current fiscal year. See Salary Schedule
Requisition Number: req5715
Posting Close Date: 5/19/2025 at 6 pm CST