Cybersecurity Risk Manager

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.

Functional Title: Cybersecurity Risk Manager 
Job Title: Manager VI 
Agency: Health & Human Services Comm 
Department: CHIEF INFO SECURITY OFFICE 
Posting Number: 13677 
Closing Date: 04/07/2026 
Posting Audience: Internal and External 
Occupational Category: Computer and Mathematical 
Salary Group: TEXAS-B-27 
Salary Range: $7,015.16 - $11,250.00 
Pay Frequency: Monthly
Shift: Day 
Additional Shift: Days (First) 
Telework:  
Travel:  
Regular/Temporary: Regular 
Full Time/Part Time: Full time 
FLSA Exempt/Non-Exempt: Exempt 
Facility Location:  
Job Location City: AUSTIN 
Job Location Address: 4601 W GUADALUPE ST 
Other Locations:  
MOS Codes: 0203,0207,0302,0520,0602,0802,1802,5502,6302,6502,7202,7208,7210,7220,111X,112X,113X,114X,16GX,41AX 
611X,612X,631X,632X,641X,648X,86M0,86P0,8U000,9G100,SEI15 
 
 

Brief Job Description:

This position is open to permanent residents or U.S. citizens only.

The Cybersecurity Risk Manager serves as a senior leader within the HHSC Office of the CISO and is responsible for establishing, maturing, and operationalizing the enterprise cybersecurity risk management program across the agency’s complex technology environment. This role ensures that cybersecurity risks are proactively identified, assessed, communicated, and managed in alignment with Texas DIR requirements, NIST frameworks, HIPAA, IRS Safeguards, CMS, and other federal and state regulatory obligations.

The Risk Manager provides strategic oversight of risk governance processes including system risk assessments, control validation, risk exception management, POA&M tracking, third-party risk coordination, and executive risk reporting. This position plays a critical role in enabling informed risk-based decision making by translating complex technical risks into clear business impacts for executive leadership.

This role partners closely with Security Operations, Cloud Security, Privacy, Legal, Enterprise Architecture, Internal Audit, and program leadership to ensure risks are managed consistently and that security controls scale with agency technology growth.

The Cybersecurity Risk Manager operates with a high degree of independence, exercises sound judgment in evaluating enterprise risk posture, and functions as a trusted advisor to the CISO, Deputy CISO and GRC Director.

Essential Job Functions (EJFs):

•       Lead the enterprise cybersecurity risk management program for HHSC.

•       Direct and oversee agency-wide security risk assessments and control evaluations.

•       Establish standardized methodologies for risk identification, scoring, and reporting.

•       Maintain executive-level risk dashboards and brief leadership on emerging threats and systemic exposure.

•       Oversee POA&M governance to ensure timely remediation of identified control gaps.

•       Manage the risk exception process, ensuring formal documentation, compensating controls, and appropriate risk acceptance authority.

•       Coordinate with compliance teams to support audits including DIR, CPA, CMS, IRS Safeguards, and HIPAA reviews.

•       Partner with Security Operations to ensure operational risks are escalated and tracked appropriately.

•       Provide cybersecurity risk input for major technology initiatives including cloud migrations, enterprise platforms, AI adoption, and network transformation.

•       Guide third-party and vendor risk activities in coordination with procurement and legal.

•       Develop and maintain cybersecurity risk policies, standards, and procedures.

•       Promote a strong risk-aware culture across business and technology teams.

•       Supervise risk analysts and support staff as assigned, including ITSAC staff.

Knowledge, Skills and Abilities (KSAs):

• Advanced knowledge of regulatory environments
• Strong understanding of governance platforms such as RSA Archer or similar GRC tools.
• Deep knowledge of frameworks such as:
  • • • NIST 800-53
      • NIST CSF
      • Texas DIR Security Control Standards
      • HIPAA
      • IRS Safeguards
      • CMS requirements
• Executive-level risk communication skills
• Strategic thinking and program development skills
• Strong analytical and decision-making skills
• Leadership and team development skills
• Conflict resolution and stakeholder management skills
• Strong executive communication and briefing skills.
• Ability to translate technical risk into business impact
• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions

Registrations, Licensure Requirements or Certifications:

Professional certifications such as:

• CISSP
• CISM
• CRISC
• CISA

Initial Screening Criteria:

•       Bachelor’s degree in Cybersecurity, Information Security, Information Systems, Risk Management, or related field. (Master’s degree preferred)

•       7+ years of progressive experience in cybersecurity, risk management, compliance, or IT security.

•       2+ years in leadership or program management capacity.

•       Experience conducting enterprise risk assessments and presenting to executives.

Additional Information:

Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.

Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.

#LI-IN1

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Active Duty, Military, Reservists, Guardsmen, and Veterans:

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.

ADA Accommodations:

In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.

Pre-Employment Checks and Work Eligibility:

Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.

HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form

Telework Disclaimer:

This position may be eligible for telework.  Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.