Data Security Architect, Sr

Were looking for a Senior Data Security Architect/GRC Analyst someone whos ready to grow with our company.
The GRC Analyst will play a vital role within Information Security supporting Texas Childrens governance risk and compliance initiatives. This position focuses on identifying and mitigating IT and cybersecurity risks strengthening internal controls and ensuring alignment with applicable regulatory contractual and industry standards. The analyst will collaborate closely with stakeholders across Information Services as well as clinical and non-clinical departments to maintain a strong security posture that protects Texas Childrens systems and sensitive information ensuring patient care remains uncompromised.
This role operates within a healthcare environment that adheres to frameworks and requirements including the NIST Cybersecurity Framework (CSF) HIPAA Security Rule Texas HHS Information Security Controls Texas Department of Insurance (TDI) regulations OPTN security expectations Joint Commission standards and Annual Financial Reporting Model Regulation (AFRMR).
Think youve got what it takes

Key Responsibilities
Provide guidance on IT and cybersecurity risk-related matters including identifying assessing and prioritizing risks across systems and business processes. Collaborate with business owners service owners control owners and technical teams to design implement and maintain risk-mitigating controls that reduce exposure to threats and support organizational compliance objectives.
Perform assessments of IT and security controls to verify effectiveness ensure ongoing compliance and identify opportunities for improvement.
Support the execution and delivery of internal and external assurance activities such as audits security assessments certifications and compliance reviews ensuring control evidence and documentation are complete and accurate.
Track document and report gaps control exceptions and issues; guide remediation activities and validate resolution to closure.
Review and provide input on information security policies standards and procedures to ensure continued alignment with applicable laws regulations and industry frameworks.
Provide advisory support to other GRC workstreams such as vendor risk management and security awareness ensuring consistent control expectations across the enterprise.
Offer guidance on implementing controls to mitigate risks associated with the use of AI technologies including data privacy model integrity and algorithmic transparency ensuring alignment with internal AI policies and applicable regulatory requirements.
Serve as a subject matter expert to various departments and project teams offering guidance on appropriate security technical and privacy controls that safeguard organizational assets and sensitive data.
Develop or assist in creating executive-level presentations reports and dashboards that communicate cybersecurity performance risk metrics and control effectiveness to leadership for strategic decision-making.
Utilize enterprise GRC platforms such as ServiceNow GRC to manage risk and compliance workflows; familiarity with Data Loss Prevention (DLP) Data Classification Shadow IT tools and other cybersecurity tools is preferred.

Qualifications
35 years of experience in GRC IT audit information security or risk management within a regulated industry (healthcare or insurance preferred).
Working knowledge of frameworks such as NIST CSF NIST SP 800-53 HIPAA Security Rule and state or accreditation-based security standards (e.g. Texas HHS TDI Joint Commission).
Familiarity with internal controls over financial reporting audit requirements such as SOX AFRMR (MAR).
Understanding of emerging AI governance and compliance considerations with the ability to recommend appropriate controls to mitigate AI-related risks.
Experience using GRC platforms (e.g. ServiceNow GRC Archer OneTrust or similar).
Strong understanding of IT and security control domains (access management configuration management vulnerability management incident response asset protection etc.).
Excellent communication and presentation skills with the ability to translate technical details into business-relevant insights.

Skills & Requirements
Required H.S. Diploma or GED
Preferred Licenses/Certifications:
CISSP - Security Profes. ISC2
SANS - SysAdmin Audit Network Sec. SANS
HCISPP . ISC2
Security CompTIA
CCSP . ISC2
SSCP . ISC2
Required 10 years experience in information security computer management identity access management or IS networking including at least 5 years of information security experience
Note: An associates degree will substitute for 2 years of experience. A bachelors degree will substitute for 4 years of experience.