Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

IT Security Compliance Manager

T

Thoth Solutions, Inc.

IT Security Compliance Manager

Plano, TX
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

     

     JOB TITLE:

    IT Security Compliance Manager

    REPORTS TO:

    Chief Information Security Officer

    DEPARTMENT:

    Office of Information Technology Services

     

    SUMMARY OF FUNCTIONS: The IT Security Compliance Manager is responsible for facilitating the effective planning, management, and governance of the company’s regulatory compliance programs. Compliance frameworks include NIST 800-53, CJIS, PCI-DSS, HIPAA, vendor management, IT policy administration and all internal governance reviews. Responsible for responding to and coordinating all inquiries from the Internal and External Audit teams related to the Technology services, initiatives, projects, platforms and products. The IT Security Compliance Manager will ensure that all processes related to the IT security program and compliance initiative are successfully prioritized, launched, executed and delivered with regular status reporting. Cross functional coordination with the project management office, adjacent IT teams and other departmental stakeholders will be required for this role. The ideal candidate will have a mature understanding of IT security and compliance in a complex and geographically diverse environment.

     

    MANAGEMENT SCOPE: Will oversee a compliance analyst and occasionally supervise the activities of cross functional project assigned resources.

     

    DUTIES AND RESPONSIBILITIES: (% OF TIME / ESSENTIAL VS. NON-ESSENTIAL)

     

     1. Facilitate annual, quarterly, monthly, weekly and periodic reviews, findings, and corrective measures for IT controls and record in the GRC repository tool. Identify and recommend IT control improvements to enhance the County’s security compliance posture. Provide bi-weekly summary reports and\or presentations for the Security Compliance Committee. Ensure that IT security controls are followed per the County’s security policy. Update IT policies annually. 

    (25% / E)

    2.  Act as the primary point of contact for IT security walkthroughs, data center reviews\visits and audits with internal and external audit and compliance entities. Complete security and compliance questionnaires for Federal and State government officials, HIPAA, PCI-DSS, risk assessments and vendor management. Create and maintain audit compliance flow charts, documentation and control dependencies.

    (25% / E)

    1. Manage and oversee CJIS, HIPAA and PCI-DDS periodic engagement with external vendors. Assume the role of liaison between the PCI QSA’s and IT staff. Produce regular progress reports for the CISO and the CIO. Consolidate and maintain all of the artifacts necessary to sustain compliance with each framework. Maintain separate action plans for each framework and work with PMO and IT team to remediate findings. Coordinate with vendors for required services such as penetration tests, external network scans etc…

    (25% / E)

    4. Implement, manage and maintain a vendor management program with a vendor questionnaire for new partnerships that require remote access to County IT assets or data. Record and update the policy, questionnaire and vendor artifacts as needed.

    (20% / E)

    5. Performs other duties as assigned.

    (5% / NE)

     

    MINIMUM QUALIFICATIONS:

    Education, Experience and Training:

    Education and experience equivalent to a Bachelor's degree from an accredited college or university in Computer Science, Information Technology, Mathematics, Engineering, Business Administration or in a job related field of study. Five to ten years of related work experience directly involved with IT security compliance and audit. CISA or CISM strongly preferred.

     

    Special Requirements/Knowledge, Skills & Abilities:

    The successful candidate will possess experience with NIST 800-53, Criminal Justice Information Systems (CJIS), HIPAA and PCI-DSS and IT security compliance.    

     

    Ability to effectively communicate both verbally and in writing, and establish and maintain effective working relationships with employees, departments and the general public. Must possess a valid Texas driver’s license, with a good driving record. Must pass a background investigation. Required to be on call on a rotating basis.

     

    Physical/Environmental Requirements:

    On call and after hours are required as needed. Requires prolonged sitting, standing, walking, and the ability to lift files, boxes and other materials up to 20 lbs., unassisted.

     

    INDIVIDUALS HOLDING OR CONSIDERED FOR A POSITION WHICH HAS, OR MAY HAVE, ACCESS TO CRIMINAL JUSTICE DATABASES INCLUDING THE FBI CRIMINAL JUSTICE INFORMATION SYSTEMS, NCIC/TCIC AND SIMILAR DATABASES, MUST PASS A NATIONAL FINGERPRINT-BASED RECORDS CHECK PRIOR TO PLACEMENT IN SUCH POSITION AND MAY BE DENIED PLACEMENT IN SUCH POSITIONS AND/OR ACCESS TO SUCH SYSTEMS. INCUMBENTS MUST ALSO MAINTAIN THE ABILITY TO PASS THE RECORDS CHECK WHILE IN THE POSITION OR UNTIL SUCH TIME THAT THE COMMISSIONERS COURT AND THE COUNTY CIVIL SERVICE COMMISSION DEEM THIS POSITION NO LONGER HAS THIS REQUIREMENT.”