IT Security+ Network Security Analyst (TX529601607R)
Key Responsibilities
System Security Planning (SSP)
• Develop, update, and maintain System Security Plans for HHSC applications and systems.
• Work with program teams, Information Owners, and Custodians to gather control implementation evidence.
• Ensure System Security Plans align with NIST, DIR, and HHSC CISO Office standards.
Security Assessments (SA)
• Plan and conduct Security Assessments to validate implementation and effectiveness of security controls.
• Review technical, administrative, and operational evidence.
• Document assessment results and track remediation activities.
Risk Assessments (RA)
• Facilitate Risk Assessment workshops with Information Owners and Custodians.
• Identify threats, vulnerabilities, likelihood, and impact.
• Document risks, mitigation plans, and Risk-Based Decisions in RSA Archer.
GRC & Compliance Operations
• Maintain security artifacts, risks, and remediation plans in RSA Archer GRC.
• Support system authorization (ATO) activities and continuous monitoring.
• Prepare audit and oversight evidence.
• Produce leadership reports and security posture metrics.
Stakeholder Engagement
• Serve as liaison between program areas, technical teams, and CISO Office leadership.
• Provide guidance and training on System Security Plans, Security Assessments, and Risk Assessment processes.
Deliverables
• Completed and updated System Security Plans (SSPs)
• Documented Security Assessment reports and findings
• Completed Risk Assessments and Risk-Based Decisions
• RSA Archer risk and compliance records
• Remediation tracking and status reports
• Audit-ready security documentation packages
Required Qualifications
• 4+ years of experience in cybersecurity GRC, system security planning, or information assurance.
• Hands-on experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments.
• Knowledge of NIST SP 800-53 and NIST NIST Risk Management Framework.
• Experience using GRC platforms (RSA Archer preferred).
• Experience working with Information Owners and Custodians.
• Strong technical writing and documentation skills.
• Ability to work independently on complex assignments.
Required Certifications
At least one of:
• CompTIA Security+
• GIAC GSEC
• CAP
• CISSP
Preferred Qualifications
• Experience in state or federal government cybersecurity programs.
• Familiarity with DIR Security Control Standards.
• Experience supporting ATO and continuous monitoring.
• CRISC or CISA certification.
Work Requirements
• Must pass background check.
• Must comply with HHSC confidentiality and security requirements.
• Occasional after-hours support during audits or major assessments.