General Description
Are you dedicated to safeguarding your organization's data and privacy? Imagine extending that commitment to protecting the citizens of Texas. The role of Cybersecurity Analyst within the Texas Attorney General’s Enterprise Information Security Team presents a thrilling opportunity amidst our ongoing digital evolution. Join us in advancing cutting-edge products and services while ensuring the state receives top-notch security measures.
Our Enterprise Information Security Team is dedicated to delivering premium security services to the agency, leveraging talent and innovative technologies to better serve Texans. We seek a dynamic security professional to serve as a Cybersecurity Analyst within the Governance, Risk, and Compliance (GRC) Team. This pivotal role involves implementing risk management programs, conducting assessments, and ensuring security compliance. You'll craft security standards and business continuity plans, oversee contract reviews, and conduct system audits and risk analyses. Leadership and project management experience are essential, as you'll drive system-wide security strategies, intrusion detection, risk assessment, and policy development.
As a Cybersecurity Analyst, you will perform highly complex (senior-level) cybersecurity analysis work as you spearhead the defense against cyber threats, engaging in advanced analysis to safeguard our assets. Your responsibilities span from incident detection and response to threat assessment, intelligence, and vulnerability assessments. You'll also have the opportunity to lead and supervise others, utilizing your expertise under limited supervision, with ample room for initiative and independent judgment.
Join us in safeguarding Texas and shaping the future of cybersecurity governance.
The Mission of the Office of the Attorney General
- The Office of Attorney General champions liberty and justice for Texas
The Values of the Office of the Attorney General
- The Office of Attorney General is committed to performing its duties with excellence, serving Texas with humility and integrity, and exploring innovative solutions in accomplishing the work of the agency.
The OAG is a dynamic state agency with over 4,000 employees throughout the State of Texas. As the State’s law firm, the OAG provides exemplary legal representation in diverse areas of law. OAG employees enjoy excellent benefits (https://ers.texas.gov/Benefits-at-a-Glance) along with tremendous opportunities to do important work at a large, dynamic state agency making a positive difference in the lives of Texans.
Essential Position Functions
- Safeguard Agency Data: Lead security strategy by designing, automating, and deploying security applications and infrastructure. Leads the development and implementation of the overall information security program, including policies, standards, risk management, and risk reduction strategies. Collaborate on security plans and develop policies for data encryption and firewall configuration. Collaborates to define Information Security requirements, emphasizing involvement in shaping security protocols.
- Ensure Business Continuity: Develop and implement data security plans and an IT disaster recovery plan to protect against unauthorized access and disruptions. Advise stakeholders on security best practices. Works with Internal/External Auditors and consultants, showcasing collaboration on security audits. Interacts with all levels of staff on security matters, emphasizing strong communication across departments. Works with IT and business teams for security assessments, highlighting collaboration for security integration.
- Proactive Risk Management: Conduct and review risk assessments of systems and collaborate with users on access needs and security concerns. Monitor systems with automated tools to identify and mitigate vulnerabilities. Consults with other risk management representatives, highlighting risk management communication skills. Performs cybersecurity incident detection, analysis, and prevention, highlighting core security expertise. Performs business impact analysis and develops the risk register, demonstrating understanding of business needs and risk prioritization.
- Maintain Data Security: Manage access controls to prevent unauthorized data modification. Research and recommend programmatic and technical security directions and solutions for data breaches to ensure swift containment. Research systems and procedures for security breaches, showcasing proactive threat mitigation skills. Conducts periodic gap assessments to validate compliance, emphasizing ongoing adherence to regulations. Reviews files, reports, and programs for legal compliance, showcasing legal and regulatory knowledge.
- Drive Security Innovation: Collaborate with internal teams on security decisions and consult with stakeholders to deliver customized information security solutions. Champion continuous improvement by implementing new and efficient security methods. Stays up-to-date on security trends and regulations, highlighting commitment to continuous learning. Lead security awareness training to empower users. Develops and manages security awareness and training programs, emphasizing user education and security culture building.
- Performs related work as assigned
- Maintains relevant knowledge necessary to perform essential job functions
- Attends work regularly in compliance with agreed-upon work schedule. Telework schedules are permitted for employees based on the agency’s approved Telework Plan, as long as schedule does not adversely affect operations and service levels, and standard hours of operation are maintained.
- Ensures security and confidentiality of sensitive and/or protected information
- Complies with all agency policies and procedures, including those pertaining to ethics and integrity
Qualifications
MINIMUM QUALIFICATIONS
- Education: Graduation from high school or equivalent
- Experience: Eight years of full-time experience working in the following (or closely related) fields: information technology security, computer information systems, computer science, management information systems; may substitute credit hours from an accredited college or university for the required experience on a year-for-year basis
- Knowledge of information security, cyber security, and privacy issues and awareness of regulated data environments.
- Knowledge of the limitations and capabilities of computer systems; technology across all mainstream network, operating system, and application platforms; operational support of networks, operating systems, Internet technologies, databases, and security applications; and information security practices, procedures, and regulations.
- Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management, and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)
- Knowledge of fundamental information security concepts and technology
- Knowledge of agile project management, waterfall project management, security program management, and all related software to navigate projects
- Skill in the use of applicable software; and in configuring, deploying, monitoring, and automating security applications and infrastructure
- Skill overseeing the ongoing development and implementation of statewide information and cybersecurity policies, standards, guidelines, and procedures to ensure information security capabilities cover current threat capabilities.
- Skill in auditing, conducting risk management, advising management regarding security configuration, and performing routine assessments of security compliance and risk mitigation
- Skill in handling multiple tasks, prioritizing, and meeting deadlines
- Skill in effective oral and written communication
- Skill in exercising sound judgment and effective decision making
- Ability to obtain and maintain approved baseline certification for the position (i.e., Security+)
- Ability to gather, assemble, correlate, and analyze facts; to devise solutions to problems; to market the security program; to prepare reports; to develop, evaluate, and interpret policies and procedures; to communicate effectively; and to provide guidance to others
- Ability to analyze program area functions and operations, identify areas needing change, and develop plans to improve programs or to address areas of concern
- Ability to operate with a high degree of independence regarding project management activities, including development of project plans and budget/resource estimates
- Ability to resolve complex security issues in diverse and decentralized environments; to learn, communicate, and teach new information and security technologies; to communicate effectively; and to supervise the work of others.
- Ability to work with matrixed or multi-discipline teams across the agency in security-related decision-making; consults and negotiates with stakeholders to provide information security services to meet customer needs with automated or business improvement solutions consistent with OAG plans, standards, and guidelines; defines and implements new or revised methods that effectively meet agency needs.
- Ability to lead the development and implementation of the risk management function of the information security program to ensure information security risks are identified and monitored.
- Ability to receive and respond positively to constructive feedback
- Ability to work cooperatively with others in a professional office environment
- Ability to provide excellent customer service
- Ability to arrange for personal transportation for business-related travel
- Ability to work more than 40 hours as needed and in compliance with the FLSA
- Ability to lift and relocate 30 lbs.
- Ability to travel (including overnight travel) up to 5%
Preferred Qualifications
- Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies, and intrusion prevention, etc.)
- Experience reviewing third-party contracts for cyber and information security compliance
- Experience with IT GRC/IRM platforms (ServiceNow, OneTrust, MetricStream, Galvanize, RSA Archer, etc.).
- Experience conducting and managing audits and assessments
- Skill or experience in creating security documentation, system security plans, risk assessments, and conducting security awareness training and providing guidance to staff in the development and integration of new or revised methods and procedures
- Skill in identifying measures or indicators of program performance and in the use of a computer and applicable software
- Significant knowledge and experience with legal, privacy, and regulatory compliance standards such as HITRUST, HIPAA, ISO27001, SOC2, FedRAMP, PCI-DSS, GDPR, CCPA, IRS Safeguards Program, CJIS, TAC202, etc.
- Skills: Project/Program Management, Auditor/Assessor
- Preferred Certifications: CISSP, CISM, CRISC, PMP, CAPM, CISA, Security+
TO APPLY
To apply for a job with the OAG, electronic applications can be submitted through CAPPS Recruit. A State of Texas application must be completed to be considered, and paper applications are not accepted. Your application for this position may subject you to a criminal background check pursuant to the Texas Government Code. Military Crosswalk information can be accessed at
https://hr.sao.texas.gov/Compensation/MilitaryCrosswalk/MOSC_InformationTechnology.pdf
THE OAG IS AN EQUAL OPPORTUNITY EMPLOYER