Cybersecurity Specialist - GRC

Cybersecurity Specialist - GRC - District Office

• Supports the development, maintenance, and administration of a College-wide information security plan and program, including governance, risk, and compliance functions, as required by Texas Administrative Code Chapter 202, NIST Cybersecurity Framework, FERPA, PCI-DSS, GLBA, and other applicable state and federal requirements.
• Assist in the development and maintenance of information security policies, procedures, standards, and guidelines that address regulatory requirements, best practices, and the College's information security risks.
• Support and ensure annual information security risk assessments, controls review, and related audits are performed and documented by information-owners.
• Reviews effectiveness of controls to ensure the safeguard of college information resources against accidental or unauthorized modification, destruction, or disclosure.
• Support application security assessment processes, including identiting security requirements and risk mitigation plans, prior to the purchase or introduction of information technology hardware, software, and systems development services for any new high impact computer applications or computer applications that receive, maintain, and/or share confidential data.
• Aid in the development of information technology disaster recovery and business continuity plans and incident response procedures.
• Support the review and classification of College's inventory of information systems, data, and related ownership and responsibilities in conjunction with data management office.
• Collaborate and advise information-owners, information custodians, and end users concerning their information security responsibilities under applicable regulations and SJC policies and procedures.
• Supports IT Security incident response processes, procedures, and related activities.

• Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
• Ability to interpret and articulate security technologies and regulatory requirements into college-specific policies, procedures, guidelines, and practices
• Evidenced experience designing, implementing, and executing cybersecurity governance solutions, tools, and technologies across complex, large-scale environments, all the way from project initiation to the desired end state of operationally healthy and sustainable services
• Proficient knowledge of cybersecurity standards (NIST Cybersecurity Framework, NIST 800-53, ISO, COBIT) and compliance requirements, including but not limited to TAC 202, FERPA, GLBA, GDPR, and PCI-DSS
• Excellent communication skills - providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders
• Flexible and adaptable - capable of changing direction where required and showing flexibility to meet new demands

• Bachelor's degree in computer science or related field; or equivalent combination of education and experience

• Master's degree in business administration or related field

• 5 years of experience in IT security or directly related subject matter
• Demonstrated experience with developing and maintaining information security policies, procedures, and practices
• In depth knowledge and practical experience with implementing or auditing risk frameworks, e.g. NIST 800 series, NIST CSF, ISO 27001, CIS Top 18, and CMMC

• 6 years of experience in IT security
• Technical knowledge of operating systems, defense-in-depth concepts, networks, security related technologies, security configurations, and application security best practices
• Knowledge of common GRC tools such as LogicManager, RSA Archer, ISORA, HECVAT, or ServiceNow Governance Risk and Compliance

• Certified Information Systems Auditor (CISA)
• Certified Cloud Security Professional (CCSP)
• Certified Risk and Information Systems Control (CRISC)

• Certified Information Systems Security Professional (CISSP)

Salary Grade: 123

Salary is based on the Board-approved salary schedule for the current fiscal year. See Salary Schedule

Requisition Number: req5715

Posting Close Date: 5/19/2025 at 6 pm CST