Cybersecurity Analyst I (Governance, Risk & Compliance Analyst)

0319/B23

Army 17C, 25B, 25D, 170A; Coast Guard CYB10, CYB11, CYB12; Marine Corps 0605; Air Force 1D7X1, 3D0X2; Space Force 5C0X1D, 5C0X1N

Exempt

1

Office of the Chief Information Security Office/ Security Policy & Governance

$4848.67 - $7909.00 / monthly

Regular

40

This position may be eligible for flexible work hours and/or a hybrid work schedule if certain program guidelines are met; working arrangements may change at any time at the sole discretion of the agency.

Occasional

300 West 15th Street, #1300 / Austin, Texas 78701

People and Culture Office

(512) 475-4957 or (512) 463-5920

• Select “Apply Online” to apply for the job at

• You must create a CAPPS Career Section candidate profile or be logged in to apply.

• Update your profile and apply for the job by navigating through the pages and steps.

• Once ready, select “Submit” on the “Review and Submit” page.

• If you have problems accessing the CAPPS Career Section, please email the CAPPS Recruiting Help Desk at capps.recruiting@cpa.texas.gov

• Applicants must provide in-depth information in the EXPERIENCE & CREDENTIALS section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.

• Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application.

Candidates will be notified for appointments as determined by the selection committee.

Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.

We are unable to sponsor or take over sponsorship of an employment Visa currently.

The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability. Please call 512-463-5920 to request reasonable accommodation.

Office of the Chief Information Security Office/ Security Policy & Governance

0319/B23

Cybersecurity Analyst I

Exempt

The Texas Department of Information Resources is the state agency charged with protecting the state's data and critical technology infrastructure, managing a multi-million-dollar cooperative contracts program, and providing strategic technology leadership, solutions, and innovation to all levels of Texas government. DIR is a fast-paced and collaborative environment with highly motivated and engaged employees dedicated to achieving the best value for the state.

The person in this role performs moderately complex (journey-level) information security analysis functions that include planning, implementing, and monitoring security program elements and services that support government organizations throughout the state of Texas in the protection of information resources. Will be responsible for assisting in the development and implementation of the state's Risk Authorization and Management Program. Will assist with the statewide information security governance, risk, and compliance program development and operations. Will interact frequently with state agency and other governmental agency personnel using a variety of communication mechanisms to convey service delivery information and program implementation details with the purpose of engaging organizations with the statewide security program. Works under general supervision, with moderate latitude for the use of initiative and independent judgment. Employees at this level may rely on direction from others to solve problems that are not standard. Employees may also assist other staff in performing work of greater complexity.

• Assists with administration and operations of the Texas Risk and Authorization Management Program (TX-RAMP) for state agencies and institutions of higher education. Provides assistance and advice to DIR customers, agency management and staff regarding the TX-RAMP program.

• Support the management of the statewide Governance Risk and Compliance (GRC) program within the Chief Information Security Office. Including bringing new GRC services to customers.

• Researches and evaluates new and emerging GRC services; Supports efforts, as part of the GRC development and support team responsible for design, development, and implementation of new processes, applications, and reporting using the DIR GRC system.

• Supports the statewide clearinghouse on information security matters including policy and compliance management, risk management, incident management and data breach reporting within the enterprise governance, risk, and compliance framework.

• Assists in the development and implementation of enterprise security strategies, policies, and plans, as well as the formulation and dissemination of standards and guidelines to manage statewide information and information asset related risks, threats, and vulnerabilities.

• Reviews statewide security data and assists in the preparation of presentations and reports in support of the statewide security program to be delivered to DIR Executive Management and Board of Directors, customers, and the state leadership.

• Maintains up-to-date knowledge of TX-RAMP program and general GRC program best practices.

• May occasionally manage multiple projects.

• Performs other work-related duties as assigned.

• Associate degree from an accredited college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field.

• Additional work-related experience may be substituted for education on a year-for-year basis (High-school diploma required.)

• One (1) to two (2) years of experience in IT security analysis or IT security operations, preferably in state government or other highly regulated environment.

• One (1) to two (2) years of experience implementing security program functions into a risk-based security program with the ability to demonstrate knowledge of policy development, risk evaluation, and cost benefit analysis to support security program decisions.

• Experience with State of Texas information security requirements including Texas Administrative Code §202.

• Experience with Federal Information Security Management Act (FISMA) and National Institute of Standards (NIST) 800 Series Special Publications or other security standards and regulations.

• Experience in IT security analysis or IT security operations.

• Experience in using or developing governance, risk, and compliance software and platforms.

• Experience conducting IT Security Audits and Risk Assessments.

• Experience and familiarity with FedRAMP or StateRAMP.

• Administrative experience with Archer Integrated Risk Management.

• Experience with Data Visualization/Reporting software.

• Experience in Texas state government.

• Experience or familiarity researching and writing reports based on legislation, statutory requirements, laws, and regulations related to information security.

• Knowledge of data communications, networking, computer programming and systems analysis.

• Knowledge of cybersecurity and information security controls, practices, procedures, and regulations.

• Knowledge of principles, practices, and techniques of management controls and information security protections as applied to state government.

• Knowledge of Texas State government and related information technology processes.

• Knowledge of security metrics, benchmarking activities and expectations, and security operational monitoring processes.

• Knowledge of cloud computing architecture and cloud security best practices

• Ability to handle multiple projects and initiatives.

• Ability to prepare technical issues papers and research reports, and effectively deliver oral presentations and written reports to IT and non-IT management.

• Ability to advise technical staff from customer agencies.

• Ability to establish and maintain effective and cordial working relationships at all organizational levels, including agency management, direct supervisors, co-workers, internal and external customers.

• Ability to understand, follow and convey brief oral and/or written instructions.

• Ability to communicate both verbally and in writing, in a clear and concise manner.

• Ability to work independently and as part of a team, and to support and contribute to a cohesive team environment.

• Ability to work under pressure and exacting schedules to complete assigned tasks.

• Ability to work a flexible schedule to meet required deadlines.

• Ability to travel as necessary to support agency requirements.

• Ability to comply with all agency policy and applicable laws.

• Ability to comply with all applicable safety rules, regulations, and standards.

• Proficiency in the use of a computer and applicable software necessary to perform work assignments e.g., word processing, spreadsheets (Microsoft Office preferred).

• Regular and punctual attendance at the workplace.

• Criminal background check.

• If notified outside of normal working hours of a potential incident the person in this role will be expected to perform the duties of the position to the extent required to respond to the Cyber Incident.

• Frequent use of computers, copiers, printers, and telephones.

• Frequent standing, walking, sitting, listening, and talking.

• Frequent work under stress, as a team member, and in direct contact with others.

• Occasional bending, stooping.

• Infrequent lifting and climbing.

• May work occasional overtime or extended hours.