Cybersecurity Analyst III

About The Position

Requirements

• Knowledge of: Information security risk assessment and security assessment methodologies, processes, and audit practices.
• Knowledge of: Security program policies, standards, controls, and procedural requirements.
• Knowledge of: Networking, operating systems, applications, databases, and related technologies, including wireless and mobile environments.
• Knowledge of: Incident response concepts, practices, and procedures.
• Knowledge of: Secure Software/System Development Lifecycle (S‑SDLC) methodologies.
• Knowledge of: Regulatory and compliance requirements, including HIPAA/HITECH, PCI, SOX, TAC 202, IRS Publication 1075, Texas Business and Commerce Code, and Texas Health and Safety Code.
• Knowledge of: Security and risk management frameworks such as NIST, SANS, HITRUST, ISO, and COBIT.
• Skill in: Written and verbal communication.
• Skill in: Analyzing and solving complex problems and quickly understanding technical concepts.
• Skill in: Developing, implementing, and maintaining information security policies, standards, and controls.
• Skill in: Performing risk assessments, security assessments, and audits.
• Skill in: Evaluating risks and identifying mitigation strategies, including defining compensating controls.
• Ability to: Interpret and apply regulatory, policy, and security framework requirements.
• Ability to: Communicate technical information to both technical and non‑technical audiences.
• Ability to: Work collaboratively with diverse teams and guide others in information security practices
• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions
• Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is strongly preferred. Education and experience may be substituted for one another on a year-for-year basis.
• At least 8 - 12 years of experience in information technology, security risk, compliance management, assessment, auditing, research, and consulting.
• Experience in researching, authoring, or supporting the development of information security policies and standards.
• Experience developing security and risk performance metrics and reporting dashboards for executive, business, and technical audiences.

Nice To Haves

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Manager (CISM)
• Global Information Assurance Certification (GIAC)
• Project Management Professional (PMP)

Responsibilities

• Provides security and risk management services by performing risk identification, assessment, and remediation, as well as regulatory and internal compliance monitoring; uses established standards and processes to adequately protect Health and Human Services (HHS) personnel, facilities, cloud infrastructure, information, and business operations.
• Conduct system security assessments and evaluate products, services, and technical issues to determine security impacts and required mitigation actions. Performs risk-based needs assessments of automated systems to identify information security requirements; evaluates agency systems including infrastructure, processes, and procedures with a specific focus on cloud security posture management (CSPM) and web application vulnerabilities to discover compliance needs and gaps.
• Lead and facilitate security initiatives, including planning, coordinating, and executing assigned security projects and tasks. Prepares documentation, reporting packages, and audit responses for internal reviews, external audits, and leadership inquiries.
• Advises management and users regarding enterprise security program functions, including cloud security best practices and secure application development standards; provides targeted training to agency customers within assigned specific security domains.
• Provide leadership and mentorship to other security analysts, offering guidance in performing assessments, implementing controls, and carrying out security functions.

Benefits

• comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees
• defined benefit pension plan
• generous time off benefits
• numerous opportunities for career advancement