Information Security Portfolio Manager (ISPM)

Career Opportunities: Information Security Portfolio Manager (ISPM) (16696) Posting ID: 16696 - Posted. Health & Human Services Comm, CHIEF INFO SECURITY OFFICE, Computer and Mathematical. Additional Shift available (1). Salary: $7,000 - $8,999 per month. Job Information Functional Title: Information Security Portfolio Manager (ISPM) Job Title: Cybersecurity Analyst III Agency: Health & Human Services Comm Department: CHIEF INFO SECURITY OFFICE Posting Number: 16696 Closing Date: 07/05/2026 Posting Audience: Internal and External Occupational Category: Computer and Mathematical Salary Range: $7,015.16 - $10,416.66 (Monthly) Salary Group: TEXAS-B-27 Shift: Day (Additional Shift: Days – First) Telework: None Travel: None Employment: Regular, Full time, Exempt Location City: Austin, 701 W 51st ST Eligibility and Application This position is open to U.S. Citizens and permanent residents. This onsite role requires the selected candidate to work from an HHS office in Austin, Texas. Brief Job Description This position performs senior-level information security analysis with emphasis on Archer eGRC development and administration functions. Researches, evaluates, and recommends managerial, technical and operational controls and procedures for the appropriate protection and reduction of risk for information resources. Evaluates business objectives and advises partners on security and compliance requirements and the associated risks. Develops, recommends, and evaluates implementation plans designed to safeguard information systems against accidental or unauthorized modification, destruction, or disclosure, for agency and third-party administered systems. Develops, monitors, evaluates, and maintains system security plans and corrective action plans to ensure protection from unauthorized users. Designs and develops solutions in the eGRC platform and provides guidance to agency staff. Coordinates/trains HHS Agencies on eGRC solutions. Independently interfaces with executive management throughout the agency to assist the CISO in delivering the information security program. Essential Job Functions (EJFs) Provides highly advanced consultative and technical assistance regarding development and administration of the Archer eGRC platform. (55%) Provides Archer eGRC subject matter leadership to other personnel where applicable. (25%) Performs needs assessment to identify requirements of automated systems and evaluates enterprise information security compliance standards. (10%) Provides security and risk management services by performing risk identification, assessment, and remediation as well as regulatory and internal compliance monitoring using standards and processes. Advises management and users regarding enterprise security program functions. (5%) Attends work on a regular and predictable schedule in accordance with agency leave policy and performs other duties as assigned. (5%) Knowledge, Skills and Abilities (KSAs) Knowledge of enterprise security program management using Enterprise Governance Risk and Compliance solutions. Knowledge of effective project management practices and ability to manage multiple priorities within a security function providing services to numerous clients. Knowledge of compliance requirements including TAC 202, HIPAA/HITECH, IRS Publication 1075, Social Security Administration requirements, Texas Business and Commerce Code, and Texas Health and Safety Code. Knowledge in analyzing, recommending, and developing enterprise-wide security policies, standards, and guidelines within appropriate organizational risk tolerances. Knowledge and understanding of audit principles for the coordination and advisement of appropriate management action plans to address control deficiencies. In-depth knowledge and understanding of NIST Special Publications (800 Series), especially SP 800-53 Security and Privacy Controls. Knowledge and understanding of security program deficiencies and articulating those deficiencies to stakeholders. Extensive knowledge of the control structures and application of controls. Knowledge and understanding of audit principles related to responding to IT and Security audits. Knowledgeable of NIST classes and families. Experience performing risk assessments. Professional presentation skills. Interpersonal communication and collaboration skills for providing security services to multiple clients. Critical thinking, root cause analysis, and complex problem solving in information technology security threats, ensuring confidentiality, integrity, and availability of agency data and systems. Implementation of enforcement of security policy within technology solutions. Evaluation of enterprise networks and systems for assurance of control requirements as specified by IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies. Ability to manage the control assertion and corrective action plan processes including status updates and report submission. Ability to maintain security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with national security and ownership restriction laws. Registrations, Licensure Requirements or Certifications Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Global Information Assurance Certification (GIAC), RSA Archer Certified Administrator 5.x or similar certifications preferred. Initial Screening Criteria Minimum Qualifications Bachelor’s degree in information security, Information Technology, or related field, or equivalent experience on a year-for-year basis. Minimum of five (5) years of experience in cybersecurity governance, risk management, or compliance. Experience implementing RMF and security authorization processes. Experience working with enterprise GRC and IT service management tools. Preferred Qualifications Experience in public sector or healthcare security governance environments. Additional Information Candidates for this position will be subject to a pre-employment security review to determine employment eligibility. This is an onsite position, with 5 days in office required. Any employment offer is contingent upon available budgeted funds. Salary will be determined according to budgetary limits and the requirements of HHSC Human Resources Manual. Active Duty, Military, Reservists, Guardsmen, and Veterans Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor's Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions. ADA Accommodations In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the online application, contact the HHS Employee Service Center at View phone number on click.appcast.io. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview. Pre-Employment Checks and Work Eligibility Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks. HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form. Telework Disclaimer This position may be eligible for telework. Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs. #J-18808-Ljbffr