Cybersecurity GRC Analyst

Austin, TX - USA

Monthly Salary: Not Disclosed

Posted on: 4 hours ago

Vacancies: 1 Vacancy

Job Summary

Key Responsibilities

System Security Planning (SSP)

Develop update and maintain System Security Plans for HHSC applications and systems.

Work with program teams Information Owners and Custodians to gather control implementation evidence.

Ensure System Security Plans align with NIST DIR and HHSC CISO Office standards.

Security Assessments (SA)

Plan and conduct Security Assessments to validate implementation and effectiveness of security controls.

Review technical administrative and operational evidence.

Document assessment results and track remediation activities.

Risk Assessments (RA)

Facilitate Risk Assessment workshops with Information Owners and Custodians.

Identify threats vulnerabilities likelihood and impact.

Document risks mitigation plans and Risk-Based Decisions in RSA Archer.

GRC & Compliance Operations

Maintain security artifacts risks and remediation plans in RSA Archer GRC.

Support system authorization (ATO) activities and continuous monitoring.

Prepare audit and oversight evidence.

Produce leadership reports and security posture metrics.

Stakeholder Engagement

Serve as liaison between program areas technical teams and CISO Office leadership.

Provide guidance and training on System Security Plans Security Assessments and Risk Assessment processes.

Deliverables

Completed and updated System Security Plans (SSPs)

Documented Security Assessment reports and findings

Completed Risk Assessments and Risk-Based Decisions

RSA Archer risk and compliance records

Remediation tracking and status reports

Audit-ready security documentation packages

Required Qualifications

4 years of experience in cybersecurity GRC system security planning or information assurance.

Hands-on experience developing System Security Plans (SSPs) conducting Security Assessments and facilitating Risk Assessments.

Knowledge of NIST SP 800-53 and NIST NIST Risk Management Framework.

Experience using GRC platforms (RSA Archer preferred).

Experience working with Information Owners and Custodians.

Strong technical writing and documentation skills.

Ability to work independently on complex assignments.

Required Certifications

At least one of:

CompTIA Security

GIAC GSEC

CAP

CISSP

Preferred Qualifications

Experience in state or federal government cybersecurity programs.

Familiarity with DIR Security Control Standards.

Experience supporting ATO and continuous monitoring.

CRISC or CISA certification.

Work Requirements

Must pass background check.

Must comply with HHSC confidentiality and security requirements.

Occasional after-hours support during audits or major assessments.

This position directly supports HHSCs enterprise cybersecurity compliance audit readiness and system authorization program. The contractor will play a key role in ensuring every system has an SSP every system has a Security Assessment and every system has a documented Risk Assessment exactly the accountability model your CISO Office is driving.

CANDIDATE SKILLS AND QUALIFICATIONS

4Years-Required-4 years of experience in cybersecurity GRC system security planning or information assurance.

4 Years -Required-Hands-on experience developing System Security Plans (SSPs) conducting Security Assessments and facilitating Risk Assessments.

4 Years -Required-Knowledge of NIST SP 800-53 and NIST Risk Management Framework.

4 Years -Required-Experience using GRC platforms (RSA Archer preferred).

4 Years -Required-Experience working with Information Owners and Custodians.

4 Years -Required-Strong technical writing and documentation skills.

4 Years -Required-Ability to work independently on complex assignments.

3 Years -Preferred-Familiarity with DIR Security Control Standards.

3 Years -Preferred-Experience supporting ATO and continuous monitoring.

2 Years -Preferred-Experience in state or federal government cybersecurity programs.

1 Years -Preferred-CRISC or CISA certification.

Key Responsibilities System Security Planning (SSP) Develop update and maintain System Security Plans for HHSC applications and systems. Work with program teams Information Owners and Custodians to gather control implementation evidence. Ensure System Security Plans align with NIST DIR and HHSC C...