Data Security Architect, Sr

We’re looking for a Senior Data Security Architect/GRC Analyst, someone who’s ready to grow with our company.
The GRC Analyst will play a vital role within Information Security, supporting Texas Children’s governance, risk, and compliance initiatives. This position focuses on identifying and mitigating IT and cybersecurity risks, strengthening internal controls, and ensuring alignment with applicable regulatory, contractual, and industry standards. The analyst will collaborate closely with stakeholders across Information Services, as well as clinical and non-clinical departments, to maintain a strong security posture that protects Texas Children’s systems and sensitive information, ensuring patient care remains uncompromised.
This role operates within a healthcare environment that adheres to frameworks and requirements including the NIST Cybersecurity Framework (CSF), HIPAA Security Rule, Texas HHS Information Security Controls, Texas Department of Insurance (TDI) regulations, OPTN security expectations, Joint Commission standards, and Annual Financial Reporting Model Regulation (AFRMR).
Think you’ve got what it takes?

Key Responsibilities
Provide guidance on IT and cybersecurity risk-related matters, including identifying, assessing, and prioritizing risks across systems and business processes. Collaborate with business owners, service owners, control owners, and technical teams to design, implement, and maintain risk-mitigating controls that reduce exposure to threats and support organizational compliance objectives.
Perform assessments of IT and security controls to verify effectiveness, ensure ongoing compliance, and identify opportunities for improvement.
Support the execution and delivery of internal and external assurance activities such as audits, security assessments, certifications, and compliance reviews, ensuring control evidence and documentation are complete and accurate.
Track, document, and report gaps, control exceptions, and issues; guide remediation activities and validate resolution to closure.
Review and provide input on information security policies, standards, and procedures to ensure continued alignment with applicable laws, regulations, and industry frameworks.
Provide advisory support to other GRC workstreams such as vendor risk management, and security awareness, ensuring consistent control expectations across the enterprise.
Offer guidance on implementing controls to mitigate risks associated with the use of AI technologies, including data privacy, model integrity, and algorithmic transparency, ensuring alignment with internal AI policies and applicable regulatory requirements.
Serve as a subject matter expert to various departments and project teams, offering guidance on appropriate security, technical, and privacy controls that safeguard organizational assets and sensitive data.
Develop or assist in creating executive-level presentations, reports, and dashboards that communicate cybersecurity performance, risk metrics, and control effectiveness to leadership for strategic decision-making.
Utilize enterprise GRC platforms such as ServiceNow GRC to manage risk and compliance workflows; familiarity with Data Loss Prevention (DLP), Data Classification, Shadow IT tools, and other cybersecurity tools is preferred.

Qualifications
3–5 years of experience in GRC, IT audit, information security, or risk management within a regulated industry (healthcare or insurance preferred).
Working knowledge of frameworks such as NIST CSF, NIST SP 800-53, HIPAA Security Rule, and state or accreditation-based security standards (e.g., Texas HHS, TDI, Joint Commission).
Familiarity with internal controls over financial reporting audit requirements such as SOX, AFRMR (MAR).
Understanding of emerging AI governance and compliance considerations, with the ability to recommend appropriate controls to mitigate AI-related risks.
Experience using GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust, or similar).
Strong understanding of IT and security control domains (access management, configuration management, vulnerability management, incident response, asset protection, etc.).
Excellent communication and presentation skills with the ability to translate technical details into business-relevant insights.

Skills & Requirements
Required H.S. Diploma or GED
Preferred Licenses/Certifications:
CISSP - Cert.Info.Sys Security Profes. ISC2 
SANS - SysAdmin, Audit, Network, Sec. SANS 
HCISPP – Cert.Info.Sec.Priv.Profes. ISC2 
Security+ CompTIA 
CCSP Cert.Cloud.Sec.Profes. ISC2 
SSCP Sys.Sec.Cert.Profes. ISC2
Required 10 years' experience in information security, computer management, identity access management, or IS networking, including at least 5 years of information security experience
Note: An associates degree will substitute for 2 years of experience. A bachelor's degree will substitute for 4 years of experience.
 

About Texas Children’s

Since 1954, Texas Children’s has been leading the charge in patient care, education and research to accelerate health care for children and women around the world. When you love what you do, it truly shows in the smiles of our patient families, employees and our numerous accolades such as being consistently ranked as the best children’s hospital in Texas, and among the top in the nation by U.S. News & World Report as well as recognition from Houston Business Journal as one of this city’s Best Places to Work for ten consecutive years. 

Texas Children’s comprehensive health care network includes our primary hospital in the Texas Medical Center with expertise in over 40 pediatric subspecialties; the Jan and Dan Duncan Neurological Research Institute (NRI); the Feigin Tower for pediatric research; Texas Children’s Pavilion for Women, a comprehensive obstetrics/gynecology facility focusing on high-risk births; Texas Children’s Hospital West Campus, a community hospital in suburban West Houston; Texas Children’s Hospital The Woodlands, the first hospital devoted to children’s care for communities north of Houston; and Texas Children’s Hospital North Austin, the new state-of-the-art facility providing world-class pediatric and maternal care to Austin and Central Texas families. We have also created Texas Children’s Health Plan, the nation’s first HMO focused on children; Texas Children’s Pediatrics, the largest pediatric primary care network in the country; Texas Children’s Urgent Care clinics that specialize in after-hours care tailored specifically for children; and a global health program that is channeling care to children and women all over the world. Texas Children’s Hospital is affiliated with Baylor College of Medicine, one of the largest, most diverse and successful pediatric programs in the nation. 

 To join our community of 15,000+ dedicated team members, visit texaschildrenspeople.org for career opportunities.

 Texas Children’s is proud to be an equal opportunity employer. All applicants and employees are considered and evaluated for positions at Texas Children's without regard to mental or physical disability, race, color, religion, gender, national origin, age, genetic information, military or veteran status, sexual orientation, gender identity, marital status or any other protected Federal, State/Province or Local status unrelated to the performance of the work involved.