Job Description

GENERAL DESCRIPTION

The Mission of the Office of the Attorney General

• The Office of the Attorney General champions liberty and justice for Texas

The Values of the Office of the Attorney General

• The Office of the Attorney General is committed to performing its duties with excellence, serving Texas with humility and integrity, and exploring innovative solutions in accomplishing the work of the agency.

Are you dedicated to safeguarding your organization's data and privacy? Imagine extending that commitment to protecting the citizens of Texas. The role of Cybersecurity Analyst within the Texas Attorney General's Enterprise Information Security Team presents a thrilling opportunity amidst our ongoing digital evolution. Join us in advancing cutting-edge products and services while ensuring the state receives top-notch security measures.

Our Enterprise Information Security Team is dedicated to delivering premium security services to the agency, leveraging talent and innovative technologies to better serve Texans. We seek a dynamic security professional to serve as a Cybersecurity Analyst within the Governance, Risk, and Compliance (GRC) Team. This pivotal role involves implementing risk management programs, conducting assessments, and ensuring security compliance. You'll craft security standards and business continuity plans, oversee contract reviews, and conduct system audits and risk analyses. Leadership and project management experience are essential, as you'll drive system-wide security strategies, intrusion detection, risk assessment, and policy development.

As a Cybersecurity Analyst, you will perform highly complex (senior-level) cybersecurity analysis work as you spearhead the defense against cyber threats, engaging in advanced analysis to safeguard our assets. Your responsibilities span from incident detection and response to threat assessment, intelligence, and vulnerability assessments. You'll also have the opportunity to lead and supervise others, utilizing your expertise under limited supervision, with ample room for initiative and independent judgment.

Join us in safeguarding Texas and shaping the future of cybersecurity governance.

OAG employees enjoy excellent benefits (https://ers.texas.gov/Benefits-at-a-Glance) along with tremendous opportunities to do important work at a large, dynamic state agency making a positive difference in the lives of Texans.

ESSENTIAL POSITION FUNCTIONS

Safeguard Agency Data: Lead security strategy by designing, automating, and deploying security applications and infrastructure. Lead the development and implementation of the overall information security program, including policies, standards, risk management, and risk reduction strategies. Collaborate on security plans and develop policies for data encryption and firewall configuration. Collaborate to define Information Security requirements, emphasizing involvement in shaping security protocols.

Ensure Business Continuity: Develop and implement data security plans and an IT disaster recovery plan to protect against unauthorized access and disruptions. Advise stakeholders on security best practices. Work with Internal/External Auditors and consultants, showcasing collaboration on security audits. Interact with all levels of staff on security matters, emphasizing strong communication across departments. Work with IT and business teams for security assessments, highlighting collaboration for security integration.

Proactive Risk Management: Conduct and review risk assessments of systems and collaborate with users on access needs and security concerns. Monitor systems with automated tools to identify and mitigate vulnerabilities. Consult with other risk management representatives, highlighting risk management communication skills. Perform cybersecurity incident detection, analysis, and prevention, highlighting core security expertise. Perform business impact analysis and develop the risk register, demonstrating understanding of business needs and risk prioritization.

Maintain Data Security: Manage access controls to prevent unauthorized data modification. Research and recommend programmatic and technical security directions and solutions for data breaches to ensure swift containment. Research systems and procedures for security breaches, showcasing proactive threat mitigation skills. Conduct periodic gap assessments to validate compliance, emphasizing ongoing adherence to regulations. Review files, reports, and programs for legal compliance, showcasing legal and regulatory knowledge.

Drive Security Innovation: Collaborate with internal teams on security decisions and consult with stakeholders to deliver customized information security solutions. Champion continuous improvement by implementing new and efficient security methods. Stay up-to-date on security trends and regulations, highlighting commitment to continuous learning. Lead security awareness training to empower users. Develop and manage security awareness and training programs, emphasizing user education and security culture building.

Performs related work as assigned

Maintains relevant knowledge necessary to perform essential job functions

Attends work regularly in compliance with agreed-upon work schedule. Telework schedules are permitted for employees based on the agency's approved Telework Plan, as long as schedule does not adversely affect operations and service levels, and standard hours of operation are maintained.

Ensures security and confidentiality of sensitive and/or protected information

Complies with all agency policies and procedures, including those pertaining to ethics and integrity



Qualifications:

MINIMUM QUALIFICATIONS

Education: Graduation from high school or equivalent

Experience: Eight years of full-time experience working in the following (or closely related) fields: information technology security, computer information systems, computer science, management information systems; may substitute credit hours from an accredited college or university for the required experience on a year-for-year basis

Experience with information security, cyber security, and privacy issues and awareness of regulated data environments.

Knowledge of the limitations and capabilities of computer systems; technology across all mainstream network, operating system, and application platforms; operational support of networks, operating systems, Internet technologies, databases, and security applications; and information security practices, procedures, and regulations.

Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management, and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)

Knowledge of fundamental information security concepts and technology

Knowledge of agile project management, waterfall project management, security program management, and all related software to navigate projects

Skill in the use of applicable software; and in configuring, deploying, monitoring, and automating security applications and infrastructure

Skill overseeing the ongoing development and implementation of statewide information and cybersecurity policies, standards, guidelines, and procedures to ensure information security capabilities cover current threat capabilities.

Skill in auditing, conducting risk management, advising management regarding security configuration, and performing routine assessments of security compliance and risk mitigation

Skill in handling multiple tasks, prioritizing, and meeting deadlines

Skill in effective oral and written communication

Skill in exercising sound judgment and effective decision making

Ability to obtain and maintain approved baseline certification for the position (i.e., Security+)

Ability to gather, assemble, correlate, and analyze facts; to devise solutions to problems; to market the security program; to prepare reports; to develop, evaluate, and interpret policies and procedures; to communicate effectively; and to provide guidance to others

Ability to analyze program area functions and operations, identify areas needing change, and develop plans to improve programs or to address areas of concern

Ability to operate with a high degree of independence regarding project management activities, including development of project plans and budget/resource estimates

Ability to resolve complex security issues in diverse and decentralized environments; to learn, communicate, and teach new information and security technologies; to communicate effectively; and to supervise the work of others.

Ability to work with matrixed or multi-discipline teams across the agency in security-related decision-making; consult and negotiate with stakeholders to provide information security services to meet customer needs with automated or business improvement solutions consistent with OAG plans, standards, and guidelines; define and implement new or revised methods that effectively meet agency needs.

Ability to lead the development and implementation of the risk management function of the information security program to ensure information security risks are identified and monitored.

Ability to receive and respond positively to constructive feedback

Ability to work cooperatively with others in a professional office environment

Ability to provide excellent customer service

Ability to arrange for personal transportation for business-related travel

Ability to work more than 40 hours as needed and in compliance with the FLSA

Ability to lift and relocate 30 lbs.

Ability to travel (including overnight travel) up to 5%

PREFERRED QUALIFICATIONS

Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies, and intrusion prevention, etc.)

Experience reviewing third-party contracts for cyber and information security compliance

Experience with IT GRC/IRM platforms (ServiceNow, OneTrust, MetricStream, Galvanize, RSA Archer, etc.).

Experience conducting and managing audits and assessments

Skill or experience in creating security documentation, system security plans, risk assessments, and conducting security awareness training and providing guidance to staff in the development and integration of new or revised methods and procedures

Skill in identifying measures or indicators of program performance and in the use of a computer and applicable software

Significant knowledge and experience with legal, privacy, and regulatory compliance standards such as HITRUST, HIPAA, ISO27001, SOC2, FedRAMP, PCI-DSS, GDPR, CCPA, IRS Safeguards Program, CJIS, TAC202, etc.

Skills: Project/Program Management, Auditor/Assessor

Preferred Certifications: CISSP, CISM, CRISC, PMP, CAPM, CISA, Security+

TO APPLY

To apply for a job with the OAG, electronic applications can be submitted through CAPPS Recruit. A State of Texas application must be completed to be considered, and paper applications are not accepted. Your application for this position may subject you to a criminal background check pursuant to the Texas Government Code. Military Crosswalk information can be accessed at http://www.hr.sao.state.tx.us/Compensation/MilitaryCrosswalk/MOSC_InformationTechnology.pdf.

THE OAG IS AN EQUAL OPPORTUNITY EMPLOYER