Governance, Risk and Compliance

Job Description:
As a Cybersecurity Analyst II at the Texas Department of Family and Protective Services (DFPS) you will have at least two years of related experience and be responsible for developing and implementing effective governance frameworks, risk management strategies, and compliance programs to mitigate potential risks and ensure adherence to industry standards.

By evaluating and monitoring the agency’s practices, policies, and procedures, the Cybersecurity Analyst II will help maintain a culture of compliance and identify opportunities for improvement. The Cybersecurity Analyst II will collaborate with various departments, stakeholders, and external partners to maintain a comprehensive GRC program that supports the agency’s strategic objectives.

How you will make an impact
• Assist the Chief Information Security Officer (CISO) and GRC Lead in developing and implementing an enterprise-wide governance, risk management, and compliance program, aligning it with the agency’s goals and objectives.

• Establish policies, procedures, and controls to ensure compliance with legal and regulatory requirements, industry standards, and best practices

• Conduct regular risk assessments to identify potential vulnerabilities, assess the impact of risks, and develop mitigation strategies.

• Design and implement effective internal controls, monitoring mechanisms, and reporting systems to ensure compliance and identify gaps or areas for improvement

• Collaborate with key stakeholders, such as legal, finance, IT, and operations teams, to provide guidance on compliance-related matters and promote a culture of risk awareness and ethical behavior.

• Stay updated on relevant laws, regulations, industry standards, and emerging governance, risk, and compliance trends, and communicate any changes or updates to the CISO.

• Conduct periodic audits and reviews of internal processes to identify control weaknesses and recommend corrective actions.

• Coordinate external audits and examinations, ensuring all required documentation and information are readily available.

• Provide training and education to employees on compliance-related topics, policies, and procedures.

• Serve as the primary point of contact for external regulatory agencies and auditors, ensuring timely and accurate responses to inquiries and requests for information.

• Track and report on compliance metrics, issues, and trends to senior management and relevant stakeholders.

• Foster a culture of ethics, integrity, and accountability within the agency.

The mission of DFPS is to protect children, the elderly, and people with disabilities from abuse, neglect, and exploitation by involving clients, families, and communities.

The Cybersecurity Analyst II is expected to work collaboratively with other team members from a positive, proactive, and mission-first perspective. They will assist in planning, developing, monitoring, and maintaining cybersecurity and information technology security processes and controls. The DFPS cybersecurity environment is extensive and complex, allowing you to combine your previous experience in similar environments with your analytical skills.

This position is classified as full-time (40 hours a week). This position is % telework within Texas and requires the candidate to maintain personal Wi-Fi and webcam capabilities during work hours to perform their duties. Work outside of regular hours may be required. Travel to other Austin offices(s) may be required. Works under limited supervision, with considerable latitude for initiative and independent judgment.

Essential Job Functions:
• Conducts quantitative and qualitative risk assessments of technology resources, both internal and third-party.

• Assesses DFPS ITS compliance with security programs, policies, standards, and guidelines.

• Performs reviews of technology contracts for compliance with federal and State of Texas law.

• Develop and maintain a repository for assessment evidence to be utilized by the team and for future assessments.

• Develop evidence packages to satisfy compliance reporting requirements

• Deliver assessment packages in a timely fashion to demonstrate compliance and adherence to internal and external partners

• Assist with conducting assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as NIST CSF, NIST -53, FBI CJIS CSP, etc.)

• Assists the IT with Disaster Recovery/Business Continuity programs.

• Develop and maintain system security plans (SSP) for DFPS applications and technologies.

• Assists with successfully completing the quarterly UAR (User Access Review) audit process.

• Collaborates with Internal Audit in developing, testing, and devising solutions to effectively meet applicable IT control objectives.

• Responsible for continued personal growth in technology, business knowledge, and DFPS policies and platforms.

• Assists with the Cybersecurity Awareness Training Program.

• Develop, maintain, and ensure the accuracy of metrics, dashboards, reports, visualizations, and contacts across systems.

• Guides customers on SPECTRIM portal functionality and assists in developing and improving SPECTRIM.

• Ensures division website content is accurate, up-to-date, and effectively communicated. Ensures division email box is monitored and maintained.

• Functions as a cybersecurity generalist to support and backfill work across the team.

• Provides GRC system operational support, including troubleshooting issues, access control management, account management, and general technical support.

• Advises customers and internal stakeholders on security configuration and best practice issues.
Knowledge Skills Abilities:
• Experience with State of Texas information security requirements, including Texas Administrative Code § and Texas Government Code , is strongly preferred.

• Knowledge of security controls in industry-standard frameworks including, but not limited to the Federal Information Security Management Act (FISMA), the Federal Risk and Authorization Management Program (FedRAMP), the National Institute of Standards (NIST) Series Special Publications, the NIST Cybersecurity Framework, FBI Criminal Justice Information Services (CJIS) Security Policy or other security standards and regulations.

•Proficiency in using GRC software and other relevant tools.

• Ability to prepare technical issue papers and research reports and effectively deliver oral presentations and written reports to IT and non-IT management

• Excellent analytical and problem-solving skills, with the ability to identify and evaluate potential risks and develop effective mitigation strategies.

• Exceptional attention to detail and a thorough understanding of internal control systems.

• Experience in developing and delivering compliance training programs.

• Experience creating and managing policy, processes, and procedure documents.

• Enjoys looking for and building efficiencies in the team, strong consensus building, multi-tasking, interpersonal, and analytical skills.

• Experience auditing various Cloud architectures and deployment strategies such as Software-as-a-service, Infrastructure-as-a-service, Platform as a service, etc.

• Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.

---