Network Security Analyst II

Air InfoSec•Austin, TX

6h•Onsite

About The Position

The Network Security Analyst II (GRC Specialist) supports enterprise cybersecurity governance, risk, and compliance operations for the Texas Health and Human Services Commission (HHSC) Office of the Chief Information Security Officer. This role is responsible for developing and maintaining System Security Plans (SSPs), conducting Security Assessments (SAs), and facilitating Risk Assessments (RAs) in alignment with NIST SP 800 -53, the NIST Risk Management Framework (RMF), DIR Security Control Standards, and HHSC policies. The analyst works closely with Information Owners, Information Custodians, technical teams, and CISO leadership to ensure accurate security documentation, audit readiness, and system authorization compliance. This position plays a critical role in maintaining the security and integrity of enterprise systems and supporting HHSC’s accountability model for risk and compliance.

Requirements

4 years of experience in cybersecurity GRC, system security planning, or information assurance.
Hands -on experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments.
Knowledge of NIST SP 800 -53 and NIST Risk Management Framework (RMF).
Experience using GRC platforms (RSA Archer preferred).
Experience working with Information Owners and Information Custodians.
Strong technical writing and documentation skills.
Ability to work independently on complex assignments.
At least one of the following certifications: CompTIA Security+, GIAC GSEC, CAP, or CISSP.

Nice To Haves

Experience in state or federal government cybersecurity programs.
Familiarity with DIR Security Control Standards.
Experience supporting Authority to Operate (ATO) and continuous monitoring activities.
CRISC or CISA certification.

Responsibilities

Develop, update, and maintain System Security Plans (SSPs) for agency applications and systems.
Plan and conduct Security Assessments to validate implementation and effectiveness of security controls.
Facilitate Risk Assessment workshops to identify threats, vulnerabilities, likelihood, and impact.
Document risks, mitigation strategies, Risk -Based Decisions, and POA&Ms in RSA Archer GRC.
Gather and review technical, administrative, and operational control evidence from program and technical teams.
Support system authorization (ATO) activities and continuous monitoring efforts.
Prepare audit -ready security documentation and compliance evidence packages.
Produce leadership reports, risk metrics, and security posture updates.
Serve as liaison between program areas, Information Owners, Custodians, and CISO leadership.
Provide guidance and training on SSP, SA, and RA processes in accordance with NIST and DIR standards.

Benefits

Air InfoSec offers an Individual Coverage Health Reimbursement Arrangement (ICHRA), providing up to $350/month in tax -free reimbursements to help cover the cost of your own health insurance premium. This gives you the flexibility to choose the plan that works best for you and your family.
1 hour of PTO earned for every 20 hours worked.
Can carryover up to 5 days of PTO to the next calendar year.
5 paid state holidays (annually)
2 paid floating holidays (annually)
$100 per year to apply towards annual certification fees or educational training.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume