Program Manager, Governance, Risk & Compliance

Company: Inside Higher Ed
Location: Austin
Posted on: April 8, 2021

Job Description:

Position InformationLocation: Service CenterHours: Typically Monday - Friday 8 am to 5pm. Salary: Administrator 1/999 ($0.00 - $0.00)FLSA Status: ExemptReports To: Chief Information Security OfficerCriminal Background Check: Pre-employment criminal background checks are required for all Staff and Faculty positions. Pre-employment urinalyses drug screens are also required for all top candidates considered for positions in ACC's College Police department.College ProfileAustin Community College (ACC) is a public two-year institution that serves a diverse population of approximately 41,000 credit students each fall and spring semester. We embrace our identity as a community college as reflected in our mission statement. We promote student success and community development by providing affordable access, through traditional and distance learning modes, to higher education and workforce training, including appropriately applied baccalaureate degrees, in our service area. As a community college committed to our mission, we seek to recruit and retain a workforce that:

• Reflects the diversity of our community.
• Values intellectual curiosity and innovative teaching.
• Is attracted by the college mission to promote equitable access to educational opportunities.
• Cares about student success and collaborates on strategies to facilitate success for underrepresented populations.
• Welcomes difference and models respectful interaction with others.
• Engages with the community both within and outside of ACC.Our MissionThe Austin Community College District promotes student success and community development by providing affordable access, through traditional and distance learning modes, to higher education and workforce training in its service area. For more information, see http://www.austincc.edu/about-acc/mission-statement.Commitment to Equity and InclusionACC is committed to the ongoing systemic changes needed to ensure the increased recruitment, inclusion, retention, and completion of historically underserved and underrepresented populations. Through continual strategic community engagement and professional development of administrators, faculty, staff, and students, the college demonstrates its dedication to fostering a culture and climate for equitable outcomes. As an open-access and low-cost institution, ACC is proud to serve a diverse student body. Dedicated faculty members are excellent professors who help students achieve their educational goals and are sensitive to the diverse cultures and socio-economic backgrounds of our students. The College values and is committed to equity, diversity, and inclusion throughout the College community.General Statement of JobReporting to the Chief Information Security Officer, this position is responsible for building a GRC program to reduce security risk while achieving compliance w/ Texas CyberSecurity Framework (TCF), FedRAMP and other regulatory requirements. This position will provide subject matter expertise in NIST, TCF, and must have information security expertise for the development and implementation of the information security GRC program. This is a high visible and cross functional role as it relates to the increasing organization security posture and reducing risk.Description of Duties and TasksEssential duties and responsibilities include the following. Other duties may be assigned.
• Conducts risk assessments and collaborate with stakeholders to implement a security framework such as NIST or Texas Cybersecurity Framework.
• Overseea the third-party security vendor program.
• Oversees and report on compliance with security controls and policies.
• Facilitates the development and implementation of data quality standards and adoption requirements across the college and defines indicators of performance and ensure compliance with data related policies, standards, roles and responsibilities, and adoption requirements are met.
• Identifies gaps within internal data landscape to ensure data integrity and data structure compliance within data governance frameworks.
• Participates or drive technology risk governance process.
• Ensures audit trails, system logs and other monitoring data sources are reviewed periodically and in compliance with policies and audit requirements.
• Works with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
• Works with the CISO and IT and business stakeholders to define, collect and report on metrics that effectively communicate risk management successes and progress of security compliance.
• Oversees periodic updates to the Data Quality/Master Data Management Roadmap.
• Drafts and maintains compliance documents (e.g. policies, standards, procedures, etc).
• Provides Subject Matter Expertise (SME) related to NIST 800-53, SOC 1, SOC2, Texas Cybersecurity Framework and other information security regulations.KnowledgeMust possess required knowledge and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed. Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment. Knowledge of data quality, stewardship and master data management practices, business and technology issues related to management of institutional data assets. Knowledge of defining, documenting and implementing Data Governance practices, policies, and procedures. Knowledge of consulting skills, change management concepts and strategies, including communication, culture change and performance measurement system design. Knowledge of data architecture and technology solutions. Knowledge of best practice for Data Quality Management, Master Data Management and near real time data warehousing. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, GDPR, as well as those from NIST, including 800-53. Knowledge of TAC202 and Texas Cybersecurity Framework is preferred.SkillsMust possess required skills and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed. Maintaining an established work schedule. Effectively using interpersonal and communications skills including tact and diplomacy. Maintaining confidentiality of work-related information and materials. Establishing and maintaining effective working relationships. Possess analytical abilities to examine infrastructures and make recommendations on improvements. Ability to facilitate data governance processes with IT and college departments. Success in leveraging both traditional best practices, such as IT service management practices based on ITIL. Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. Strong analytical skills to analyze security requirements and relate them to appropriate security controls. Experience in working in a collaborative team environment.Technology Skills Technical proficiency with security-related systems, tools, applications and data architecture. Use automation and lean concepts.Required Work Experience
• Three years of related work experience.Preferred Work Experience Two or more years of experience in data governance or working with data management frameworks such as NIST or TCF and security technologies. Minimum of 2 of experience in a combination of risk management and information security. Experience of building and deployment of data governance programs / frameworks. The ability to interact and build strong relationships with key stakeholders at all levels and across all business units and organizations, and work effectively with business managers, IT engineering and IT operations staff.Required Education
• Bachelor's degree.Preferred Education Bachelor's degree in computer information science.Special RequirementsLicenses/Certifications; Other Valid Texas Driver's License and reliable transportation for travel in the Austin area as required. Possess one of the following: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or equivalent preferred.Other Preferred Qualifications A strong understanding of security tools, technologies and policies. Strong understanding of information security concepts, protocols, industry best practices, strategies and frameworks NIST and Texas Cybersecurity Framework. The ability to perform risk, gap analysis, business impact, control and vulnerability assessments, and recommend treatment strategies. Experience working with internal and external auditors. In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.Physical Requirements Work is performed in a standard office or similar environment. Subject to standing, walking, sitting, bending, reaching, pushing, and pulling. Occasional lifting of objects up to 10 pounds.Safety
• Work safely and follow safety rules. Report unsafe working conditions and behavior. Take reasonable and prudent actions to prevent others from engaging in unsafe practices.Information for This Posting Only This is a benefit eligible position funded through January 31, 2022 and is subject to renewal. The College is unable to support candidates who require sponsorship to work in the United States.ACC Benefits OverviewFull-time Faculty and Staffing Table employees who work in full-time and/or part-time positions at the College are eligible for ACC medical benefits effective the first of the month after their first 60 days of employment. Benefits include medical, dental, life insurance, short and long term disability, retirement plans and AD&D.ACC does not participate in Social Security. ACC participates in the Teacher Retirement System of Texas (TRS) and the Optional Retirement Program (ORP-Faculty Only). Part-time and Hourly employees participate in the ACC Money Purchase Plan (ACCMPP) as a retirement program required by Federal law. DisclaimerThe above description is an overview of the job. It is not intended to be an all-inclusive list of duties and responsibilities of the job, nor is it intended to be an all-inclusive list of the skills and abilities required to do the job. Duties and responsibilities may change with business needs. ACC reserves the right to add, change, amend, or delete portions of this job description at any time, with or without notice. Employees may be required to perform other duties as requested, directed, or assigned. In addition, reasonable accommodations may be made by ACC as its discretion to enable individuals with disabilities to perform the essential functions.Austin Community College provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.As required by the US Department of Education, employees are required to report violations under the Title IX and, under the Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act (Clery Act), select individuals are required to report crimes. If this position is identified as a Campus Security Authority (Clery Act), you will be notified, trained, and provided resources for reporting.

Keywords: Inside Higher Ed, Austin , Program Manager, Governance, Risk & Compliance, Executive , Austin, Texas