0000002092.Governance, Risk, And Compliance Analyst.Info Tech Services

About the position Supports Dallas County’s governance, risk, and compliance (GRC) program by conducting control assessments, supporting regulatory audits, coordinating policy management, and assisting with vendor risk and compliance processes. Works across departments to ensure that security, privacy, and compliance requirements are documented, implemented, and tracked through their lifecycle. Responsibilities • Assists in the coordination and documentation of compliance activities related to NIST, CJIS, HIPAA, and other frameworks. • Gathers evidence, prepares reports, and supports audit requests. • Conducts control assessments and tracks remediation activities. • Maintains GRC platform records and supports reporting and dashboard updates. • Participates in policy and standard development, ensuring version control, stakeholder review, and publication across systems. • Assists with the management, tracking and reporting of security awareness training and phishing simulation campaigns. • Supports vendor risk management activities by distributing and reviewing vendor questionnaires, documenting findings, and assisting in risk decisions. • Collaborates with cross-functional teams to capture risk information, assesses threats to systems and data, and documents findings in risk registers. • Performs other duties as assigned. Requirements • Education and experience equivalent to a Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, or job-related field of study. • Five (5) years of work-related experience in GRC, IT audit, cybersecurity risk, or compliance. • Excellent organizational, analytical, and communication skills. • Ability to work independently and manage multiple initiatives. • Ability to write clear, concise policies and reports. • Ability to coordinate across diverse business and technical teams. • Ability to participate in an on-call rotation for after-hours security incident escalation. • Knowledge of GRC principles and program operations. • Knowledge of enterprise IT environments, including Windows Server, Active Directory, Azure and Microsoft 365 cloud services, and core networking concepts and configurations. • Knowledge of document management systems and ticketing platforms (e.g., SharePoint, Jira, ServiceNow). • Ability to interpret and apply regulatory or policy requirements in practical IT/security environments. • Knowledge of IT governance frameworks, compliance requirements, and security best practices. • Knowledge of CJIS, NIST 800-53, HIPAA, or PCI-DSS compliance programs. • Knowledge of internal or external IT audit process. • Ability to translate technical security controls into business-impact terms. • Ability to assist with third-party risk assessments, security reviews, and compliance gap analyses. • Must have a valid Texas Driver's License and good driving record. • Will be required to provide a copy of 10-year driving history. • Must maintain a good driving record and remain in compliance with Article II, Subdivision II of Chapter 90 of the Dallas County Code. • “Individuals holding or considered for a position which has, or may have, access to criminal justice databases including the FBI Criminal Justice Information Systems, NCIC/TCIC and similar databases, must pass a national fingerprint-based records check prior to placement in such position and may be denied placement in such positions and/or access to such systems. Incumbents must also maintain the ability to pass the records check while in the position or until such time that the Commissioners Court and the County Civil Service Commission deem this position no longer has this requirement.” • Standard office environment. • Ability to lift and carry up to 25 lbs. unassisted. • Work a 40-hour hybrid work week with on-call availability for two (2) days per month. • Sitting for extended periods of time Nice-to-haves • Relevant compliance/governance certifications Apply tot his job