Data Security Analyst at Texas Children's Medical Center

DescriptionThe Data Security Analyst is responsible for supporting the organizations Governance Risk and Compliance (GRC) program through the review of ServiceNow GRC tickets assessment of associated risks and preparation of clear well-documented analyses. This role facilitates security exception reviews maintains policy governance processes and ensures organizational alignment to regulatory frameworks such as NIST and HIPAA. The Data Security Analyst collaborates with leaders business owners and technical teams to drive effective risk management and maintain audit-ready documentation.Think youve got what it takesKey ResponsibilitiesGRC Ticket Review & Risk AnalysisReview triage and analyze GRC-related ServiceNow tickets.Identify and document risks impacts and business justifications.Draft clear and complete responses for requestors and stakeholders.Communicate updates escalations and decisions to leaders and service owners.Security Exception ManagementReview and evaluate security exception requests to policies and standards.Determine impact and likelihood using approved methodologies.Document risk statements compensating controls and accountability expectations.Prepare and communicate risk acceptance recommendations to leadership.Analyze threats vulnerabilities likelihood and impact to determine overall exposure.Draft risk assessment summaries recommendations and mitigation strategies.Maintain supporting documentation for audit and compliance review.Policy & Procedure GovernanceFacilitate drafting review approval and annual refresh of policies and procedures.Maintain version control ensure revisions are documented and produce finalized clean versions.Coordinate with policy owners to ensure alignment with internal standards and regulatory requirements.Regulatory & Framework AlignmentInterpret and apply NIST HIPAA and organizational control requirements.Ensure assessments and documentation reflect regulatory and framework expectations.Provide guidance on compliance requirements to stakeholders across the organization.Knowledge ManagementUpdate and maintain Security Knowledge Articles within ServiceNow.Ensure articles are accurate current and accessible to users.Collaborate with subject matter experts to identify and close knowledge gaps.Operational Support & Ad-Hoc AssignmentsAssist in audit preparation compliance reporting and evidence collection.Support continuous improvement initiatives within the GRC program.Respond to daily and ad-hoc requests from leadership and internal partners.Participate in team meetings special projects and GRC initiatives.Performance ExpectationsQuality & AccuracyProduces high-quality complete and well-organized risk analyses assessments and documentation.Ensures all work aligns with NIST HIPAA and internal policy requirements.TimelinessResponds to ServiceNow tickets within defined SLAs.Delivers assessments and documentation by established deadlines.Communicates proactively regarding delays or issues.Risk Judgment & Critical ThinkingApplies consistent well-justified risk ratings and identifies mitigation opportunities.Escalates high-risk items appropriately and collaborates effectively on resolutions.Communication & CollaborationDrafts clear professional communications for leaders technical teams and business owners.Works collaboratively across departments to resolve issues and drive outcomes.Process OwnershipMaintains updated knowledge articles accurate documentation and organized tracking.Demonstrates strong ownership of assigned GRC processes and tasks.Professionalism & ReliabilityMaintains confidentiality and handles sensitive information responsibly.Consistently meets expectations with minimal rework and limited supervision.Adaptability & InitiativeResponds effectively to shifting priorities and ad-hoc needs.Demonstrates initiative by identifying risks early and suggesting process improvements.Skills & RequirementsBachelors degree in computer science required (Good to have Information Security IT Compliance or related field)1 year computer management or networking field including some in information security required25 years of experience in GRC compliance or security roles is preferred.Familiarity with NIST frameworks HIPAA Security Rule requirements and risk methodologies is preferred.Experience with ServiceNow GRC or similar platforms is a plus.Strong analytical communication and documentation skills is preferred.Required Experience:IC Key Skills Data Analytics,Microsoft Access,SQL,Power BI,R,Data Visualization,Tableau,Data Management,Data Mining,SAS,Data Analysis Skills,Analytics Employment Type : Full-Time Experience: years Vacancy: 1