×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Governance, Risk & Compliance Director

Job in Austin, Travis County, Texas, 78716, USA
Listing for: Texas Health and Human Services
Full Time, Part Time, Seasonal/Temporary position
Listed on 2026-03-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 7716 USD Monthly USD 7716.00 MONTH
Job Description & How to Apply Below

Overview

Date:
Feb 3, 2026

Location:

AUSTIN, TX
Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more.

Explore more details on the Benefits of Working at HHS webpage.

Functional

Title:

 Governance, Risk & Compliance Director

Job Title: Director III

Agency: Health & Human Services Comm

Department: CHIEF INFO SECURITY OFFICE

Posting Number: 13442

Closing Date: 05/04/2026

Posting Audience: Internal and External

Occupational Category: Computer and Mathematical

Salary Group: TEXAS-B-28

Salary Range: $7,716.66 - $13,051.00

Pay Frequency: Monthly

Shift: Day

Additional Shift: Days (First)

Telework:

Travel: Regular/Temporary

Full Time/Part Time: Full time

FLSA Exempt/Non-Exempt: Exempt

Facility

Location:

Job Location City: AUSTIN

Job Location Address: 4601 W GUADALUPE ST

Other Locations: MOS Codes: ,C0,111X,112X,113X,114X,20C0,30C0,40C0,611X,612X,631X,641X,648X,90G0,91C0,91W0
97E0,SEI
15

Brief Job Description

This position is open to permanent residents or US citizens only. The GRC Director serves as the senior leader for Governance, Risk, and Compliance functions within the HHSC Office of the Chief Information Security Officer. This position directs enterprise cybersecurity governance frameworks, risk management programs, and compliance oversight to ensure HHSC information systems and services meet federal and state cybersecurity requirements, including NIST 800-53 Rev.

5, MARS-E 2.0, HIPAA, Texas DIR standards, and HHSC security policies. The role provides executive oversight of Authorization to Operate (ATO) governance, System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), Risk-Based Decisions (RBDs), Vendor Risk Management, Insider Risk Management, security awareness compliance, and audit readiness. The GRC Director ensures cybersecurity risks impacting confidentiality, integrity, and availability are consistently identified, documented, mitigated, or formally accepted in a defensible manner.

Essential

Job Functions (EJFs)

Enterprise Governance, Risk & Compliance Leadership

  • Direct HHSC’s enterprise cybersecurity governance, risk, and compliance programs.
  • Establish risk management frameworks, tolerance thresholds, escalation procedures, and reporting mechanisms.
  • Provide executive-level risk posture reporting and compliance dashboards.
  • Ensure alignment of cybersecurity governance with HHSC strategic objectives and regulatory obligations.
  • Authorization to Operate (ATO) Governance
  • Lead and oversee ATO and ATO renewal processes for HHSC systems and applications.
  • Coordinate with system owners, ISSOs, assessors, auditors, and Authorizing Officials.
  • Validate ATO artifacts including SSPs, SARs, POA&Ms, and RBDs.
  • Facilitate executive risk acceptance and authorization decisions.

POA&M and SAR Oversight

  • Direct lifecycle management of POA&Ms for remediation of security findings.
  • Review and validate SARs, compensating controls, and residual risk statements.
  • Monitor remediation progress and escalate overdue or systemic risk items.

System Security Plan (SSP) Oversight

  • Oversee development and maintenance of SSPs aligned with NIST and MARS-E.
  • Ensure SSPs accurately reflect system boundaries, implemented controls, and operating environments.
  • Provide authoritative guidance on control documentation standards.

Vendor and Third-Party Risk Management

  • Direct cybersecurity risk management for vendors and third-party service providers.
  • Review vendor security artifacts including TxRAMP packages, SOC reports, security questionnaires, and contract clauses.
  • Provide cybersecurity risk input into procurement, contract negotiations, and renewals.
  • Ensure vendor risks are mitigated or formally accepted.

Insider Risk Management

  • Lead insider risk governance in collaboration with IAM, SOC, HR, Legal, and Privacy.
  • Assess…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search