Job Title: Information Security Manager 3
Location: Remote
Description of Services: Texas Education Agency requires the services of 1 Information Security Manager 3, hereafter referred to as Candidate(s), who meets the general qualifications of Information Security Manager 3, Security and the specifications outlined in this document for the Texas Education Agency.
All work products resulting from the project shall be considered "works made for hire" and are the property of the Texas Education Agency and may include pre-selection requirements that potential Vendors (and their Candidates) submit to and satisfy criminal background checks as authorized by Texas law. Texas Education Agency will pay no fees for interviews or discussions, which occur during the process of selecting a Candidate(s).
Vulnerability Inventory and Baseline Establishment:
Review the Agency s existing vulnerability data, including vulnerabilities identified through scanning, assessments, or other security tools.
Establish and maintain a consolidated vulnerability baseline.
Develop and document a remediation timeline for all identified vulnerabilities, reflecting current risk posture and aging.
Risk Classification and Prioritization
Ensure that vulnerabilities are categorized and prioritized based on risk, severity, exploitability, and potential impact to Agency operations.
Align vulnerability classification and prioritization to applicable NIST guidance.
3. Validate that remediation timeframes align with Agency established expectations for different vulnerability risk levels.
Remediation Coordination and Communication
Coordinate remediation activities with system, server, and application owners.
Communicate clear remediation expectations, risk context, and required timelines to responsible parties.
Track remediation progress and identify blockers, dependencies, or delays impacting closure.
Escalate overdue, high risk, or critical vulnerabilities to appropriate Agency governance or oversight bodies, in accordance with Agency processes.
Tracking, Metrics, and Reporting
Maintain ongoing tracking of vulnerability remediation status.
Produce periodic status reports summarizing.
Validation and Closure:
Validate remediation actions through available evidence, including vulnerability scan results or other supporting artifacts.
Confirm closure of vulnerabilities in tracking systems once remediation is completed and validated.
Ensure vulnerabilities that cannot be remediated within required timeframes are formally documented and supported by approved risk acceptance or exception documentation, in accordance with Agency policy.
Program Improvement Support
1. Identify process gaps, systemic issues, or control weaknesses affecting vulnerability remediation effectiveness.
2. Provide recommendations for improving vulnerability remediation processes and accountability, aligned with NIST standards and Agency governance requirements.
II. CANDIDATE SKILLS AND QUALIFICATIONS
Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. |
Years | Required/Preferred | Experience |
8 | Required | Experience in Vulnerability Inventory and Baseline Establishment |
8 | Required | Experience in Risk Classification and Prioritization |
8 | Required | Experience in tracking vulnerability remediation |
8 | Required | Experience in producing status reports |
8 | Required | Experience in validating remediation actions through available evidence, including vulnerability scan results |
Never miss an opportunity! Create an alert based on the job you applied for.
