• Facilitate global projects related to legal, financial, and commercial compliance within Supply Chain. • Assist with legal, financial, and commercial compliance processes and audits. • Liaise with stakeholders to fine-tune workflows for highest efficiency. • Carry out diligent tracking for reporting and monitoring results. • Sanctions and tax risk query, audit handling and reporting. • Vendor Sustainability support: Carbon emissions, vendor questionnaire, buyer training, policy updates, survey submission, etc. • Coordinate and actively participate in the Supply Chain Governance Group • Support the privacy team with data deletion requests and impact assessments

DSHS is committed to hiring skilled and dedicated individuals who share a passion for public health to pursue our vision of A Healthy Texas. If you are looking to make an impact and tackle new challenges, we encourage you to consider a career with us. Employee Benefits: DSHS offers insurance coverage and other benefits available through the State of Texas Group Benefits Plan administered by the Employee Retirement System of Texas (ERS). To learn more about all the benefits available to you as a DSHS employee and other DSHS opportunities for early career pathways, visit the DSHS Careers Page. Review our Top 10 Tips for Success when Applying to State of Texas Jobs. Functional Title: DSHS Privacy Officer Job Title: Privacy Analyst III Agency: Dept of State Health Services Department: Compliance Operations Posting Number: 11532 Closing Date: 04/27/2026 Posting Audience: Internal and External Occupational Category: Office and Administrative Support Salary Group: TEXAS-B-25 Salary Range: $5,797.66 - $7,000.00 Pay Frequency: Monthly Shift: Day Additional Shift: Telework: Eligible for Telework Travel: Up to 15% Regular/Temporary: Regular Full Time/Part Time: Full time FLSA Exempt/Non-Exempt: Exempt Facility Location: Job Location City: AUSTIN Job Location Address: 1100 W 49TH ST (RDM) Other Locations: Austin MOS Codes: 4502,4505,165X,35PX,3N0X6,46A,INF,ISS Under the supervision of the Compliance Operations Director, the Privacy Analyst III (DSHS Privacy Officer) performs highly advanced (senior-level) privacy consultative and technical assistance work and oversees the daily operations and activities of the Privacy Office. Work involves safeguarding confidential and public health information through incident response management; coordinating and overseeing agency compliance activities; reviewing, developing, and implementing privacy controls, policies, standards, guidelines, and operating procedures; and promoting and performing privacy awareness activities agency wide. Responsibilities include triage of and responding to actual or suspected privacy incidents, making breach determinations, and reporting breaches as required by system, agency, state and/or federal laws; assisting in the development and maintenance of a comprehensive data breach/privacy incident plan; performing privacy risk assessments of agency information systems, applications, and new software requests; monitoring for and proposing solutions to privacy risks; providing regular reports to agency leadership; supervising and auditing the work of other Privacy Office staff, as necessary; and developing strategic plans, goals, and objectives for the Privacy Office in alignment with agency strategic plans. This position coordinates with divisions, programs, and staff across the agency and system, and serves as the central point of contact for inter-agency coordination with the HHSC Privacy Division. The Privacy Officer works under minimal supervision, with extensive latitude for the use of initiative and independent judgment. Essential Job Functions (EJFs): EJF1. (35%) Serves as DSHS Privacy Officer, agency point of contact, and subject matter expert for all privacy-related matters. Oversees daily privacy operations and activities of the privacy program for the agency. Leads and oversees incident response management for the agency by responding to actual or suspected privacy incidents, which includes coordinating with appropriate agency staff and stakeholders to investigate, analyze, make breach determinations, and report breaches as required by system, agency, state and/or federal laws to regulatory authorities and others as appropriate. Develops recommendations for corrective actions. Maintains proper documentation in the privacy incident management system. Assists in the development and maintenance of a comprehensive data breach/privacy incident plan. Coordinates and oversees agency compliance by conducting privacy threshold assessments, privacy impact assessments, and cybersecurity impact assessments of agency information systems, applications, and new software requests. EJF2. (20%) Establishes and maintains effective working relationships with agency leadership, divisions, programs, and staff, as well as with inter-agency partners, local health departments, and other external entities. Coordinates, reviews, and/or researches and responds to privacy-related inquiries from internal and external customers, including overseeing the agency HIPAA (Health Insurance Portability and Accountability Act) mailbox. Provides privacy subject matter expertise for designated program privacy coordinators, workgroups, and committees. EJF3. (20%) Researches current privacy frameworks, principles, and industry standards and develops recommendations for implementation of new solutions and/or improvement opportunities. Works to integrate privacy practice into routine business operations by developing and implementing privacy controls, policies, standards, guidelines, and operating procedures. Maintains agency wide privacy policies, notices of privacy practices, policy supplements, and internal procedures. Coordinates and/or reviews privacy and security controls. Monitors for and proposes solutions to privacy risks through incident response management and consultation with program areas. EJF4. (10%) Monitors, reviews, and analyzes privacy-related legislation. Tracks employee compliance with annual, mandated privacy training. Gathers, organizes, and quantifies privacy and security surveys and questionnaire responses to improve privacy training. Provides regular reports to agency leadership. EJF5. (10%) Coordinates with HHSC (Health and Suman Services Commission) Privacy Division to develop and implement privacy policies, procedures, standards, and controls. Coordinates with HHSC Privacy Division to develop and implement privacy awareness and compliance activities, such as training and communications. EJF6. (5%) Performs other duties as assigned. Other duties as assigned include but are not limited to active participation and/or support to meet the agency’s obligations for disaster response and/or recovery or continuity of operations activation. Such participation may require an alternate shift pattern, assignment, and/or location Knowledge, Skills and Abilities (KSAs): Working knowledge of HIPAA, information privacy, federal and state privacy laws, and/or compliance with regulatory directives. Effective interpersonal and leadership skills. Experience preparing oral and written reports, managing projects, and facilitating meetings. Ability to prepare effective correspondence and reports for diverse audiences, including executives and senior managers. Ability to collect, analyze information and solve work problems. Ability to make independent judgments and provide guidance to agency staff. Working knowledge of public health and/or health and human services programs is preferred. Experience developing policies and regulations is preferred. Registrations, Licensure Requirements or Certifications: Professional certification in information privacy, information security, or compliance is required or must be attained within twelve months of hire. Preference will be given to candidates who hold the Certified Information Privacy Professional (CIPP/US) certification is required, however other relevant professional certifications will be considered.  Initial Screening Criteria: Graduation from an accredited four-year college or university with major course work in public policy, public administration, public health, political science, legal studies, information management or a related discipline is required. A master’s or other graduate degree is preferred. Privacy-related work experience may be considered in lieu of education on a year-for-year basis. Additional Information: If selected, a candidate must be able and willing to provide current and previous work references before a final offer of employment is extended. Eligible for part-time telework. Active Duty, Military, Reservists, Guardsmen, and Veterans: Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified for this position. For more information see the Texas State Auditor’s Military Crosswalk at https://hr.sao.texas.gov/CompensationSystem/JobDescriptions/. ADA Accommodations: In compliance with the Americans with Disabilities Act (ADA), DSHS will provide reasonable accommodation during the hiring process for individuals with a qualifying disability. If reasonable accommodation is needed to participate in the interview process, please notify the person who contacts you to schedule the interview. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747 or via email at HHSServiceCenter.Applications@ngahrhosting.com. Salary Information, Pre-employment Checks, and Work Eligibility: - The salary offered will follow DSHS starting salary guidelines. Any employment offer is contingent upon available budgeted funds. - Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks. - DSHS uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 form

Join us for an exciting career with the leading provider of supplemental benefits! Our Promise Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards. The Senior Compliance Analyst is part of the Audit and Corrections team will be responsible for facilitating health plan and regulatory audits, as well as related corrective action plan (“CAP”) activities and will report to the Compliance Director, Correction. This individual will be responsible for driving best practices across the company to promote compliance with audit and correction processes. This role is part of the Avesis Compliance Department. The Compliance Department plays a pivotal role in ensuring that Avēsis adheres to federal and state regulations, as well as internal policies. It is responsible for preventing, detecting, and correcting compliance risks that could impact the Avesis’ operational effectiveness as well as legal and reputational standing. The Compliance Department works to promote a culture of ethics, transparency, and accountability across the enterprise, making sure that all employees understand their responsibilities and the importance of adhering to legal, regulatory and compliance standards. Additionally, it provides ongoing training and resources to help staff stay informed about regulatory updates and best practices. The Senior Compliance Analyst will be primarily responsible for managing health plan and regulatory audit activity including, but not limited to, audit deliverable coordination, on-site audit coordination and management, and mock audit activities. The individual will also manage the corrective action process for health plan and regulatory CAPs. This role requires collaboration with stakeholders at all levels of the organization; therefore, candidates should demonstrate skillful communication, flexibility, and conflict resolution skills. It is a telecommuter role and an individual contributor with minimal travel. Functional Competencies: - Coordinate all aspects of regulatory and client audits (i.e., pre-site deliverables, mock audits, on-site visits, logistics, and written responses to audit reports and corrective actions) and coordinate across times to document and track completion to ensure audit success. - Synthesize audit-related information (i.e., scope, findings, recommendations, corrective action plans, and status) and provide Compliance and business operations leadership written and oral reports of ongoing and completed audits - Simultaneously manage multiple audits and collaborate across multiple business areas to communicate gather necessary information within assigned due dates - Develop compliance communications - Problem solve and work closely with business partners on issue resolution - Research, understand, and articulate regulatory and contractual requirements - Educate business partners on regulatory audit processes as needed - Manage, track and report data related regulatory and client audits and CAPs - Coordinate with Legal Counsel as needed - Perform additional duties as requested or required by management Core Competencies: - Ability to manage time effectively and efficiently - Ability to analyze data for accuracy - Ability to work independently and with minimal direction - Ability to demonstrate managing of projects - Proficient oral and verbal communication skills - Ability to demonstrate critical thinking skills Behavioral Competencies: - Collegiality: building strong relationships on company-wide, approachable, and helpful, ability to mentor and support team growth. - Initiative: readiness to lead or take action to achieve goals. - Communicative: ability to relay issues, concepts, and ideas to others easily orally and in writing. - Member-focused: going above and beyond to make our members feel seen, valued, and appreciated. - Detail-oriented and thorough: managing and completing details of assignments without too much oversight. - Flexible and responsive: managing new demands, changes, and situations. - Critical Thinking: effectively troubleshoot complex issues, problem solve and multi-task. - Integrity & responsibility: acting with a clear sense of ownership for actions, decisions and to keep information confidential when required. - Collaborative: ability to represent your own interests while being fair to those representing other or competing ideas in search of a workable solution for all parties. Minimum Qualifications: - Bachelor’s degree in business, healthcare, or related area of study, or equivalent education and work experience - 3+ years of experience in compliance, privacy and/or regulatory affairs or with supporting audits in a highly regulated industry; preferably a government, health care or managed care environment - Intermediate level of proficiency with MS Word, Excel, and PowerPoint - Strong attention to detail - Able to work under pressure - Able to meet deadlines consistently - Able to work independently - As this role is a remote role, you are required to maintain internet service that allows you to complete your essential job duties without issue. Rates of 50 Mbps download and 25 Mbps upload while hardwired and not on a VPN are sufficient. - Ability to travel as necessary (up to 25%) Preferred Qualifications: - Experience working with Medicare, Medicaid or Commercial benefits and regulations - Working knowledge of managed care and dental/vision benefit plans At Avēsis, we strive to design equitable, and competitive compensation programs. Base pay within the range is ultimately determined by a candidate's skills, expertise, or experience. In the United States, we have three geographic pay zones. For this role, our current pay ranges for new hires in each zone are: Zone A: $55,790.00-$92,990.00 Zone B: $60,810.00-$101,350.00 Zone C: $65,420.00-$109,040.00 FLSA Status: Salary/Exempt This role may also be eligible for benefits, bonuses, and commission. Please visit Avesis Pay Zones for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter. We Offer - Meaningful and challenging work opportunities to accelerate innovation in a secure and compliant way. - Competitive compensation package. - Excellent medical, dental, supplemental health, life and vision coverage for you and your dependents with no wait period. - Life and disability insurance. - A great 401(k) with company match. - Tuition assistance, paid parental leave and backup family care. - Dynamic, modern work environments that promote collaboration and creativity to develop and empower talent. - Flexible time off, dress code, and work location policies to balance your work and life in the ways that suit you best. - Employee Resource Groups that advocate for inclusion and diversity in all that we do. - Social responsibility in all aspects of our work. We volunteer within our local communities, create educational alliances with colleges, drive a variety of initiatives in sustainability. How To Stay Safe Avēsis is aware of fraudulent activity by individuals falsely representing themselves as Avēsis recruiters. In some instances, these individuals may even contact applicants with a job offer letter, ask applicants to make purchases (i.e., a laptop or gift cards) from a designated vendor, have applicants fill out W-2 forms, or ask that applicants ship or send packages of goods to the company. Avēsis would never make such requests to applicants at any time throughout our job application process. We also would never ask applicants for personal information, such as passport numbers, bank account numbers, or social security numbers, during our process. Our recruitment process takes place by phone and via trusted business communication platform (i.e., Zoom, Webex, Microsoft Teams, etc.). Any emails from Avēsis recruiters will come from a verified email address ending in @ Avēsiscom. We urge all applicants to exercise caution. If something feels off about your interactions, we encourage you to suspend or cease communications. If you are unsure of the legitimacy of a communication you have received, please reach out to ITsupport@Avesis.com. To learn more about protecting yourself from fraudulent activity, please refer to this article link (https://consumer.ftc.gov/articles/how-avoid-scam). If you believe you were a victim of fraudulent activity, please contact your local authorities or file a complaint (Link: https://reportfraud.ftc.gov/#/) with the Federal Trade Commission. Avēsis is not responsible for any claims, losses, damages, or expenses resulting from unaffiliated individuals of the company or their fraudulent activity. Equal Employment Opportunity At Avēsis, We See You. We celebrate differences and are building a culture of inclusivity and diversity. We are proud to be an Equal Employment Opportunity employer that considers all qualified applicants and does not discriminate against any person based on ancestry, age, citizenship, color, creed, disability, familial status, gender, gender expression, gender identity, marital status, military or veteran status, national origin, race, religion, sexual orientation, or any other characteristic. At Avēsis, we believe that, to operate at the peak of excellence, our workforce needs to represent a rich mixture of diverse people, all focused on providing a world-class experience for our clients. We focus on recruiting, training and retaining those individuals that share similar goals. Come Dare to be Different at Avēsis, where We See You!

Schellman is a Top 50 CPA firm and a leading provider of attestation and compliance services. Our professional services focus on security and privacy audits, assessments, and certifications. Schellman has become one of the largest cybersecurity assessment firms in the United States without providing any traditional accounting services. We are an accredited multi-framework ISO Certification Body for security, privacy, business continuity, and quality; a globally licensed PCI Qualified Security Assessor and a top provider to clients serving the federal DoD space as a leading FedRAMP 3PAO and the first assessment firm authorized as a CMMC C3PAO. Our specialty and expertise remain in providing best in class Cybersecurity and IT Audits and Attestations. Our culture, approach with clients, and dedication to our values has led us to consistently be a Great Places to Work certified company and rated as a Best Firms to Work For by Accounting Today and a Glassdoor Best Places to Work. We deeply appreciate our employees, as shown by our first core value – People Come First. This is demonstrated in our culture, benefits, and how we handle business. Come see what makes Schellman special! JOB SUMMARY Senior associates are primarily responsible for hands-on project execution. Experienced senior associates have, or are working towards, specialization in one or more service lines and are assigned to projects accordingly. Senior associates are assigned to a specific service delivery principal that is responsible for supervising the associate’s career development. Additionally, senior associate’s daily activities are closely supervised by the management teams of their assigned projects. Senior associates may supervise associates and/or senior associates when serving as a member of a project management team. In addition to the hands-on training, Schellman also promotes a continuous learning environment. Team members are encouraged to attend at least one ISO conference and training event every year to stay up to date on data protection requirements and trends. Essential Functions: - Complying with Schellman’s code of ethics and professional conduct, methodologies, policies, and procedures - Adhering to the professional and regulatory standards relevant to assigned service line specialization(s) - Promoting Schellman’s company culture and exemplifying Schellman's values - Establishing high quality relationships and rapport with client personnel - Managing client expectations to ensure expectations are exceeded - Completing assigned duties in a timely manner and with a high attention to detail - Collaborating with fellow project team members in a productive and timely manner throughout the life cycle of each project - Adhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasks - Escalating issues internally in a proper and timely manner - Using discretion and decorum in the timing, form, and content of all client communications - Booking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and procedures - Performing the essential functions of other service delivery positions when qualified and called upon to do so - Attending project kick-off and closing meetings - Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicable - Drafting project deliverables - Serving as a contact for clients' basic questions regarding an engagement - Participating in recruiting and candidate interview activities - Training project team members - Acclimating newer team members to Schellman - Contributing to Schellman's practice development efforts - Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s) - Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.) Knowledge, Skills, and Abilities: - Working knowledge of Schellman’s services, methodology, and relevant professional standards - Requisite knowledge of applicable technology and security domains - High level of attention to detail and quality of work product - Client service oriented - Excellent time management, organizational, and verbal and written communication skills - Ability to work on-site or remotely as a valuable contributor to a collaborative team - Capable of simultaneously managing assigned tasks for multiple projects - Proficient using Microsoft Word, Excel, and PowerPoint, as well as Schellman’s service delivery applications - Full understanding and application of ethics, independence and Schellman’s values Education, Work Experience and Certifications - Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified - Has completed at least one year of service at Schellman or relevant professional services experience in financial auditing, operational auditing, information systems auditing, internal auditing, information security management or consulting and/or risk consulting - Professional membership in one (Preferred): ISACA, ISC2, AICPAv - Actively pursuing or maintains at least one certification relevant to the Schellman’s services (i.e., CPA, CISA, CISSP, etc.) Schellman is an equal opportunity employer (EOE) and strongly supports diversity in the workplace; therefore, providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. Schellman uses E-Verify in our hiring process. At Schellman, we strive to provide a flexible and balanced environment and therefore offer the opportunity to work remotely, unless otherwise stated in the job requirements. Connecting, collaborating and continuous education are also highly valued and therefore we require some travel annually for our Internal Service Delivery roles, which can include in-person training, team meet-ups, and strategy meetings. Service Delivery team members will also be required to travel based on business and client needs.