JOB DESCRIPTION
POSITION: Network Security Analyst 2
DURATION: Long term
Client: HHSC
Location: Austin, TX - Onsite
Key Responsibilities
System Security Planning (SSP)
• Develop, update, and maintain System Security Plans for HHSC applications and systems.
• Work with program teams, Information Owners, and Custodians to gather control implementation evidence.
• Ensure System Security Plans align with NIST, DIR, and HHSC CISO Office standards.
Security Assessments (SA)
• Plan and conduct Security Assessments to validate implementation and effectiveness of security controls.
• Review technical, administrative, and operational evidence.
• Document assessment results and track remediation activities.
Risk Assessments (RA)
• Facilitate Risk Assessment workshops with Information Owners and Custodians.
• Identify threats, vulnerabilities, likelihood, and impact.
• Document risks, mitigation plans, and Risk-Based Decisions in RSA Archer.
GRC & Compliance Operations
• Maintain security artifacts, risks, and remediation plans in RSA Archer GRC.
• Support system authorization (ATO) activities and continuous monitoring.
• Prepare audit and oversight evidence.
• Produce leadership reports and security posture metrics.
Stakeholder Engagement
• Serve as liaison between program areas, technical teams, and CISO Office leadership.
• Provide guidance and training on System Security Plans, Security Assessments, and Risk Assessment processes.
Deliverables
• Completed and updated System Security Plans (SSPs)
• Documented Security Assessment reports and findings
• Completed Risk Assessments and Risk-Based Decisions
• RSA Archer risk and compliance records
• Remediation tracking and status reports
• Audit-ready security documentation packages
Required Qualifications
• 4+ years of experience in cybersecurity GRC, system security planning, or information assurance.
• Hands-on experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments.
• Knowledge of NIST SP 800-53 and NIST NIST Risk Management Framework.
• Experience using GRC platforms (RSA Archer preferred).
• Experience working with Information Owners and Custodians.
• Strong technical writing and documentation skills.
• Ability to work independently on complex assignments.
Required Certifications
At least one of:
• CompTIA Security+
• GIAC GSEC
• CAP
• CISSP
II. CANDIDATE SKILLS AND QUALIFICATIONS
Minimum Requirements:
Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. |
Years | Required/Preferred | Experience |
4 | Required | 4+ years of experience in cybersecurity GRC, system security planning, or information assurance. |
4 | Required | Hands-on experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments. |
4 | Required | Knowledge of NIST SP 800-53 and NIST Risk Management Framework. |
4 | Required | Experience using GRC platforms (RSA Archer preferred). |
4 | Required | Experience working with Information Owners and Custodians. |
4 | Required | Strong technical writing and documentation skills. |
4 | Required | Ability to work independently on complex assignments. |
3 | Preferred | Familiarity with DIR Security Control Standards. |
3 | Preferred | Experience supporting ATO and continuous monitoring. |
2 | Preferred | Experience in state or federal government cybersecurity programs. |
1 | Preferred | CRISC or CISA certification. |
Never miss an opportunity! Create an alert based on the job you applied for.