Cybersecurity Analyst III

Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.

Functional Title: Cybersecurity Analyst III
Job Title: Cybersecurity Analyst III
Agency: Health & Human Services Comm
Department: IT Security Posture EI
Posting Number: 15266
Closing Date: 05/23/2026
Posting Audience: Internal and External
Occupational Category: Computer and Mathematical
Salary Range: $7,015.16 - $10,139.00
Pay Frequency: Monthly
Salary Group: TEXAS-B-27
Shift: Day
Additional Shift: Days (First)
Telework:
Travel:
Regular/Temporary: Regular
Full Time/Part Time: Full time
FLSA Exempt/Non-Exempt: Exempt
Facility Location:
Job Location City: AUSTIN
Job Location Address: 701 W 51ST ST
Other Locations:
MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A
170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D
26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT
CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS

Brief Job Description:

This position is open to U.S. Citizens and permanent residents.

This onsite role requires the selected candidate to work from an HHS office in Austin, Texas.

The Cybersecurity Analyst III performs senior‑level security work with emphasis on cloud security, web application protection, and governance, risk, and compliance (GRC). The role supports on‑premises and cloud environments by evaluating, implementing, and monitoring security controls to protect agency systems and data.

The position helps develop and maintain the HHSC Information Security Program and ensures the implementation and documentation of policies, procedures, and controls that meet regulatory and compliance requirements.

Using established risk management methodologies, the Analyst conducts security and risk assessments, identifies policy or control needs, and evaluates the effectiveness of security solutions across assigned governance areas.

The role reviews regulatory changes, monitors industry’s best practices and emerging technologies, participates in compliance and regulatory audits, and supports the implementation of security improvements.

The Analyst also provides expert guidance on HHS Security Policy, TAC 202, HIPAA, and other applicable regulations; partners with Information Security Officers and technical teams to address vulnerabilities; advises on high‑risk IT projects; and supports staff on security and compliance matters.

Essential Job Functions (EJFs):

Attends work on a regular and predictable schedule following agency leave policy and performs other duties as assigned.

Provides security and risk management services by performing risk identification, assessment, and remediation, as well as regulatory and internal compliance monitoring; uses established standards and processes to adequately protect Health and Human Services (HHS) personnel, facilities, cloud infrastructure, information, and business operations. (30%)

Conduct system security assessments and evaluate products, services, and technical issues to determine security impacts and required mitigation actions. Performs risk-based needs assessments of automated systems to identify information security requirements; evaluates agency systems including infrastructure, processes, and procedures with a specific focus on cloud security posture management (CSPM) and web application vulnerabilities to discover compliance needs and gaps. (30%)

Lead and facilitate security initiatives, including planning, coordinating, and executing assigned security projects and tasks. Prepares documentation, reporting packages, and audit responses for internal reviews, external audits, and leadership inquiries. (20%)

Advises management and users regarding enterprise security program functions, including cloud security best practices and secure application development standards; provides targeted training to agency customers within assigned specific security domains. (10%)

Provide leadership and mentorship to other security analysts, offering guidance in performing assessments, implementing controls, and carrying out security functions. (10%)

Knowledge, Skills and Abilities (KSAs):

Knowledge of:

• Information security risk assessment and security assessment methodologies, processes, and audit practices.
• Security program policies, standards, controls, and procedural requirements.
• Networking, operating systems, applications, databases, and related technologies, including wireless and mobile environments.
• Incident response concepts, practices, and procedures.
• Secure Software/System Development Lifecycle (S‑SDLC) methodologies.
• Regulatory and compliance requirements, including HIPAA/HITECH, PCI, SOX, TAC 202, IRS Publication 1075, Texas Business and Commerce Code, and Texas Health and Safety Code.
• Security and risk management frameworks such as NIST, SANS, HITRUST, ISO, and COBIT.

Skill in:

• Written and verbal communication.
• Analyzing and solving complex problems and quickly understanding technical concepts.
• Developing, implementing, and maintaining information security policies, standards, and controls.
• Performing risk assessments, security assessments, and audits.
• Evaluating risks and identifying mitigation strategies, including defining compensating controls.

Ability to:

• Interpret and apply regulatory, policy, and security framework requirements.
• Communicate technical information to both technical and non‑technical audiences.
• Work collaboratively with diverse teams and guide others in information security practices
• Ability to maintain the security and integrity of critical infrastructure systems by preventing unauthorized access and ensuring compliance with laws and regulations related to national security and foreign ownership restrictions

Registrations, Licensure Requirements or Certifications:

Prefer one or more of the following certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Manager (CISM)
• Global Information Assurance Certification (GIAC)
• Project Management Professional (PMP)

Initial Screening Criteria:

• Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is strongly preferred. Education and experience may be substituted for one another on a year-for-year basis.
• At least 8 - 12 years of experience in information technology, security risk, compliance management, assessment, auditing, research, and consulting.
• Experience in researching, authoring, or supporting the development of information security policies and standards.
• Experience developing security and risk performance metrics and reporting dashboards for executive, business, and technical audiences.

Additional Information:

Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.

This is an onsite position, with 5 days in office required.

Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.

#LI-IN1

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Active Duty, Military, Reservists, Guardsmen, and Veterans:

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.

ADA Accommodations:

In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.

Pre-Employment Checks and Work Eligibility:

Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.

HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form

Telework Disclaimer:

This position may be eligible for telework. Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.