Information Security Lead
Information Security Lead
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The Lead GRC Analyst will be instrumental in establishing and operationalizing Harris County s cybersecurity governance structure through the development and daily management of the Cyber Review Program. This strategic role supports the GRC Manager in embedding cybersecurity risk assessments governance protocols and awareness activities into the county s enterprise-wide technology initiatives.
The ideal candidate is a self-starter with proven experience in building and managing GRC functions facilitating cross-functional collaboration and aligning risk oversight with regulatory frameworks such as NIST CJIS HIPAA and PCI-DSS. This role requires strong project coordination skills the ability to drive governance processes independently and a deep understanding of public sector security compliance.
Key Responsibilities:
Governance Risk & Compliance (GRC) Program Development
Design implement and manage the Cybersecurity Risk process including intake workflows assessment coordination and centralized tracking.
Develop comprehensive governance artifacts including risk assessment templates SOPs operational guides and reporting structures.
Facilitate risk reviews ensuring consistent and risk-aligned evaluation of technology projects.
Track remediation efforts monitor open findings and support escalation of high-risk items to executive leadership.
Ensure all processes align with applicable regulatory standards including CJIS HIPAA and state cybersecurity mandates.
Cybersecurity Awareness & Engagement
Collaborate with the cybersecurity awareness team to develop and disseminate training materials targeted at project stakeholders.
Promote a culture of cyber hygiene and compliance across departments through ongoing engagement and education.
Project Documentation & Stakeholder Communication
Prepare strategic roadmaps presentations and executive-level communication in support of cybersecurity objectives.
Serve as the primary liaison between cybersecurity teams project managers and the IT Review Board ensuring clear and consistent communication.
Requirements
Minimum Qualifications:
Experience working in a public sector or regulated government environment.
A High School Diploma or GED accompanied by a recognized cybersecurity certification (e.g. Security SSCP or equivalent) or a Bachelor s degree in a related field such as Cybersecurity Information Technology or Information Systems.
5 years of experience in Governance Risk and Compliance (GRC) cybersecurity IT audit or risk management.
Demonstrated experience building or managing cybersecurity governance frameworks or review committees.
Strong working knowledge of key security and privacy frameworks and regulations including NIST CSF ISO 27001 HIPAA GDPR and SOC 2.Skilled in developing SOPs risk documentation and leadership-ready reporting artifacts.
Excellent written and verbal communication skills with experience engaging technical and non-technical stakeholders.
Proficient with collaboration and intake platforms such as SharePoint ServiceNow or Excel-based dashboards.
Preferred Qualifications:
Practical experience using GRC platforms such as Archer ServiceNow GRC or MetricStream.
Familiarity with cybersecurity awareness platforms (e.g. KnowBe4) and training implementation strategies.
Strong analytical organizational and problem-solving skills.
Ability to communicate effectively with technical and non-technical audiences.
Knowledge of cybersecurity principles risk management practices and regulatory environments.
Proficient in Microsoft Office 365 including Excel PowerPoint and SharePoint.
Ability to work independently and collaboratively in a fast-paced environment.
Working Conditions
Hybrid - 3 days in office 2 WFH
Minimum Qualifications: Experience working in a public sector or regulated government environment. A High School Diploma or GED accompanied by a recognized cybersecurity certification (e.g., Security+, SSCP, or equivalent), or a Bachelor s degree in a related field such as Cybersecurity, Information Technology, or Information Systems. 5+ years of experience in Governance, Risk, and Compliance (GRC), cybersecurity, IT audit, or risk management. Demonstrated experience building or managing cybersecurity governance frameworks or review committees. Strong working knowledge of key security and privacy frameworks and regulations, including NIST CSF, ISO 27001, HIPAA, GDPR, and SOC in developing SOPs, risk documentation, and leadership-ready reporting artifacts. Excellent written and verbal communication skills with experience engaging technical and non-technical stakeholders. Proficient with collaboration and intake platforms such as SharePoint, ServiceNow, or Excel-based dashboards. Preferred Qualifications: Practical experience using GRC platforms such as Archer, ServiceNow GRC, or MetricStream. Familiarity with cybersecurity awareness platforms (e.g., KnowBe4) and training implementation strategies. Strong analytical, organizational, and problem-solving skills. Ability to communicate effectively with technical and non-technical audiences. Knowledge of cybersecurity principles, risk management practices, and regulatory environments. Proficient in Microsoft Office 365, including Excel, PowerPoint, and SharePoint. Ability to work independently and collaboratively in a fast-paced environment.
Employment Type
Full Time
