Cybersecurity Analyst III (GRC Analyst)

WHY WORK FOR DFPS?

The Texas Department of Family and Protective Services (DFPS) is responsible for protecting the unprotected — children, elderly, and people with disabilities — from abuse, neglect, and exploitation. DFPS accomplishes this responsibility by employing over 12,000 workers who live up to the agency's Mission, Vision, & Values in service to the citizens of Texas. DFPS is not only a qualifying organization for the Public Service Loan Forgiveness Program but also offers excellent health benefits, special discounts on many products and services through the Discount Purchase Program, longevity pay, generous paid leave, access to the Wellness program, lifetime retirement annuity, Texa$aver 401(k) and 457 Programs under the Employees Retirement System of Texas.

Functional Title: Cybersecurity Analyst III (GRC Analyst) 
Job Title: Cybersecurity Analyst III 
Agency: Dept of Family & Protectve Svc 
Department: Chief Inf Security Office-Op 
Posting Number: 8851 
Closing Date: 09/18/2025 
Posting Audience: Internal and External 
Occupational Category: Computer and Mathematical 
Salary Group: TEXAS-B-27 
Salary Range: $7,015.16 - $11,864.50 
Pay Frequency: Monthly
Shift: Day 
Additional Shift:  
Telework: Eligible for Telework 
Travel: Up to 5% 
Regular/Temporary: Regular 
Full Time/Part Time: Full time 
FLSA Exempt/Non-Exempt: Nonexempt 
Facility Location:  
Job Location City: AUSTIN 
Job Location Address: 4900 N LAMAR BLVD 
Other Locations:  
MOS Codes: 17C 
25B 
26B 
CYB12 

Brief Job Description:
As a Cybersecurity Analyst III at the Texas Department of Family and Protective Services (DFPS), you will bring at least three (3) years of relevant IT and cybersecurity experience. In this role, you’ll be responsible for leveraging your technical and security expertise to design and implement governance frameworks, develop and maintain risk management strategies, and oversee compliance programs that safeguard the agency’s systems and ensure alignment with industry standards.

By evaluating and monitoring the agency’s practices, policies, and procedures, the Cybersecurity Analyst III will help maintain a culture of compliance and identify opportunities for improvement. The Cybersecurity Analyst III will collaborate with various departments, stakeholders, and external partners to maintain a comprehensive GRC program that supports the agency’s strategic objectives.

How you will make an impact:

• Assist the Chief Information Security Officer (CISO) and Director of Security GRC in developing and implementing an enterprise-wide governance, risk management, and compliance program, aligning it with the agency’s goals and objectives.
• Establish policies, procedures, and controls to ensure compliance with legal and regulatory requirements, industry standards, and best practices
• Conduct regular risk assessments to identify potential vulnerabilities, assess the impact of risks, and develop mitigation strategies.
• Design and implement effective internal controls, monitoring mechanisms, and reporting systems to ensure compliance and identify gaps or areas for improvement
• Collaborate with key stakeholders, such as legal, finance, IT, and operations teams, to provide guidance on compliance-related matters and promote a culture of risk awareness and ethical behavior.
• Stay updated on relevant laws, regulations, industry standards, and emerging governance, risk, and compliance trends, and communicate any changes or updates to the GRC Director and/or CISO.
• Conduct periodic audits and reviews of internal processes to identify control weaknesses and recommend corrective actions.
• Coordinate external audits and examinations, ensuring all required documentation and information are readily available.
• Provide training and education to employees on compliance-related topics, policies, and procedures.
• Serve as the primary point of contact for external regulatory agencies and auditors, ensuring timely and accurate responses to inquiries and requests for information.
• Track and report on compliance metrics, issues, and trends to senior management and relevant stakeholders.
• Foster a culture of ethics, integrity, and accountability within the agency.

The mission of DFPS is to build on strengths of families and communities to keep children and vulnerable adults safe, so they thrive.

The Cybersecurity Analyst III is expected to work collaboratively with other team members from a positive, proactive, and mission-first perspective.  They will assist in planning, developing, monitoring, and maintaining cybersecurity and information technology security processes and controls. The DFPS cybersecurity environment is extensive and complex, allowing you to combine your previous experience in similar environments with your analytical skills. 

This position is classified as full-time (40 hours a week). This position is 100% telework within Texas and requires the candidate to maintain personal Wi-Fi and webcam capabilities during work hours to perform their duties. Work outside of regular hours may be required. Travel to other Austin offices(s) may be required. Works under limited supervision, with considerable latitude for initiative and independent judgment.      

Essential Job Functions (EJFs):

• Conducts quantitative and qualitative risk assessments of technology resources, both internal and third-party.
• Assesses DFPS ITS compliance with security programs, policies, standards, and guidelines.
• Performs reviews of technology contracts for compliance with federal and State of Texas law.
• Develop and maintain a repository for assessment evidence to be utilized by the team and for future assessments.
• Develop evidence packages to satisfy compliance reporting requirements
• Deliver assessment packages in a timely fashion to demonstrate compliance and adherence to internal and external partners
• Assist with conducting assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as NIST CSF, NIST 800-53, FBI CJIS CSP, etc.)
• Assists the IT with Disaster Recovery/Business Continuity programs.
• Develop and maintain system security plans (SSP) for DFPS applications and technologies.
• Assists with successfully completing the quarterly UAR (User Access Review) audit process.
• Collaborates with Internal Audit in developing, testing, and devising solutions to effectively meet applicable IT control objectives.
• Responsible for continued personal growth in technology, business knowledge, and DFPS policies and platforms.
• Assists with the Cybersecurity Awareness Training Program.
• Develop, maintain, and ensure the accuracy of metrics, dashboards, reports, visualizations, and contacts across systems.
• Guides customers on GRC tool portal functionality and assists in developing and improving GRC tool.
• Ensures division website content is accurate, up-to-date, and effectively communicated. Supports division email box is monitored and maintained.
• Functions as a cybersecurity generalist to support and backfill work across the team.
• Provides GRC system operational support, including troubleshooting issues, access control management, account management, and general technical support.
• Advises customers and internal stakeholders on security configuration and best practice issues.

Knowledge, Skills, and Abilities (KSAs):

• Experience with State of Texas information security requirements, including Texas Administrative Code §202 and Texas Government Code 2054, is strongly preferred.
• Knowledge of security controls in industry-standard frameworks including, but not limited to the Federal Information Security Management Act (FISMA), the Federal Risk and Authorization Management Program (FedRAMP), the National Institute of Standards (NIST) 800 Series Special Publications, the NIST Cybersecurity Framework, FBI Criminal Justice Information Services (CJIS) Security Policy or other security standards and regulations.
• Proficiency in using GRC software and other relevant tools.
• Ability to prepare technical issue papers and research reports and effectively deliver oral presentations and written reports to IT and non-IT management
• Excellent analytical and problem-solving skills, with the ability to identify and evaluate potential risks and develop effective mitigation strategies.
• Exceptional attention to detail and a thorough understanding of internal control systems.
• Experience in developing and delivering compliance training programs.
• Experience creating and managing policy, processes, and procedure documents.
• Enjoys looking for and building efficiencies in the team, strong consensus building, multi-tasking, interpersonal, and analytical skills.
• Experience auditing various Cloud architectures and deployment strategies such as Software-as-a-service, Infrastructure-as-a-service, Platform as a service, etc.
• Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.

Registrations, Licensure Requirements, or Certifications:

If not already certified, must obtain within one year of employment a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), GIAC Critical Controls Certification (GCCC), (ISC)² Certified in Governance, Risk and Compliance (CGRC) or similar certification.

Initial Screening Criteria:

• Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology, computer engineering, computer information systems, computer science, management information systems, or a related field is generally preferred. Equivalent work experience in one of these domains may be substituted for each year of required education on a year-for-year basis.
• Professional experience in governance, risk management, and compliance roles, preferably in a regulated industry or highly complex environment.

Note: You must meet the minimum initial screening criteria to be considered. You should only apply if your submittal documents clearly reflect experience meeting the initial screening criteria.

Additional Information:

N/A

Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC.

Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions. You may also contact the DFPS Military Liaison at dfpsmilvets@dfps.texas.gov with additional questions.

Applicants selected for hire must pass a background check and if applicable a driver’s record check.

State of Texas employees are required to maintain the security and integrity of critical infrastructure as defined in Section 117.001(2), State of Texas Business and Commerce Code. Applicants selected for hire comply with this code by completing related training and abiding by agency cybersecurity and communications system usage policies.

As a state agency, DFPS is required by Texas Administrative Code (TAC 206 and 213) to ensure all Electronic Information Resources (EIR) follow accessibility standards. The staff must be familiar with the WCAG 2.1 AA and Section 508 to create accessible content including but not limited to; Microsoft Office documents, Adobe PDFs, webpages, software, training guides, video, and audio files. 

DFPS uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Employees must provide documentation to DFPS to show their identity and authorization to work in the US. Please review the following link for authorized documents: https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents .

In compliance with the Americans with Disabilities Act (ADA), HHS/DFPS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS/DFPS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.