Apply on Employer Site

Texas Health and Human Services · 2 weeks ago

Cybersecurity Analyst III

Austin, TX

Contract

Hybrid

Senior Level

$7,015/mo - $10,333/mo

5+ years exp

Texas Health and Human Services is committed to creating a positive impact in the lives of fellow Texans. They are seeking a Cybersecurity Analyst III to strategically plan and execute the Information Security Assurance roadmap while managing compliance deliverables and overseeing the development of security policies and procedures.

Health Care

No H1B

U.S. Citizen Only

Hiring Manager

Indulekha (Indu) Nair

Responsibilities

Leads in the design and deployment of the Information Security Assurance Program activities: Acts as the information security assurance program subject matter expert (SME). Manages and matures the HHSC Information Security Assurance Program to ensure effectiveness and compliance with the HHS Information Security Program and other compliance requirements. This includes projects and initiatives to design and verify implementation of various information security controls. Supports information security leadership team in strategic planning and development. Leads a team of security analysts to ensure security and compliance advisement and assurance for a diverse array of environments and frameworks. Develops and documents agency security policies and procedures. Assists with the successful implementation of security policies and procedures. Recognizes gaps in IT security policies by staying abreast of changes in regulations, the industry, and technology. Identifies areas where current system security policies/procedures require change or new ones need to be developed. Provides recommendations to management and creates/revises policies and/or guides Security Analysts in making the changes. Provides security design, consultancy, and assessment services; and introduces improvements in security standards and security implementation and designs. Assists in the IT Security Assurance planning and budgeting process

Leads internal security and compliance assessments for assurance purposes: Delivers and continuously matures the Information Security risk assessment service for HHSC. Performs direct analysis and assessment of established security policy criteria to ensure success criteria of data security controls and processes. Conducts analysis of security requirements and controls to identify security risk and provides recommendations of industry best practices, trends, and technology products to eliminate or minimize risks. Works closely with software/system/security architects, IT leads and other information security staff to ensure adequate security solutions are in place for IT systems and platforms to sufficiently mitigate identified risks and meet business objectives. Leads security special investigations, internal audits, research studies, forecasts, and modeling exercises to provide direction and guidance. This includes the identification and analysis of possible data loss or malicious breach using security tools and processes. Provides direct assessment of existing security controls throughout the enterprise environment to assess continuous improvement of management practices. Performs proactive research approaches to plan for new security risks that may present themselves within the Health and Human Services environment to assist in the planning for future security initiatives as they arise. Drives audit and compliance activities and provides oversight of security controls for the agency ensuring regulatory security requirements are met. Administers threat and vulnerability assessments and advises security requirements and controls following assessment of the business impact of security breach. Manages remediation of security findings from internal or external assessments

Supports security and compliance controls through the agency's Governance, Risk and Compliance (GRC) tool. Subject matter expert on GRC concepts to ensure that the IT Security's GRC platform aligns to the enterprise GRC strategy. Manages the design and implementation of IT Security's Risk Management tool (Security Software System). Executes compliance initiatives and customer requirements for multiple services by using IT Security's GRC tool and automating these processes. Oversees initiatives to support the agency's GRC tool such as platform upgrades, data integration with other systems, and solution design reviews

Champions the Security Awareness Program: Consults on enterprise projects to ensure IT staff and external parties understand and comply with security policies, standards, etc. Develops and enhances security awareness by providing orientation, educational programs, and on-going training/communication. Coordinate agency communication activities (posters, emails, Connection articles, etc.) to support the Information Security awareness program. Is a presenter of information security awareness initiatives to the HHS agencies at the annual Cyber-Security Awareness Fair. Stays current on security industry trends, attack techniques, mitigation techniques, and security technologies by attending conferences, networking with peers, and other educational opportunities

Other duties as assigned. (Note: For DSHS positions this includes but is not limited to actively participating and/or serving in a supporting role to meet the agency’s obligations for disaster response and/or recovery or Continuity of Operations (COOP) activation. Such participation may require an alternate shift pattern assignment and/or location.)

Qualification

CISSPCloud securityRisk assessmentNIST SP 800-53AutomationScriptingSecurity complianceProject managementAnalytical skillsCommunication skillsInterpersonal skillsAdaptability

Required

Must hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Microsoft Cybersecurity Architect (SC-100), AWS Certified Solutions Architect, Prisma Certified Cloud Security Professional

5+ years of experience in IT security

Hands-on experience with cloud platforms (e.g., AWS, Azure, Google Cloud)

Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions

Knowledge in analyzing, recommending, & developing enterprise-wide security policies, standards, & guidelines within appropriate organizational risk tolerances

Strong knowledge of cloud security best practices and compliance frameworks

Knowledge of root cause analysis, risk mitigation, analysis of security threats, trends, and architecture

Knowledge of the basic tenants of enterprise risk management (threat management, vulnerability management, and risk treatment)

Knowledge of network, system, application and data protection standards, benchmarks, processes, applications, tools, and techniques

Knowledge of network, system/endpoint, application and data protection issues and security risks

In depth knowledge of the NIST Special Publications (800 Series) with particular emphasis on the SP 800-53 Security and Privacy Controls for Federal Information Systems & Organizations

Excellent written and verbal communication skills; interpersonal and collaborative skills; the ability to communicate security, and risk-related concepts to technical and nontechnical audiences; persuasive, encouraging, motivating, and inspiring; the ability to listen and understand

Experience in risk assessment and mitigation strategies for cloud environments

Proficiency in automation and scripting for security operations

High analytical skills

Skilled in performing security risk and compliance assessments

Skilled at recommending, implementing, and delivering security solutions based on analysis and business requirements

Skill in evaluating enterprise networks/systems for assurance of control requirements as specified by the IRS Pub.1075, Tax Information Security Guidelines for Federal, State & Local Agencies

Skill in implementing enforcement of security policy within technology solutions

Skilled in project management, financial/budget management, scheduling and resource management

Ability to translate complex technical concepts to non-technical stakeholders

Ability to monitor the legal and regulatory landscape to proactively address new information security related requirements

Ability to develop positive relationships and effectively communicate with management, software /systems/security architects, software/systems/security engineers, quality assurance, auditors, Legal, Privacy, and IT & security operations staff

Ability to define, learn, understand, and apply new technologies, methods, and processes

Adaptable and flexible, with the ability to handle ambiguity and sometimes changing priorities