Centralized Accounting and Payroll/Personnel System
Cybersecurity Governance, Risk, Compliance Manager (Cybersecurity Analyst IV)
Centralized Accounting and Payroll/Personnel System, Austin, Texas, us, 78716
Job Description
Cybersecurity Governance, Risk, Compliance Manager (Cybersecurity Analyst IV) (00055371)
Organization TEXAS EDUCATION AGENCY
Primary Location Texas-Austin
Work Locations Texas Education Agency, 1701 NORTH CONGRESS AVENUE, Austin 78701
Job Computer and Mathematical
Employee Status Regular
Schedule (No information)
Travel Yes, 5 % of the Time
State Job Code 0322
Salary Admin Plan B
Grade 29
Salary (Pay Basis) 8,488.34 - 10,169.92 (Monthly)
Number of Openings 1
Overtime Status Exempt
Job Posting Jan 21, 2026, 4:47:23 PM
Closing Date Ongoing
Mission The Texas Education Agency (TEA) will improve outcomes for all public‑school students in the state by providing leadership, guidance, and support to school systems.
Core Values
We are Determined:
We are committed and intentional in the pursuit of our main purpose, to improve outcomes for students.
We are People‑Centered:
We strive to attract, develop, and retain the most committed talent, representing the diversity of Texas, each contributing to our common vision for students.
We are Learners:
We seek evidence, reflect on success and failure, and try new approaches in the pursuit of excellence for our students.
We are Servant Leaders:
Above all else, we are public servants working to improve opportunities for students and provide support to those who serve them.
New hires, re‑hires, and internal hires will typically receive a starting salary between the posted minimum and the average pay of employees in their same classification. Offers will be commensurate with the candidate’s experience and qualifications and will thoughtfully consider internal pay equity for agency staff who perform similar duties and have similar qualifications. The top half of the posted salary range is generally reserved for candidates who exceed the requirements and qualifications for the role. The maximum salary range is reserved for candidates that far exceed the required and preferred qualifications for the role.
About Office of Information Technology The Office of Information Technology works closely with all agency divisions to implement innovative technology solutions in a cost‑efficient manner that supports the goals and priorities of the Texas Education Agency. The Office of IT provides efficient technology solutions and stellar customer services to internal staff, 20 Educational Service Centers, and 1,200‑plus public‑school districts and charter schools. The following services are provided by IT: leadership on IT initiatives; guidance on security/policy issues; new application development/enhancements; software acquisition; technical support; assistance with technical sections of purchasing documents such as Request for Information (RFI), Request for Offers (RFO), Request for Proposals (RFP); and oversight on the data collection process which helps to support and improve outcomes for all of Texas’ 5 million‑plus students.
Position Overview The Cybersecurity Governance Risk and Compliance (GRC) Manager performs advanced (senior‑level) information security and cybersecurity analysis work. The GRC Manager reports to the Executive Director of IT Administration and Compliance in the Office of Information Technology and will work closely with the Chief Information Security Officer and the Cybersecurity Operations Manager. The GRC Manager serves as the lead subject matter expert for GRC initiatives, collaborating closely with risk management, security operations and leaders across the agency. The GRC Manager is responsible for overseeing enterprise risks, conducting risk analyses, implementing and advancing policies and a comprehensive control framework to execute the GRC strategy. This role will oversee the administration of standards and controls, risk management, third‑party risk, baseline security controls and technology compliance initiatives. The GRC Manager will be solution oriented, and have a strong background in cybersecurity principles, risk management frameworks, and regulatory compliance. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment. The GRC Manager will also work with internal and external team members to support the K12 Cybersecurity initiative by working to enhance cybersecurity in our Texas school systems. Employees at this level may independently perform the most complex information security and cybersecurity work and advise management and users regarding security configurations and procedures.
Essential Functions
Cybersecurity Governance Framework: Create, approve, and enforce security policies, standards, and procedures that align with strategic business goals and the overall risk appetite of the organization, ensuring alignment with TAC 202 requirements and best practices in accordance with NIST. Implement process improvements using GRC tools and methodologies to drive productive gains.
Oversee Third Party and Vendor Risk Assessments: Establish a comprehensive risk management program that regularly conducts formal risk assessments. Additionally, this role is responsible for evaluating the effectiveness of current controls and recommending mitigation strategies based on risk severity.
Ensure Continuous Regulatory and Policy Compliance: Ensure adherence to internal policies, as well as external regulations and legal mandates such as TAC 202 and NIST. Establish and maintain a continuous monitoring program for tracking and resolving non‑compliance issues.
Executive Level Reporting and Communication: Coordinate with stakeholders to communicate emerging risks across the organization and implement effective risk mitigation strategies.
Team Management and Supervision: Guide the team to align with security, audit, and risk management efforts in ongoing security program assessments. This role will also provide guidance to team members to ensure compliance with relevant laws and regulations.
Qualifications Minimum Qualifications
Education:
Graduation from an accredited four‑year college or university.
Experience:
At least six (6) years of experience in Cybersecurity, Risk Management, or Audit.
Substitutions:
An advanced degree may substitute for two years of required experience.
Other Qualifications
Share the belief that all Texas students can achieve at high levels and are able to succeed in college, career, or the military.
Understanding of frameworks, regulations and laws such as ISO, NIST, FERPA.
Proficient in GRC tools for tracking and managing compliance, conducting risk assessments and reporting.
Experience leading teams in handling both legacy and emerging technologies to manage business risk and enforce security controls is preferred.
Project management skills for working with stakeholders and completing projects on time and in scope.
Excellent written and verbal communication skills for both business and cybersecurity contexts.
Commitment to sharing up to date industry knowledge with team to elevate overall GRC program expertise.
Knowledge of Information Technology infrastructure, including routers, switches, firewalls, databases, operating systems, encryption, load balancing, intrusion prevention systems, and network protocols and concepts.
Research, evaluate, and recommend information‑security‑related hardware and software, including developing business cases for security investments.
As an equal opportunity employer, we hire without consideration to race, religion, color, national origin, sex, disability, age or veteran status, unless an applicant is entitled to the military employment preference.
To review the Military Occupational Specialty (MOS) codes from each branch of the U.S. Armed Forces to each job classification series in the State’s Position Classification Plan (provided by the State Auditor's Office), please access the Military Crosswalk (occupational specialty code) Guide and click on the military “occupational category” that corresponds with the state classification in this job posting title.
This position requires the applicant to meet Agency standards and criteria which may include passing a pre‑employment criminal background check, prior to being offered employment by the Agency.
To learn more about working at TEA, including hiring timelines, process details, and candidate resources, please visit the Employment at TEA page.
No phone calls or emails, please. Due to the high volume of applications, we do not accept telephone calls and cannot reply to all email inquiries. Only candidates selected for interview will be contacted. Please add "capps.recruiting@cpa.texas.gov" and "@tea.texas.gov" to your safe senders list to ensure you receive email notifications from our talent acquisition team and/or hiring division regarding your candidacy.
#J-18808-Ljbffr
Organization TEXAS EDUCATION AGENCY
Primary Location Texas-Austin
Work Locations Texas Education Agency, 1701 NORTH CONGRESS AVENUE, Austin 78701
Job Computer and Mathematical
Employee Status Regular
Schedule (No information)
Travel Yes, 5 % of the Time
State Job Code 0322
Salary Admin Plan B
Grade 29
Salary (Pay Basis) 8,488.34 - 10,169.92 (Monthly)
Number of Openings 1
Overtime Status Exempt
Job Posting Jan 21, 2026, 4:47:23 PM
Closing Date Ongoing
Mission The Texas Education Agency (TEA) will improve outcomes for all public‑school students in the state by providing leadership, guidance, and support to school systems.
Core Values
We are Determined:
We are committed and intentional in the pursuit of our main purpose, to improve outcomes for students.
We are People‑Centered:
We strive to attract, develop, and retain the most committed talent, representing the diversity of Texas, each contributing to our common vision for students.
We are Learners:
We seek evidence, reflect on success and failure, and try new approaches in the pursuit of excellence for our students.
We are Servant Leaders:
Above all else, we are public servants working to improve opportunities for students and provide support to those who serve them.
New hires, re‑hires, and internal hires will typically receive a starting salary between the posted minimum and the average pay of employees in their same classification. Offers will be commensurate with the candidate’s experience and qualifications and will thoughtfully consider internal pay equity for agency staff who perform similar duties and have similar qualifications. The top half of the posted salary range is generally reserved for candidates who exceed the requirements and qualifications for the role. The maximum salary range is reserved for candidates that far exceed the required and preferred qualifications for the role.
About Office of Information Technology The Office of Information Technology works closely with all agency divisions to implement innovative technology solutions in a cost‑efficient manner that supports the goals and priorities of the Texas Education Agency. The Office of IT provides efficient technology solutions and stellar customer services to internal staff, 20 Educational Service Centers, and 1,200‑plus public‑school districts and charter schools. The following services are provided by IT: leadership on IT initiatives; guidance on security/policy issues; new application development/enhancements; software acquisition; technical support; assistance with technical sections of purchasing documents such as Request for Information (RFI), Request for Offers (RFO), Request for Proposals (RFP); and oversight on the data collection process which helps to support and improve outcomes for all of Texas’ 5 million‑plus students.
Position Overview The Cybersecurity Governance Risk and Compliance (GRC) Manager performs advanced (senior‑level) information security and cybersecurity analysis work. The GRC Manager reports to the Executive Director of IT Administration and Compliance in the Office of Information Technology and will work closely with the Chief Information Security Officer and the Cybersecurity Operations Manager. The GRC Manager serves as the lead subject matter expert for GRC initiatives, collaborating closely with risk management, security operations and leaders across the agency. The GRC Manager is responsible for overseeing enterprise risks, conducting risk analyses, implementing and advancing policies and a comprehensive control framework to execute the GRC strategy. This role will oversee the administration of standards and controls, risk management, third‑party risk, baseline security controls and technology compliance initiatives. The GRC Manager will be solution oriented, and have a strong background in cybersecurity principles, risk management frameworks, and regulatory compliance. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment. The GRC Manager will also work with internal and external team members to support the K12 Cybersecurity initiative by working to enhance cybersecurity in our Texas school systems. Employees at this level may independently perform the most complex information security and cybersecurity work and advise management and users regarding security configurations and procedures.
Essential Functions
Cybersecurity Governance Framework: Create, approve, and enforce security policies, standards, and procedures that align with strategic business goals and the overall risk appetite of the organization, ensuring alignment with TAC 202 requirements and best practices in accordance with NIST. Implement process improvements using GRC tools and methodologies to drive productive gains.
Oversee Third Party and Vendor Risk Assessments: Establish a comprehensive risk management program that regularly conducts formal risk assessments. Additionally, this role is responsible for evaluating the effectiveness of current controls and recommending mitigation strategies based on risk severity.
Ensure Continuous Regulatory and Policy Compliance: Ensure adherence to internal policies, as well as external regulations and legal mandates such as TAC 202 and NIST. Establish and maintain a continuous monitoring program for tracking and resolving non‑compliance issues.
Executive Level Reporting and Communication: Coordinate with stakeholders to communicate emerging risks across the organization and implement effective risk mitigation strategies.
Team Management and Supervision: Guide the team to align with security, audit, and risk management efforts in ongoing security program assessments. This role will also provide guidance to team members to ensure compliance with relevant laws and regulations.
Qualifications Minimum Qualifications
Education:
Graduation from an accredited four‑year college or university.
Experience:
At least six (6) years of experience in Cybersecurity, Risk Management, or Audit.
Substitutions:
An advanced degree may substitute for two years of required experience.
Other Qualifications
Share the belief that all Texas students can achieve at high levels and are able to succeed in college, career, or the military.
Understanding of frameworks, regulations and laws such as ISO, NIST, FERPA.
Proficient in GRC tools for tracking and managing compliance, conducting risk assessments and reporting.
Experience leading teams in handling both legacy and emerging technologies to manage business risk and enforce security controls is preferred.
Project management skills for working with stakeholders and completing projects on time and in scope.
Excellent written and verbal communication skills for both business and cybersecurity contexts.
Commitment to sharing up to date industry knowledge with team to elevate overall GRC program expertise.
Knowledge of Information Technology infrastructure, including routers, switches, firewalls, databases, operating systems, encryption, load balancing, intrusion prevention systems, and network protocols and concepts.
Research, evaluate, and recommend information‑security‑related hardware and software, including developing business cases for security investments.
As an equal opportunity employer, we hire without consideration to race, religion, color, national origin, sex, disability, age or veteran status, unless an applicant is entitled to the military employment preference.
To review the Military Occupational Specialty (MOS) codes from each branch of the U.S. Armed Forces to each job classification series in the State’s Position Classification Plan (provided by the State Auditor's Office), please access the Military Crosswalk (occupational specialty code) Guide and click on the military “occupational category” that corresponds with the state classification in this job posting title.
This position requires the applicant to meet Agency standards and criteria which may include passing a pre‑employment criminal background check, prior to being offered employment by the Agency.
To learn more about working at TEA, including hiring timelines, process details, and candidate resources, please visit the Employment at TEA page.
No phone calls or emails, please. Due to the high volume of applications, we do not accept telephone calls and cannot reply to all email inquiries. Only candidates selected for interview will be contacted. Please add "capps.recruiting@cpa.texas.gov" and "@tea.texas.gov" to your safe senders list to ensure you receive email notifications from our talent acquisition team and/or hiring division regarding your candidacy.
#J-18808-Ljbffr