GRC Security Analyst with CMS MARS E v2.2 in Austin, TX Onsite Interview

Inperson Interview

JOB DESCRIPTION:

The Security Engineer will project work by leading security governance, compliance, and risk management activities, with a strong focus on System Security & Privacy Plans (SSP/SSPP). This role bridges technical security operations and regulatory compliance, ensuring audit readiness, effective vulnerability remediation, and secure delivery of public-facing services across complex, multi-platform environments.

Lead end to end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems

Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps

Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories)

Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence

Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation

Provide governance oversight for endpoint protection, web application security, and cloud security controls

Produce assessor ready documentation, including configurations, monitoring evidence, approvals, and incident traceability

Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices

II. CANDIDATE SKILLS AND QUALIFICATIONS

Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.
Years	Required/Preferred	Experience
12	Required	deep focus on: Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing , Cloud Security and hybrid environments
10	Required	Proven experience owning SSP development end to end
10	Required	Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks
10	Required	Strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management
8	Required	Ability to translate technical security issues into compliance aligned remediation actions
8	Required	Strong stakeholder management skills across security, infrastructure, and application teams
8	Required	Excellent written and verbal communication skills, particularly for executive stakeholders
8	Required	Knowledge of NIST 800 53, NIST RMF, and privacy controls
8	Required	Knowledge of Secure SDLC and DevSecOps practices
5	Preferred	Experience operating in multi-vendor, multi-platform environments
5	Preferred	Demonstrated ability to reduce repeat audit findings and improve compliance maturity
5	Preferred	Experience mentoring or guiding teams on security governance best practices
1	Preferred	Experience supporting HHSC systems, including SSP development and compliance