Engineer

Description:

This role plans, develops, and executes the HHSC Information Security Assurance roadmap. It is a senior-level cybersecurity position responsible for regulatory compliance, information security governance, risk assessment, policy development, security assurance, and managing IT security control implementation across the agency. The role serves as a subject matter expert (SME) for the Information Security Assurance Program and provides strategic guidance, oversight, and support to ensure compliance with state and federal security requirements.

Key Responsibilities:

• Lead design, deployment, and maturity of Information Security Assurance Program

• Act as SME on all assurance program activities

• Manage and develop security policies, procedures, and documentation

• Identify gaps in security controls and propose solutions

• Lead internal security and compliance assessments

• Conduct security risk assessments and ensure control implementation

• Perform analysis of security requirements, threats, and vulnerabilities

• Drive audit and compliance activities and remediation efforts

• Oversee use and alignment of the Governance, Risk & Compliance (GRC) tool

• Manage implementation of IT Security Risk Management platform

• Support compliance automation and enterprise GRC strategy

• Lead initiatives supporting GRC upgrades, integrations, and design

• Champion the Security Awareness Program

• Provide orientation, training, and communication for security awareness

• Present at cybersecurity events and maintain industry knowledge

• Perform other duties including disaster response support if required

Qualifications:

• 5+ years of IT security experience

• Hands-on experience with cloud platforms (AWS, Azure, Google Cloud)

• Strong knowledge of cloud security best practices and compliance frameworks

• Extensive knowledge of NIST SP 800-53 controls

• Experience with enterprise risk management frameworks

• Ability to evaluate security controls, threats, vulnerabilities

• Strong communication and stakeholder management skills

• Analytical, adaptable, and able to handle ambiguity

Required Certifications (must hold at least one):

• CISSP

• Microsoft Cybersecurity Architect (SC-100)

• AWS Certified Solutions Architect

• Prisma Certified Cloud Security Professional

Desired Characteristics:

• Strong analytical and problem-solving skills

• Ability to translate technical concepts for non-technical stakeholders

• Skilled in automation and scripting for security operations

• Strong collaboration and interpersonal communication abilities

• Ability to develop security strategies and lead teams

• Flexible, adaptable, and able to manage evolving priorities

• Ability to develop strong cross-functional relationships

Additional Requirements:

• Must be U.S. citizen or permanent resident

• Subject to pre-employment security review and background checks

• Hybrid role — requires at least 3 days in the Austin office

• Must bring I-9 documentation on first day

• Position is FLSA Exempt

• Travel up to 60% may be required

• Compliance with state and agency telework policies

• Participation in disaster response/COOP may be required for DSHS-related duties

• Reasonable ADA accommodations available

• Employment depends on available budgeted funds