Contract Term: Initial term with potential renewal based on performance and project needs.
A) Services shall be provided during normal business hours unless otherwise coordinated through the Agency. Normal business hours are Monday through Friday from 8:00 a.m. through 5:00 p.m., excluding Texas state holidays when the agency is closed.
B) The primary work location will be 701 W 51st Street, Austin, TX 78751.
Position is ONSITE at the location listed above (NO REMOTE WORK). Program will only accept LOCAL ONLY candidates for this position.
C) Any and all travel, per diem, parking, and/or living expenses shall be at the worker's and/or Vendor's expense.
D) The worker may be required to work remotely at HHSC discretion, up to 100 percent of the time.
E) The worker may be required to work outside the normal business hours on weekends, evenings and holidays, as requested. Payment for work over 40 hours will be at the hourly rate quoted and must be coordinated and pre-approved through the Agency.
OTHER SPECIAL REQUIREMENTS
Interviews will be conducted: (check all that apply)
By Phone
In person
Through Microsoft Teams
RESPONSE DEADLINE
Vendor shall respond in accordance with Customer specifications, with proposed candidate resumes and the response must be received by 03/05/2026 @ 5:00 PM (CT).
| Solicitation Reference Number: 529601607R | Working Title: Network Security Analyst 2 | Title/Level: Network Security Analyst 2 |
| Category: Security | Full Time | |
I. DESCRIPTION OF SERVICES
Texas Health and Human Services Commission requires the services of 3 Network Security Analyst 2, hereafter referred to as Candidate(s), who meets the general qualifications of Network Security Analyst 2, Security and the specifications outlined in this document for the Texas Health and Human Services Commission.
All work products resulting from the project shall be considered "works made for hire" and are the property of the Texas Health and Human Services Commission and may include pre-selection requirements that potential Vendors (and their Candidates) submit to and satisfy criminal background checks as authorized by Texas law. Texas Health and Human Services Commission will pay no fees for interviews or discussions, which occur during the process of selecting a Candidate(s).
Level Description
4-7 years of experience in the field or in a related area. Familiar with standard concepts, practices, and procedures within a particular field. Relies on limited experience and judgment to plan and accomplish goals. A certain degree of creativity and latitude is required. Works under limited supervision with considerable latitude for the use of initiative and independent judgment. Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions.
Job Description
A network security analyst ensures that information systems and computer networks are secure. This includes protecting the company against hackers and cyber-attacks, as well as monitoring network traffic and server logs for activity that seems unusual. Additionally, these analysts are responsible for finding vulnerabilities in the computer networks and creating recommendations for how to minimize these vulnerabilities. The network security analyst investigates security breaches, develops strategies for any security issues that arise, and utilizes the help of firewalls and antivirus software to maintain security. DISCLAIMER: Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.
Title: Network Security Analyst II System Security & Risk (GRC) Specialist
Contract Type: ITSAC Staff Augmentation
Client:
Texas Health and Human Services Commission (HHSC)
Office of the Chief Information Security Officer (CISO)
Location: Austin, Texas (Hybrid / Remote per Agency Policy)
Contract Term: Initial term with potential renewal based on performance and project needs.
Project Scope
HHSC requires an experienced Network Security Analyst II System Security & Risk Specialist to support enterprise cybersecurity Governance, Risk, and Compliance (GRC) operations. The contractor will support System Security Plan (SSP) development, Security Assessments (SA), and Risk Assessments (RA) across HHSC and DSHS application and infrastructure portfolios. The contractor will work directly with program areas, Information Owners (IO), Information Custodians (IC), technical teams, and the CISO Office to ensure security documentation, assessments, and risk records are completed in accordance with NIST SP 800-53, NIST Risk Management Framework (RMF), DIR Security Control Standards, and HHSC CISO Office procedures. RSA Archer GRC serves as the system of record for SSPs, SAs, RAs, risks, POA&Ms, and compliance reporting.
Key Responsibilities
System Security Planning (SSP)
Develop, update, and maintain System Security Plans for HHSC applications and systems.
Work with program teams, Information Owners, and Custodians to gather control implementation evidence.
Ensure System Security Plans align with NIST, DIR, and HHSC CISO Office standards.
Security Assessments (SA)
Plan and conduct Security Assessments to validate implementation and effectiveness of security controls.
Review technical, administrative, and operational evidence.
Document assessment results and track remediation activities.
Risk Assessments (RA)
Facilitate Risk Assessment workshops with Information Owners and Custodians.
Identify threats, vulnerabilities, likelihood, and impact.
Document risks, mitigation plans, and Risk-Based Decisions in RSA Archer.
GRC & Compliance Operations
Maintain security artifacts, risks, and remediation plans in RSA Archer GRC.
Support system authorization (ATO) activities and continuous monitoring.
Prepare audit and oversight evidence.
Produce leadership reports and security posture metrics.
Stakeholder Engagement
Serve as liaison between program areas, technical teams, and CISO Office leadership.
Provide guidance and training on System Security Plans, Security Assessments, and Risk Assessment processes.
Deliverables
Completed and updated System Security Plans (SSPs)
Documented Security Assessment reports and findings
Completed Risk Assessments and Risk-Based Decisions
RSA Archer risk and compliance records
Remediation tracking and status reports
Audit-ready security documentation packages
Required Qualifications
4+ years of experience in cybersecurity GRC, system security planning, or information assurance.
Hands-on experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments.
Knowledge of NIST SP 800-53 and NIST NIST Risk Management Framework.
Experience using GRC platforms (RSA Archer preferred).
Experience working with Information Owners and Custodians.
Strong technical writing and documentation skills.
Ability to work independently on complex assignments.
Required Certifications
At least one of:
CompTIA Security+
GIAC GSEC
CAP
CISSP
Preferred Qualifications
Experience in state or federal government cybersecurity programs.
Familiarity with DIR Security Control Standards.
Experience supporting ATO and continuous monitoring.
CRISC or CISA certification.
Work Requirements
Must pass background check.
Must comply with HHSC confidentiality and security requirements.
Occasional after-hours support during audits or major assessments.
This position directly supports HHSC's enterprise cybersecurity compliance, audit readiness, and system authorization program. The contractor will play a key role in ensuring every system has an SSP, every system has a Security Assessment, and every system has a documented Risk Assessment - exactly the accountability model your CISO Office is driving.
II. CANDIDATE SKILLS AND QUALIFICATIONS
| Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. |
| Years | Required/Preferred | Experience |
| 4 | Required | 4+ years of experience in cybersecurity GRC, system security planning, or information assurance. |
| 4 | Required | Hands-on experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments. |
| 4 | Required | Knowledge of NIST SP 800-53 and NIST Risk Management Framework. |
| 4 | Required | Experience using GRC platforms (RSA Archer preferred). |
| 4 | Required | Experience working with Information Owners and Custodians. |
| 4 | Required | Strong technical writing and documentation skills. |
| 4 | Required | Ability to work independently on complex assignments. |
| 3 | Preferred | Familiarity with DIR Security Control Standards. |
| 3 | Preferred | Experience supporting ATO and continuous monitoring. |
| 2 | Preferred | Experience in state or federal government cybersecurity programs. |
| 1 | Preferred | CRISC or CISA certification. |
III. TERMS OF SERVICE
Services are expected to start 03/30/2026 and are expected to complete by 08/31/2026. Total estimated hours per Candidate shall not exceed 1167 hours. This service may be amended, renewed, and/or extended providing both parties agree to do so in writing.
IV. WORK HOURS AND LOCATION
Services shall be provided during normal business hours unless otherwise coordinated through the Texas Health and Human Services Commission. Normal business hours are Monday through Friday from 8:00 AM to 5:00 PM, excluding State holidays when the agency is closed.
The primary work location(s) will be at 701 W 51st Street, Austin, TX 78751. The working position is On Site. Any and all travel, per diem, parking, and/or living expenses shall be at the Candidate's and/or Vendor's expense. Texas Health and Human Services Commission will provide pre-approved, written authorization for travel for any services to be performed away from the primary work location(s). Pre-approved travel expenses are limited to the rates and comply with the rules prescribed by the State of Texas for travel by its classified employees, including any requirement for original receipts.
The Candidate(s) may be required to work outside the normal business hours on weekends, evenings and holidays, as requested. Payment for work over 40 hours will be at the hourly rate quoted and must be coordinated and pre-approved through Texas Health and Human Services Commission.
Never miss an opportunity! Create an alert based on the job you applied for.