1000000552.SENIOR GOVERNANCE, RISK, AND COMPLIANCE ANALYST.INFO TECH SERVICES at Dallas County

Facilitates and prepares for internal and external audit activities, including control walkthroughs, evidence collection, and remediation tracking for IT and security-related controls. Manages implementation and maintenance of security and privacy frameworks (e.g., NIST 800-53, CJIS, HIPAA, PCI-DSS), including gap analysis, control mapping, and continuous improvement efforts. Oversees lifecycle management of IT and security policies, including drafting, review coordination, approval, publication, and scheduled updates. Administers and enhances third-party/vendor risk management processes including reviews, due diligence, contract risk language, and documentation workflows. Provides guidance to departments on GRC requirements, support cross-departmental initiatives, and drive awareness of compliance responsibilities. Manages the County’s security awareness training program, including administration and coordination of phishing simulation campaigns, and delivery of cybersecurity training content for County employees. Performs other duties as assigned.

Education, Experience and Training: Education and experience equivalent to a Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or job-related field of study. Six (6) years of experience in GRC, compliance, audit, or cyber risk management. Certifications (Preferred): • Certified Information Systems Auditor (CISA) • Certified Risk and Information Systems Control (CRISC) • Certified Governance, Risk and Compliance (CGRC) • Relevant compliance/governance certification is a plus. Special Requirements/Knowledge, Skills & Abilities: • Excellent organizational, analytical, and communication skills. • Ability to work independently and manage multiple initiatives. • Ability to participate in an on-call rotation for after-hours security incident escalation. • Ability to write clear, concise policies and reports. • Ability to coordinate across diverse business and technical teams. • Knowledge of GRC principles and program operations. • Experience maintaining GRC tools and repositories (e.g., OneTrust, Hyperproof, Archer, AuditBoard). • Skill in enterprise IT environments, including Windows Server, Active Directory, Azure and Microsoft 365 cloud services, and core networking concepts and configurations. • Skill in document management systems and ticketing platforms (e.g., SharePoint, Jira, ServiceNow). • Ability to manage security awareness training, including administration and coordination of phishing simulation campaigns. • Ability to work with or implement regulatory frameworks such as NIST 800-53, CJIS, HIPAA, PCI-DSS, or similar. • Knowledge of IT governance frameworks, compliance requirements, and security best practices. • Ability to coordinate or perform internal or external IT audits. • Ability to analyze risk and translate technical security controls into business-impact terms. • Ability to mentor junior team members on GRC practices and standards. Must have a valid Texas Driver's License and good driving record. Will be required to provide a copy of 10-year driving history. Must maintain a good driving record and remain in compliance with Article II, Subdivision II of Chapter 90 of the Dallas County Code. “Individuals holding or considered for a position which has, or may have, access to criminal justice databases including the FBI Criminal Justice Information Systems, NCIC/TCIC and similar databases, must pass a national fingerprint-based records check prior to placement in such position and may be denied placement in such positions and/or access to such systems. Incumbents must also maintain the ability to pass the records check while in the position or until such time that the Commissioners Court and the County Civil Service Commission deem this position no longer has this requirement.” Physical/Environmental Requirements: Standard office environment. Ability to lift and carry up to 25 lbs. unassisted. Work a 40-hour hybrid work week with on-call availability for two (2) days per month. Sitting for extended periods of time.