Apply on Employer Site

Texas Health and Human Services · 5 hours ago

Cyber Security Training Awareness Coordinator

Austin, TX

Full-time

Hybrid

Mid, Senior Level

$5,797.66/mo - $9,508.25/mo

3+ years exp

Texas Health and Human Services Commission (HHSC) is dedicated to positively impacting the lives of Texans. They are seeking a Cyber Security Training Awareness Coordinator to assess training needs, develop and implement training plans, and manage security awareness initiatives to protect information resources.

Health Care

No H1B

U.S. Citizen Only

Responsibilities

Manage and operate the HHS Training and Awareness Program

Provides Security Awareness Training to help ensure employees have a solid understanding of the agency's security policies, procedures, and best practices

Defines, prepares, delivers, and facilitates an ongoing awareness campaign utilizing a wide variety of mediums and delivery mechanisms to effectively and constantly educate the organization on security related information, threats, and technology risks

Conducts and coordinates information security training and awareness initiatives for users such as the annual Cyber-Security Awareness Fair

Ensure necessary state requirements for annual awareness training are met

Maintains an in-depth knowledge of industry threats, threat trends, regulatory requirements, security technologies, vendors, and products to deliver periodic notifications of potential threats to the agency

Research and propose security awareness and training process improvements to senior staff

Act as a subject matter expert (SME) for the information security assurance program; Consults on projects to ensure IT staff and non-IT parties understand and follow security policies and standards

Review and supply feedback on the Information Security Plan including risk management, assurance practices, and security services (e.g., plans of actions & milestones)

Champions security awareness by helping with educational programs and on-going training and other communication (e.g., CISO SharePoint and website); Review and propose suggestions for existing and upcoming policies, standards, procedures, and other applicable security documentation; Plan, develop, and assist in the coordination and communication of new policies and procedures, including implementation of security guidance and practices

Assist in the creation and maintenance of criteria and materials for analyst improvement

Supports security and compliance controls through documentation in appropriate tools to ensures that the training awareness program aligns to the enterprise security and compliance requirements

Performs needs assessment of controls and programs related to security awareness and training to identify and assess compliance such as role-based training

Participates in a team that ensures sensitive data handling systems are in compliance with security controls that enforce agency policy and procedures

Researches and proposes training process improvements to senior staff

Monitors and reports on internal and external security threats, research security threats, and recommends to senior staff the appropriate changes to the security program to prevent sensitive agency data from being compromised

Participates in vendor product reviews, evaluations, demonstrations, proofs of concept and implementations

Develops clear, comprehensive, and well-defined information security policies, standards and guidelines that regulate access to the agency's systems and the information included in them

Works with auditors during fieldwork and prepares management responses to Information Security findings identified in audits. Facilitates the development of Information Security action plans related to the security training awareness program

Responds to status requests, special projects, and requests for assistance from internal and external stakeholders

Provides leadership to other security analysts in the performance of their duties

Leads and mentors other security analysts in the performance of their duties. Provides guidance and expertise within assigned specific security domains or knowledge areas to support effective performance of their duties

Builds relationships and partners with business and IT organizations

Develops and maintains effective working relationships with customers, business partners, and other team members

Responds to customer security assessments and audits

Investigates, recommends, and monitors implementation of new security products and services

Acts as a central point of contact for internal and external customers on Information Security training issues

Acts as an escalation point for complex internal and external facing Information Security training support functions

Performs or leads other duties as assigned

Qualification

Cybersecurity training programsNIST SP 800-53Enterprise Governance Risk ComplianceInformation security policiesSecurity awareness trainingProject managementCommunication skillsCritical thinkingTeam leadershipTechnical documentationProblem-solving

Required

At least 3 - 7 years' experience in information security analysis work

Experience developing and implementing IT security training and awareness programs, policy, standards, or procedures

Knowledge of the NIST Special Publications (800 Series) with particular emphasis on the SP 800-53 Security and Privacy Controls for Federal Information Systems & Organizations

Knowledge of the limitations and capabilities of computer systems; of technology across all network layers and computer platforms; of operational support of networks, operating systems, Internet technologies, databases, and security applications; and of information security practices, procedures, and regulations

Knowledge in analyzing, recommending, & developing enterprise-wide security policies, standards, & guidelines within appropriate organizational risk tolerances

Skill in implementing enforcement of security policy within technology solutions

Knowledge of enterprise security program management using Enterprise Governance Risk & Compliance solutions

Demonstrated experience with the implementation & development of business processes in Enterprise Governance Risk & Compliance solutions

Knowledge of effective project management practices & ability to effectively manage multiple priorities within a security function providing services to numerous clients

Has professional presentation skills

Excellent written, verbal communication, and presentation skills

Skill in the operation of computers and applicable software and in configuring, deploying, and monitoring security infrastructure

Skill in evaluating enterprise networks/systems for assurance of control requirements as specified by the IRS Pub.1075, Tax Information Security Guidelines for Federal, State & Local Agencies

Capable of managing control assertion & corrective action plan processes including the coordination of status updates & report submission

Critical thinking and solution development skills

Ability to resolve complex security issues in diverse and decentralized environments, to communicate effectively, and to assign and/or supervise the work of others

Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions

Preferred

Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred

Prefer one or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Global Information Assurance Certification (GIAC) or similar security certifications