Cybersecurity Analyst II (GRC Analyst)

WHY WORK FOR DFPS?

The Texas Department of Family and Protective Services (DFPS) is responsible for protecting the unprotected — children, elderly, and people with disabilities — from abuse, neglect, and exploitation. DFPS accomplishes this responsibility by employing over 12,000 workers who live up to the agency's Mission, Vision, & Values in service to the citizens of Texas. DFPS is not only a qualifying organization for the Public Service Loan Forgiveness Program but also offers excellent health benefits, special discounts on many products and services through the Discount Purchase Program, longevity pay, generous paid leave, access to the Wellness program, lifetime retirement annuity, Texa$aver 401(k) and 457 Programs under the Employees Retirement System of Texas.

Functional Title: Cybersecurity Analyst II (GRC Analyst) 
Job Title: Cybersecurity Analyst II 
Agency: Dept of Family & Protectve Svc 
Department: Chief Inf Security Office-Op 
Posting Number: 10462 
Closing Date: 11/11/2025 
Posting Audience: Internal and External 
Occupational Category: Computer and Mathematical 
Salary Group: TEXAS-B-25 
Salary Range: $5,797.66 - $9,508.25 
Pay Frequency: Monthly
Shift: Day 
Additional Shift:  
Telework: Eligible for Telework 
Travel: Up to 5% 
Regular/Temporary: Regular 
Full Time/Part Time: Full time 
FLSA Exempt/Non-Exempt: Exempt 
Facility Location:  
Job Location City: AUSTIN 
Job Location Address: 4900 N LAMAR BLVD 
Other Locations:  
MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A 
170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D 
26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT 
CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS 

Job Description

As a Cybersecurity Analyst II at the Texas Department of Family and Protective Services (DFPS) you will have at least one to two (1-2) years of related experience and be responsible for supporting the agency’s Governance, Risk, and Compliance (GRC) program by monitoring and assessing applicable cybersecurity, privacy, and regulatory requirements to mitigate potential risks and ensure adherence to industry standards.

The Cybersecurity Analyst II will help perform risk assessments, support audits, and develop and maintain security policies and procedures. The Cybersecurity Analyst II will collaborate with departments, stakeholders, and external partners to maintain a comprehensive GRC program that supports the agency’s strategic objectives. This role applies professional knowledge of cybersecurity frameworks and compliance requirements to perform moderately complex assignments with increasing independence.

How you will make an impact:

• Assist the Director of Security GRC and GRC Lead in developing, reviewing, and maintaining an enterprise-wide governance, risk management, and compliance program, aligning it with the agency’s goals and objectives.
• Ensure policies, procedures, and controls comply with legal and regulatory requirements, industry standards, and best practices.
• Conduct and document risk assessments of information systems, vendors, and business processes to identify vulnerabilities, assess the impact of risks, and recommend mitigation strategies.
• Track and report on identified risks and mitigation strategies.
• Support the organization’s risk register and help business units develop remediation plans.
• Monitor compliance with internal policies and state regulatory requirements.
• Support internal and external audit activities, including evidence collection and gap remediation.
• Assist with regulatory reporting and compliance attestations.
• Contribute to the development and delivery of role-based security awareness and compliance training.
• Review security questionnaires, contracts, and vendor engagements to ensure third-party compliance with cybersecurity requirements.
• Provide compliance support to SSCC/CBC partners.
• Collaborate with key stakeholders, such as legal, finance, IT, and operations teams, to provide guidance on compliance-related matters and promote a culture of risk awareness and ethical behavior.
• Stay informed on relevant laws, regulations, industry standards, and emerging governance, risk, and compliance trends, and communicate any changes or updates to the GRC Lead, Director and/or CISO.
• Assist in conducting periodic audits and internal reviews to identify control weaknesses and recommend corrective actions.
• Foster a culture of ethics, integrity, and accountability within the agency.

The mission of DFPS is to build on strengths of families and communities to keep children and vulnerable adults safe, so they thrive.

The Cybersecurity Analyst II is expected to work collaboratively with other team members from a positive, proactive, and mission-first perspective. They will assist in planning, monitoring, and maintaining cybersecurity and information technology security processes and controls. The DFPS cybersecurity environment is extensive and complex, allowing you to combine your previous experience in similar environments with your analytical skills. 

This position is classified as full-time (40 hours a week). This position is 100% telework within Texas and requires the candidate to maintain personal Wi-Fi and webcam capabilities during work hours to perform their duties. Work outside of regular hours may be required. Travel to other Austin offices(s) may be required. Works under limited supervision, with considerable latitude for initiative and independent judgment.      

Essential Job Tasks:

• Supports the Cybersecurity Awareness Training Program by updating content, tracking completion metrics, and coordinating campaigns.
• Maintains the accuracy and relevance of internal and external cybersecurity communications, including website content and shared dashboards.
• Ensures the team's shared inbox and communication channels are monitored and responsive, enhancing stakeholder engagement and service delivery.
• Provides day-to-day operational support of the GRC platform, including access control, user account management, and issue resolution.
• Troubleshoots platform issues and works with internal IT or vendor support teams to ensure consistent system performance.
• Assists in the configuration and enhancement of GRC workflows to streamline assessments, reporting, and risk tracking.
• Organizes compliance evidence artifacts to satisfy internal, state, and federal reporting requirements.
• Coordinates the upkeep of a centralized evidence repository to support recurring assessments and audit preparedness.
• Collaborates with audit teams to ensure timely responses to findings, recommendations, and control testing activities.
• Assists in assessing existing IT architecture and solutions for alignment with standards such as NIST 800-53, NIST CSF, and CJIS.
• Contributes to the ongoing development and testing of Disaster Recovery (DR) and Business Continuity (BC) plans.
• Participates in cross-functional architecture reviews to ensure security considerations are embedded in system design and implementation.
• Assists in conducting risk assessments of third-party vendors and reviewing technology contracts for security and compliance considerations.
• Collaborates with senior team members to ensure contractual terms align with cybersecurity policies and regulatory requirements.
• Supports engagement efforts with business and IT stakeholders by gathering requirements and assisting with the coordination of risk management activities.
• Conducts basic research on emerging cybersecurity risks to support team planning and help identify potential impacts to the Department of Family & Protective Services agency's third-party ecosystem.
• Ensures division website content is accurate, up-to-date, and effectively communicated. Supports division email box is monitored and maintained.
• Functions as a cybersecurity generalist to support and backfill work across the team.
• Provides GRC system operational support, including troubleshooting issues, access control management, account management, and general technical support.
• Advises customers and internal stakeholders on security configuration and best practice issues.

Registrations, Licensure Requirements, or Certifications:

• If not already certified, must obtain within one year of employment a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), GIAC Critical Controls Certification (GCCC), (ISC)² Certified in Governance, Risk and Compliance (CGRC) or similar certification.

Knowledge, Skills, and Abilities

• Experience with State of Texas information security requirements, including Texas Administrative Code §202 and Texas Government Code 2054, is strongly preferred.

• Knowledge of security controls in industry-standard frameworks including, but not limited to the Federal Information Security Management Act (FISMA), the Federal Risk and Authorization Management Program (FedRAMP), the National Institute of Standards (NIST) 800 Series Special Publications, the NIST Cybersecurity Framework, FBI Criminal Justice Information Services (CJIS) Security Policy or other security standards and regulations.

• Proficiency in using GRC software and other relevant tools.

• Ability to prepare technical issue papers and research reports and effectively deliver oral presentations and written reports to IT and non-IT management
• Excellent analytical and problem-solving skills, with the ability to identify and evaluate potential risks and develop effective mitigation strategies.

• Exceptional attention to detail and a thorough understanding of internal control systems.

• Experience in developing and delivering compliance training programs.

• Experience creating and managing policy, processes, and procedure documents.

• Enjoys looking for and building efficiencies in the team, strong consensus building, multi-tasking, interpersonal, and analytical skills.

• Experience auditing various Cloud architectures and deployment strategies such as Software-as-a-service, Infrastructure-as-a-service, Platform as a service, etc.

• Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.

Initial Screening Criteria:

• Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology, computer science, management information systems, or a closely related field is preferred. Experience may be substituted for education on a year-for-year basis.
• 1–2 years of professional experience in governance, risk management, and compliance (GRC), preferably in a regulated industry or highly complex environment.

Note: You must meet the minimum initial screening criteria to be considered. You should only apply if your submittal documents clearly reflect experience meeting the initial screening criteria.

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions. You may also contact the DFPS Military Liaison at dfpsmilvets@dfps.texas.gov with additional questions.

Applicants selected for hire must pass a background check and if applicable a driver’s record check.

State of Texas employees are required to maintain the security and integrity of critical infrastructure as defined in Section 117.001(2), State of Texas Business and Commerce Code. Applicants selected for hire comply with this code by completing related training and abiding by agency cybersecurity and communications system usage policies.

As a state agency, DFPS is required by Texas Administrative Code (TAC 206 and 213) to ensure all Electronic Information Resources (EIR) follow accessibility standards. The staff must be familiar with the WCAG 2.1 AA and Section 508 to create accessible content including but not limited to; Microsoft Office documents, Adobe PDFs, webpages, software, training guides, video, and audio files. 

DFPS uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Employees must provide documentation to DFPS to show their identity and authorization to work in the US. Please review the following link for authorized documents: https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents .

In compliance with the Americans with Disabilities Act (ADA), HHS/DFPS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS/DFPS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.