Sign upLog in

System Security & Risk (GRC) Specialist

Tellus Solutions

Austin, TX

Apply
JOB DETAILS
SKILLS
CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, CompTIA Security+, Computer Security, Documentation, Federal Government, GIAC - Global Information Assurance Certification, GSEC - GIAC Security Essentials Certification, Information/Data Security (InfoSec), Integrated Circuits (ICs), Internet Security, Leadership, Metrics, Network Performance/Analysis, Network Security, People Management, Reporting Skills, Risk, Risk Analysis, Risk Management, Risk Management Framework (RMF), Security Analysis, Security Auditing, State Government, Status Reports, Systems Maintenance, Team Player, Technical Writing, Training/Teaching, U.S. National Institute of Standards and Technology (NIST), Writing Skills
LOCATION
Austin, TX
POSTED
30+ days ago
Job Description:
  • HHSC requires an experienced Network Security Analyst II – System Security & Risk Specialist to support enterprise cybersecurity Governance, Risk, and Compliance (GRC) operations.
  • The contractor will support System Security Plan (SSP) development, Security Assessments (SA), and Risk Assessments (RA) across HHSC and DSHS application and infrastructure portfolios.
  • The contractor will work directly with program areas, Information Owners (IO), Information Custodians (IC), technical teams, and the CISO Office to ensure security documentation, assessments, and risk records are completed in accordance with NIST SP 800-53, NIST Risk Management Framework (RMF), DIR Security Control Standards, and HHSC CISO Office procedures. RSA Archer GRC serves as the system of record for SSPs, SAs, RAs, risks, POA&Ms, and compliance reporting.
Key Responsibilities:
System Security Planning (SSP)
  • Develop, update, and maintain System Security Plans for HHSC applications and systems.
  • Work with program teams, Information Owners, and Custodians to gather control implementation evidence.
  • Ensure System Security Plans align with NIST, DIR, and HHSC CISO Office standards.
Security Assessments (SA):
  • Plan and conduct Security Assessments to validate implementation and effectiveness of security controls.
  • Review technical, administrative, and operational evidence.
  • Document assessment results and track remediation activities.
Risk Assessments (RA):
  • Facilitate Risk Assessment workshops with Information Owners and Custodians.
  • Identify threats, vulnerabilities, likelihood, and impact.
  • Document risks, mitigation plans, and Risk-Based Decisions in RSA Archer.
GRC & Compliance Operations:
  • Maintain security artifacts, risks, and remediation plans in RSA Archer GRC.
  • Support system authorization (ATO) activities and continuous monitoring.
  • Prepare audit and oversight evidence.
  • Produce leadership reports and security posture metrics.
Stakeholder Engagement:
  • Serve as liaison between program areas, technical teams, and CISO Office leadership.
  • Provide guidance and training on System Security Plans, Security Assessments, and Risk Assessment processes.
Deliverables:
  • Completed and updated System Security Plans (SSPs)
  • Documented Security Assessment reports and findings
  • Completed Risk Assessments and Risk-Based Decisions
  • RSA Archer risk and compliance records
  • Remediation tracking and status reports
  • Audit-ready security documentation packages
Required Qualifications:
  • 4+ years of experience in cybersecurity GRC, system security planning, or information assurance.
  • Hands-on experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments.
  • Knowledge of NIST SP 800-53 and NIST NIST Risk Management Framework.
  • Experience using GRC platforms (RSA Archer preferred).
  • Experience working with Information Owners and Custodians.
  • Strong technical writing and documentation skills.
  • Ability to work independently on complex assignments.
Required Certifications:
At least one of:
  • CompTIA Security+
  • GIAC GSEC
  • CAP
  • CISSP
Preferred Qualifications:
  • Experience in state or federal government cybersecurity programs.
  • Familiarity with DIR Security Control Standards.
  • Experience supporting ATO and continuous monitoring.
  • CRISC or CISA certification.

About the Company

T

Tellus Solutions