Cybersecurity Risk & Compliance Analyst

Job Title: Cybersecurity Risk & Compliance Analyst – System Security & Risk (GRC) Specialist

Client: Texas Health and Human Services Commission (HHSC)

Location: 701 W 51st Street, Austin, TX 78751

Work Mode: 100% Onsite (Local Candidates Only)

Position Overview

The Texas Health and Human Services Commission (HHSC) is seeking an experienced Cybersecurity Risk & Compliance Analyst – System Security & Risk (GRC) Specialist to support enterprise cybersecurity governance, risk management, and compliance operations.

This role is responsible for ensuring that HHSC information systems remain secure, compliant, and audit-ready by supporting:

• System Security Plan (SSP) development
• Security Assessments (SA)
• Risk Assessments (RA)
• Authorization to Operate (ATO) support
• Continuous monitoring initiatives

The analyst will collaborate closely with:

• Information Owners (IO)
• Information Custodians (IC)
• Technical & Application Teams
• HHSC CISO Office

All activities must align with:

• NIST SP 800-53
• NIST Risk Management Framework (RMF)
• DIR Security Control Standards
• HHSC cybersecurity policies

RSA Archer serves as the system of record for all GRC activities.

Key Responsibilities

System Security Planning (SSP)

• Develop, maintain, and update System Security Plans for HHSC systems and applications.
• Gather and validate control implementation evidence.
• Ensure documentation aligns with NIST, DIR, and HHSC CISO standards.
• Support lifecycle updates of SSPs for compliance and audit readiness.