eHire - Program Manager, Governance, Risk & Compliance

Position Information

Location	Service Center
Hours	Typically Monday - Friday 8 am to 5pm.
Salary	Administrator 1/999 ($0.00 - $0.00)
FLSA Status	Exempt
Reports To	Chief Information Security Officer
Criminal Background Check

College Profile

Austin Community College (ACC) is a public two-year institution that serves a diverse population of approximately 41,000 credit students each fall and spring semester. We embrace our identity as a community college as reflected in our mission statement. We promote student success and community development by providing affordable access, through traditional and distance learning modes, to higher education and workforce training, including appropriately applied baccalaureate degrees, in our service area.

As a community college committed to our mission, we seek to recruit and retain a workforce that:

Reflects the diversity of our community.
Values intellectual curiosity and innovative teaching.
Is attracted by the college mission to promote equitable access to educational opportunities.
Cares about student success and collaborates on strategies to facilitate success for underrepresented populations.
Welcomes difference and models respectful interaction with others.
Engages with the community both within and outside of ACC.

Our Mission

The Austin Community College District promotes student success and community development by providing affordable access, through traditional and distance learning modes, to higher education and workforce training in its service area.

For more information, see http://www.austincc.edu/about-acc/mission-statement.

Commitment to Equity and Inclusion

ACC is committed to the ongoing systemic changes needed to ensure the increased recruitment, inclusion, retention, and completion of historically underserved and underrepresented populations. Through continual strategic community engagement and professional development of administrators, faculty, staff, and students, the college demonstrates its dedication to fostering a culture and climate for equitable outcomes.

As an open-access and low-cost institution, ACC is proud to serve a diverse student body. Dedicated faculty members are excellent professors who help students achieve their educational goals and are sensitive to the diverse cultures and socio-economic backgrounds of our students. The College values and is committed to equity, diversity, and inclusion throughout the College community.

General Statement of Job

Reporting to the Chief Information Security Officer, this position is responsible for building a GRC program to reduce security risk while achieving compliance w/ Texas CyberSecurity Framework (TCF), FedRAMP and other regulatory requirements. This position will provide subject matter expertise in NIST, TCF, and must have information security expertise for the development and implementation of the information security GRC program. This is a high visible and cross functional role as it relates to the increasing organization security posture and reducing risk.

Description of Duties and Tasks

Essential duties and responsibilities include the following. Other duties may be assigned.

Conducts risk assessments and collaborate with stakeholders to implement a security framework such as NIST or Texas Cybersecurity Framework.
Overseea the third-party security vendor program.
Oversees and report on compliance with security controls and policies.
Facilitates the development and implementation of data quality standards and adoption requirements across the college and defines indicators of performance and ensure compliance with data related policies, standards, roles and responsibilities, and adoption requirements are met.
Identifies gaps within internal data landscape to ensure data integrity and data structure compliance within data governance frameworks.
Participates or drive technology risk governance process.
Ensures audit trails, system logs and other monitoring data sources are reviewed periodically and in compliance with policies and audit requirements.
Works with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
Works with the CISO and IT and business stakeholders to define, collect and report on metrics that effectively communicate risk management successes and progress of security compliance.
Oversees periodic updates to the Data Quality/Master Data Management Roadmap.
Drafts and maintains compliance documents (e.g. policies, standards, procedures, etc).
Provides Subject Matter Expertise (SME) related to NIST 800-53, SOC 1, SOC2, Texas Cybersecurity Framework and other information security regulations.

Knowledge

Must possess required knowledge and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.

Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
Knowledge of data quality, stewardship and master data management practices, business and technology issues related to management of institutional data assets.
Knowledge of defining, documenting and implementing Data Governance practices, policies, and procedures.
Knowledge of consulting skills, change management concepts and strategies, including communication, culture change and performance measurement system design.
Knowledge of data architecture and technology solutions.
Knowledge of best practice for Data Quality Management, Master Data Management and near real time data warehousing.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, GDPR, as well as those from NIST, including 800-53.
Knowledge of TAC202 and Texas Cybersecurity Framework is preferred.

Skills

Must possess required skills and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.

Maintaining an established work schedule.
Effectively using interpersonal and communications skills including tact and diplomacy.
Maintaining confidentiality of work-related information and materials.
Establishing and maintaining effective working relationships.
Possess analytical abilities to examine infrastructures and make recommendations on improvements.
Ability to facilitate data governance processes with IT and college departments.
Success in leveraging both traditional best practices, such as IT service management practices based on ITIL.
Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Experience in working in a collaborative team environment.

Technology Skills

Technical proficiency with security-related systems, tools, applications and data architecture.
Use automation and lean concepts.

Required Work Experience

Three years of related work experience.

Preferred Work Experience

Two or more years of experience in data governance or working with data management frameworks such as NIST or TCF and security technologies.
Minimum of 2 of experience in a combination of risk management and information security.
Experience of building and deployment of data governance programs / frameworks.
The ability to interact and build strong relationships with key stakeholders at all levels and across all business units and organizations, and work effectively with business managers, IT engineering and IT operations staff.

Required Education

Bachelor's degree.

Preferred Education

Bachelor's degree in computer information science.

Special Requirements

Licenses/Certifications; Other

Valid Texas Driver's License and reliable transportation for travel in the Austin area as required.
Possess one of the following: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or equivalent preferred.

Other Preferred Qualifications

A strong understanding of security tools, technologies and policies.
Strong understanding of information security concepts, protocols, industry best practices, strategies and frameworks NIST and Texas Cybersecurity Framework.
The ability to perform risk, gap analysis, business impact, control and vulnerability assessments, and recommend treatment strategies.
Experience working with internal and external auditors.
In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.

Physical Requirements

Work is performed in a standard office or similar environment.
Subject to standing, walking, sitting, bending, reaching, pushing, and pulling.
Occasional lifting of objects up to 10 pounds.

Safety

Work safely and follow safety rules. Report unsafe working conditions and behavior. Take reasonable and prudent actions to prevent others from engaging in unsafe practices.

Information for This Posting Only

This is a benefit eligible position funded through January 31, 2022 and is subject to renewal. The College is unable to support candidates who require sponsorship to work in the United States.