IT Security Analyst 3

Full Time Austin, Texas Metropolitan Area Texas Health and Human Services

Job Summary

Texas Health and Human Services is seeking candidates for a position of IT Security Analyst 3 on Full Time basis located at Austin, Texas Metropolitan Area. Do not forget to review the job posting carefully before apply online.

Job Title: IT Security Analyst 3
Company Name: Texas Health and Human Services
Job Location: Austin, Texas Metropolitan Area
Job Type: Full Time
Job Category: Government Administration
Job Link Expiry: 2023-04-15
Posted on:

Job Details:

About the job

This position performs highly complex (senior-level) information security analyst work. Plays a role in developing and supporting the HHSC Information Security Assurance Program and developing strategy for compliance with information security regulatory requirements. Oversees the establishment, implementation, adherence to, and documentation of HHSC information security policies, procedures, and processes to protect computer systems, infrastructure, and data from unauthorized access. Employs generally accepted risk analysis and risk management methodologies to administer risk assessments on behalf of their specific governance portfolios and assist with general risk assessment and assurance functions to determine specific needs for security policies and procedures and to evaluate the potential effectiveness and appropriateness of security solutions. Reviews new and modified regulatory requirements about information security to determine if new policies and procedures are needed and monitor related “best practices” and emerging security technologies for a potential application. Participates in internal and external compliance and regulatory audits and implements recommended security enhancements. Guides agency users in adhering to the agency and HHS Security Policy, Guidelines and Standards, Texas Administrative Code (TAC 202), Health Insurance Portability and Accountability Act (HIPAA), and other state and federal rules and regulations. Provides information security expertise and support, in partnership with HHS agency Information Security Officers and staff, in addressing security vulnerabilities. Consults on high visibility/high-risk IT projects and guides team members and information security staff on security and compliance matters

Essential Job Functions:

Attends work on a regular and predictable schedule following agency leave policy and performs other duties as assigned. Provides security and risk management services by performing risk identification, assessment, remediation, and regulatory and internal compliance monitoring using standards and processes to adequately protect HHS personnel, facilities, infrastructure, information, and business operations. Plan, create, and implement security program documentation (30%). Perform system risk assessments and evaluation of products, services, and issues for risk (30%). Leads facilitate security projects and tasks (20%). Advises management and users regarding enterprise security program functions (10%). Supervises or mentors other security analysts in performing their duties (10%).

Knowledge Skills Abilities:

1. Excellent written and verbal communication skills. 2. Superior problem-solving skills and ability to comprehend complex technical topics quickly. 3. Knowledge of risk assessment methodologies and processes. 4. Skill at creating and implementing security program policies, standards, controls, and procedures. 5. Skill at performing risk assessments, security assessments, and audits. 6. Skill in assessing risks and forming mitigation alternatives to define compensating controls. 7. Broad technology skills in networking, operating systems, applications, and databases. 8. Knowledge of network technologies to include wireless and mobile platforms 9. Knowledge of incident response concepts and processes. 10. Knowledge of Secure-System Development Lifecycle (S-SDLC) methodologies and processes. 11. Knowledge of compliance requirements including HIPAA/HITECH, PCI, SOX, 1 TAC 202, IRS Publication 1075, Texas Business and Commerce Code, and Texas Health and Safety Code. 13. Knowledge of security and risk frameworks including NIST, SANS, HITRUST, ISO, COBIT.

Registration or Licensure Requirements:

One or more of the following is preferred. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Manager (CISM, Global Information Assurance Certification (GIAC), CompTIA Security +, Project Management Professional (PMP).

Initial Selection Criteria:

4 plus years of experience in information technology, security risk, compliance management, assessment, auditing, research, and consulting. Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is strongly preferred. Education and experience may be substituted for one another.

 Report Job