GRC Security Analyst | Austin TX – Hybrid

[Sulthan recruiter]

Please share your Profiles to Sult...@nextgen-is.com

Please Share TX Locals only

Position: Systems Analyst 3 (GRC Security Analyst)

Location: Austin TX – Hybrid

Duration: 4 Months

Client: Texas Health and Human Services Commission - 529601637

 

The Security Engineer will project work by leading security governance, compliance, and risk management activities, with a strong focus on System Security & Privacy Plans (SSP/SSPP). This role bridges technical security operations and regulatory compliance, ensuring audit readiness, effective vulnerability remediation, and secure delivery of public-facing services across complex, multi-platform environments.

 

• Lead end to end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems

• Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps

• Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories)

• Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence

• Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation

• Provide governance oversight for endpoint protection, web application security, and cloud security controls

• Produce assessor ready documentation, including configurations, monitoring evidence, approvals, and incident traceability

• Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices

 

II.  CANDIDATE SKILLS AND QUALIFICATIONS

 

Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.
Years	Required/Preferred	Experience
12	Required	deep focus on: Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing , Cloud Security and hybrid environments
10	Required	Proven experience owning SSP development end to end
10	Required	Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks
10	Required	Strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management
8	Required	Ability to translate technical security issues into compliance aligned remediation actions
8	Required	Strong stakeholder management skills across security, infrastructure, and application teams
8	Required	Excellent written and verbal communication skills, particularly for executive stakeholders
8	Required	Knowledge of NIST 800 53, NIST RMF, and privacy controls
8	Required	Knowledge of Secure SDLC and DevSecOps practices
5	Preferred	Experience operating in multi-vendor, multi-platform environments
5	Preferred	Demonstrated ability to reduce repeat audit findings and improve compliance maturity
5	Preferred	Experience mentoring or guiding teams on security governance best practices
1	Preferred	Experience supporting HHSC systems, including SSP development and compliance