Join the Texas Health and Human Services Commission (HHSC) and be part of a team committed to creating a positive impact in the lives of fellow Texans. At HHSC, your contributions matter, and we support you at each stage of your life and work journey. Our comprehensive benefits package includes 100% paid employee health insurance for full-time eligible employees, a defined benefit pension plan, generous time off benefits, numerous opportunities for career advancement and more. Explore more details on the Benefits of Working at HHS webpage.

Functional Title: Cybersecurity Compliance Analyst

Job Title: Cybersecurity Analyst II

Agency: Health & Human Services Comm

Department: SP28 IT Security

Posting Number: 17423

Closing Date: 07/28/2026

Posting Audience: Internal and External

Occupational Category: Computer and Mathematical

Salary Range: $5,797.66 - $8,416.00

Pay Frequency: Monthly

Salary Group: TEXAS-B-25

Shift: Day

Regular/Temporary: Regular

Full Time/Part Time: Full time

FLSA Exempt/Non-Exempt: Exempt

Job Location City: AUSTIN

Job Location Address: 4601 W GUADALUPE ST

This position is open to U.S. Citizens and permanent residents.

The Cybersecurity Compliance Analyst performs professional-level work supporting cybersecurity compliance, audit coordination, policy and standards publication, and procurement and contract support. The position supports alignment with applicable regulatory and policy requirements, strengthens audit readiness, and promotes integration of security controls within enterprise governance and external business engagements.

This position is responsible for interpreting regulatory changes, reviewing materials for applicability to agency requirements, and supporting enterprise cybersecurity governance activities. Work includes assisting with compliance monitoring, audit support, policy alignment, documentation review, and incorporation of security requirements into procurement and third-party business processes. This is an onsite position based in Austin, TX. The selected candidate must be willing to work onsite from an HHS office located in Austin, Texas.

Essential Job Functions (EJFs):

Essential Job Functions represent the principal duties of the position and serve as the basis for performance evaluation.

(20%) EJF 1 – Governance SME or Contract / Regulatory Reviews Support

• Assists with administration of the information security compliance program by supporting monitoring activities, documentation review, and coordination of compliance-related tasks.
• Reviews regulatory, statutory, and agency requirements to determine applicability and supports communication of resulting compliance obligations to relevant stakeholders.
• Maintains compliance-related records, trackers, and supporting documentation to promote consistency, traceability, and audit readiness.
• Provides staff support for governance activities by compiling information, preparing materials, and coordinating follow-up actions related to compliance initiatives.
• Conducts detailed research and review of technical and non-technical information, evidentiary materials, and supporting documentation, applying legal research and analysis methods to identify, organize, analyze, and correlate information for compliance with NIST SP 800-53, Texas Department of Information Resources (DIR) requirements, Criminal Justice Information Services (CJIS) Security Policy requirements, privacy requirements, applicable legal standards, and proposed legislative impacts.

(30%) EJF 2 – Policy, Process, Standards & Publication Maintenance

• Assists in the review and maintenance of security policies, processes, and standards to support alignment with TAC 202, enterprise security requirements, and operational needs.
• Confirms security, regulatory, data, or privacy and identifies gaps or inconsistencies in existing policies, processes, standards, and publications by monitoring changes in regulatory requirements, industry practices, and technologies.
• Conducts research on security topics and emerging technologies (e.g., Cloud, AI) and supports incorporation of findings into updated policies, processes, standards, and publications.
• Supports updates and revisions to policies, processes, standards, and publications, ensuring artifacts remain current and aligned with compliance requirements.
• Assists in documenting security implementation guidance and contributes to published standards and procedural materials that support consistent and auditable practices.
• Contributes to the development and maintenance of IT publications, including procedures, guidelines, and reference materials.

(20%) EJF 3 – Audit Coordination & Compliance Support

• Supports audit coordination activities by assisting in the collection, review, and organization of evidence aligned to policies, processes, standards, and publications.
• Reviews documentation to ensure consistency with established security policies, documented procedures, and standards, escalating discrepancies as needed.
• Assists stakeholders in responding to audit requests and remediation activities by referencing applicable policy, process, standard, and publication artifacts.
• Tracks audit findings and support remediation efforts through updates to policies, processes, standards, and published guidance.

(20%) EJF 4– Vendor Security & Procurement Support

• Assists in reviewing third-party security documentation (e.g., DUAs, MOUs) to ensure alignment with agency policies, processes, standards, and published security requirements.
• Supports procurement and contract review activities by helping verify that required security standards and policy-based controls are documented in vendor deliverables.
• Helps ensure that security expectations are referenced through standards and formal security publications where applicable.
• Works collaboratively with internal teams (security, IT, legal, procurement, and business units) to support consistent implementation and understanding of security policies, processes, standards, and publications.

(10%) EJF 5 - Performs other duties as assigned within the scope of the position.

Knowledge, Skills, and Abilities (KSA)

The following knowledge, skills, and abilities support successful performance in this role:

• Knowledge of information security principles, compliance frameworks, security policies, standards, procedures, audit support practices, and third-party security review concepts.
• Skill in reviewing, organizing, and maintaining security documentation; conducting research; tracking compliance activities; supporting audits, remediation, and procurement-related security tasks; and coordinating with stakeholders to support timely completion of assigned work.
• Communication and Leadership Skills.
• Ability to analyze information, identify documentation gaps, communicate clearly with stakeholders, apply security requirements consistently, coordinate activities across technical and business teams, and support organized execution of compliance-related efforts.
• Ability to compile, order, analyze and correlate technical and non-technical information.
• Ability to understand, interpret and evaluate evidentiary materials in relation to security NIST 800-53, DIR, Privacy and Legal requirements.
• Ability to interpret regulatory and technical security requirements.
• Ability to perform documentation management and audit evidence preparation.
• Ability to perform process improvement and governance maturity development.
• Ability to communicate technical risk in business terms.
• Ability to perform facilitation of governance forums and working sessions.
• Ability to perform stakeholder engagement across technical and executive levels.
• Ability to communicate clearly verbally and in writing.
• Ability to maintain confidentiality of security and integrity of critical infrastructure systems by ensuring compliance with laws and regulations.

Registrations, Licensure Requirements or Certifications:

Preferred

• Project Management Professional (PMP) or equivalent.
• Micro-credentials in Policy Analysis, Governance, or Risk Management.
• Certified Paralegal (CP).

Initial Screening Criteria:

Minimum Required Qualifications: Bachelor’s degree in information security, Information Technology, or related field, or equivalent experience on a year-for-year basis.

• Minimum of five (5) years of experience in cybersecurity governance, risk management, or compliance.
• Experience implementing RMF and security authorization processes.
• Experience working with enterprise GRC and IT service management tools.

Preferred Qualifications: Experience in public sector or healthcare security governance environments.

Additional Information:

Candidates for this position will be subject to a pre-employment security review to determine employment eligibility.

This is an onsite position, with 5 days in office required.

This position is open to U.S. Citizens and permanent residents.

Any employment offer is contingent upon available budgeted funds. The offered salary will be determined in accordance with budgetary limits and the requirements of HHSC Human Resources Manual.

LI-GN1

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Active Duty, Military, Reservists, Guardsmen, and Veterans:

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions.

ADA Accommodations:

In compliance with the Americans with Disabilities Act (ADA), HHSC and DSHS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the online application, contact the HHS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.

Pre-Employment Checks and Work Eligibility:

Depending on the program area and position requirements, applicants selected for hire may be required to pass background and other due diligence checks.

HHSC uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Download the I-9 Form.

Telework Disclaimer:

This position may be eligible for telework. Please note, all HHS positions are subject to state and agency telework policies in addition to the discretion of the direct supervisor and business needs.