Dallas County
1000000552.SENIOR GOVERNANCE, RISK, AND COMPLIANCE ANALYST.INFO TECH SERVICES
Dallas County, Dallas, Texas, United States, 75215
Senior Governance, Risk, and Compliance Analyst – Info Tech Services
Location: Dallas, TX
Salary: $111,408.00 – $189,738.00
Job Type: Full‑time
Seniority: Mid‑Senior level
Job Description Supports and advances Dallas County’s governance, risk, and compliance (GRC) program. Leads initiatives related to internal and external audits, regulatory framework adoption (e.g., NIST 800‑53, CJIS, HIPAA, PCI‑DSS), control assessments, policy governance, and third‑party risk management. Works cross‑functionally with stakeholders across departments to ensure compliance obligations are addressed and documented.
Responsibilities
Facilitate and prepare for internal and external audit activities, including control walkthroughs, evidence collection, and remediation tracking for IT and security‑related controls.
Manage implementation and maintenance of security and privacy frameworks (e.g., NIST 800‑53, CJIS, HIPAA, PCI‑DSS), including gap analysis, control mapping, and continuous improvement efforts.
Oversee lifecycle management of IT and security policies, including drafting, review coordination, approval, publication, and scheduled updates.
Administer and enhance third‑party/vendor risk management processes including reviews, due diligence, contract risk language, and documentation workflows.
Provide guidance to departments on GRC requirements, support cross‑departmental initiatives, and drive awareness of compliance responsibilities.
Manage the County’s security awareness training program, including administration and coordination of phishing simulation campaigns, and delivery of cybersecurity training content for County employees.
Perform other duties as assigned.
Qualifications
Education: Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or related field.
Experience: Six (6) years in GRC, compliance, audit, or cyber risk management.
Certifications (Preferred):
Certified Information Systems Auditor (CISA)
Certified Risk and Information Systems Control (CRISC)
Certified Governance, Risk and Compliance (CGRC)
Relevant compliance/governance certification is a plus.
Skills & Abilities:
Excellent organizational, analytical, and communication skills.
Ability to work independently and manage multiple initiatives.
Ability to participate in an on‑call rotation for after‑hours security incident escalation.
Ability to write clear, concise policies and reports.
Ability to coordinate across diverse business and technical teams.
Knowledge of GRC principles and program operations.
Experience maintaining GRC tools and repositories (e.g., OneTrust, Hyperproof, Archer, AuditBoard).
Skill in enterprise IT environments, including Windows Server, Active Directory, Azure and Microsoft 365 cloud services, and core networking concepts and configurations.
Skill in document management systems and ticketing platforms (e.g., SharePoint, Jira, ServiceNow).
Ability to manage security awareness training, including administration and coordination of phishing simulation campaigns.
Ability to work with or implement regulatory frameworks such as NIST 800‑53, CJIS, HIPAA, PCI‑DSS, or similar.
Knowledge of IT governance frameworks, compliance requirements, and security best practices.
Ability to coordinate or perform internal or external IT audits.
Ability to analyze risk and translate technical security controls into business‑impact terms.
Ability to mentor junior team members on GRC practices and standards.
Must have a valid Texas Driver’s License and good driving record.
National fingerprint‑based records check may be required.
Physical/Environmental Requirements
Standard office environment.
Ability to lift and carry up to 25 lbs unassisted.
Work a 40‑hour hybrid work week with on‑call availability for two days per month.
Sitting for extended periods of time.
#J-18808-Ljbffr
Salary: $111,408.00 – $189,738.00
Job Type: Full‑time
Seniority: Mid‑Senior level
Job Description Supports and advances Dallas County’s governance, risk, and compliance (GRC) program. Leads initiatives related to internal and external audits, regulatory framework adoption (e.g., NIST 800‑53, CJIS, HIPAA, PCI‑DSS), control assessments, policy governance, and third‑party risk management. Works cross‑functionally with stakeholders across departments to ensure compliance obligations are addressed and documented.
Responsibilities
Facilitate and prepare for internal and external audit activities, including control walkthroughs, evidence collection, and remediation tracking for IT and security‑related controls.
Manage implementation and maintenance of security and privacy frameworks (e.g., NIST 800‑53, CJIS, HIPAA, PCI‑DSS), including gap analysis, control mapping, and continuous improvement efforts.
Oversee lifecycle management of IT and security policies, including drafting, review coordination, approval, publication, and scheduled updates.
Administer and enhance third‑party/vendor risk management processes including reviews, due diligence, contract risk language, and documentation workflows.
Provide guidance to departments on GRC requirements, support cross‑departmental initiatives, and drive awareness of compliance responsibilities.
Manage the County’s security awareness training program, including administration and coordination of phishing simulation campaigns, and delivery of cybersecurity training content for County employees.
Perform other duties as assigned.
Qualifications
Education: Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or related field.
Experience: Six (6) years in GRC, compliance, audit, or cyber risk management.
Certifications (Preferred):
Certified Information Systems Auditor (CISA)
Certified Risk and Information Systems Control (CRISC)
Certified Governance, Risk and Compliance (CGRC)
Relevant compliance/governance certification is a plus.
Skills & Abilities:
Excellent organizational, analytical, and communication skills.
Ability to work independently and manage multiple initiatives.
Ability to participate in an on‑call rotation for after‑hours security incident escalation.
Ability to write clear, concise policies and reports.
Ability to coordinate across diverse business and technical teams.
Knowledge of GRC principles and program operations.
Experience maintaining GRC tools and repositories (e.g., OneTrust, Hyperproof, Archer, AuditBoard).
Skill in enterprise IT environments, including Windows Server, Active Directory, Azure and Microsoft 365 cloud services, and core networking concepts and configurations.
Skill in document management systems and ticketing platforms (e.g., SharePoint, Jira, ServiceNow).
Ability to manage security awareness training, including administration and coordination of phishing simulation campaigns.
Ability to work with or implement regulatory frameworks such as NIST 800‑53, CJIS, HIPAA, PCI‑DSS, or similar.
Knowledge of IT governance frameworks, compliance requirements, and security best practices.
Ability to coordinate or perform internal or external IT audits.
Ability to analyze risk and translate technical security controls into business‑impact terms.
Ability to mentor junior team members on GRC practices and standards.
Must have a valid Texas Driver’s License and good driving record.
National fingerprint‑based records check may be required.
Physical/Environmental Requirements
Standard office environment.
Ability to lift and carry up to 25 lbs unassisted.
Work a 40‑hour hybrid work week with on‑call availability for two days per month.
Sitting for extended periods of time.
#J-18808-Ljbffr