Cybersecurity Analyst III

Cybersecurity Analyst III - Texas Health and Human Services

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.

Job Summary

The Cybersecurity Analyst III performs senior-level security work with emphasis on cloud security, web application protection, and governance, risk, and compliance (GRC). This onsite role, located in Austin, Texas, supports both on-premises and cloud environments by evaluating, implementing, and monitoring security controls to protect agency systems and data. The position is crucial in developing and maintaining the HHSC Information Security Program, ensuring compliance with regulatory requirements. The Analyst conducts security and risk assessments, reviews regulatory changes, and provides expert guidance on security policies and applicable regulations.

Essential Job Functions

• Provides security and risk management services, including risk identification, assessment, remediation, and compliance monitoring. (30%)
• Conducts system security assessments, evaluates products and services for security impacts, and assesses automated systems with a focus on cloud security posture management (CSPM) and web application vulnerabilities. (30%)
• Leads and facilitates security initiatives, preparing documentation, reporting packages, and audit responses. (20%)
• Advises management and users on enterprise security program functions, including cloud security best practices and secure application development standards. (10%)
• Provides leadership and mentorship to other security analysts. (10%)

Knowledge Of

• Information security risk assessment and security assessment methodologies, processes, and audit practices.
• Security program policies, standards, controls, and procedural requirements.
• Networking, operating systems, applications, databases, and related technologies.
• Incident response concepts, practices, and procedures.
• Secure Software/System Development Lifecycle (S-SDLC) methodologies.
• Regulatory and compliance requirements (e.g., HIPAA/HITECH, PCI, SOX, TAC 202).
• Security and risk management frameworks (e.g., NIST, SANS, HITRUST, ISO, COBIT).

Skill In

• Written and verbal communication.
• Analyzing and solving complex problems.
• Developing, implementing, and maintaining information security policies, standards, and controls.
• Performing risk assessments, security assessments, and audits.
• Evaluating risks and identifying mitigation strategies.

Ability To

• Interpret and apply regulatory, policy, and security framework requirements.
• Communicate technical information effectively to diverse audiences.
• Work collaboratively with diverse teams and guide others in information security practices.
• Maintain the security and integrity of critical infrastructure systems.

Registrations, Licensure Requirements Or Certifications

Prefer one or more of the following certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Manager (CISM)
• Global Information Assurance Certification (GIAC)
• Project Management Professional (PMP)

Initial Screening Criteria

• Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is strongly preferred. Education and experience may be substituted for one another on a year-for-year basis.
• At least 8 - 12 years of experience in information technology, security risk, compliance management, assessment, auditing, research, and consulting.
• Experience in researching, authoring, or supporting the development of information security policies and standards.
• Experience developing security and risk performance metrics and reporting dashboards.

Additional Information

This is an onsite position, with 5 days in office required in Austin, Texas. Candidates will be subject to a pre-employment security review. Salary is determined in accordance with budgetary limits. HHSC uses E-Verify.

Key skills/competency

• Cybersecurity Analyst
• Cloud Security
• Web Application Protection
• Governance Risk Compliance (GRC)
• Information Security Program
• Risk Assessment
• Security Controls
• Regulatory Compliance
• NIST
• HIPAA