Cybersecurity Analyst III (STS GRC Analyst)
Texas, Austin, TX, United States
Job Posting
Job Posting: 00056958
Opened: 3/16/2026
Closes: 3/31/2026
Position Title Cybersecurity Analyst III (Shared Technology Services Governance, Risk, and Compliance Analyst)
Class/Group 0321/B27
Military Occupation Specialty Code Army: 17C, 25D; Navy: IT; Coast Guard: CYB10, CYB11, CYB12; Marine Corps: 0681, 0605; Air Force: 1D7X1, 1N4X1, Space Force: 5C0X1D, 5C0X1N, 5C0X1S
Fair Labor Standards Act Status Exempt
Number of Vacancies 1
Division/Section COO/Shared Technology Services Security
Salary Range $8,333.34 - $10,000.00 /month
Duration Regular
Hours Worked Weekly 40
Travel Occasional
Work Location North / Austin, Texas 78758
Web site https://dir.texas.gov/
Refer Inquiries to People and Culture Office
Telephone (512) 475-4957
How To Apply
Select the link below to search for this position: https://capps.taleo.net/careersection/313/jobsearch.ftl?lang=en
Enter the job posting number "00056958" in the keyword search.
You must create a CAPPS Career Section candidate profile or be logged in to apply.
Update your profile and apply for the job by navigating through the pages and steps.
Once ready, select "Submit" on the "Review and Submit" page.
If you have problems accessing the CAPPS Career Section, please follow the instructions in Resetting CAPPS Password for Job Candidate desk aid.
Special Instructions
Applicants must provide in-depth information in the
EXPERIENCE & CREDENTIALS
section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.
Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the
EXPERIENCE & CREDENTIALS
section of the application.
Interview Place/Time Candidates will be notified for appointments as determined by the selection committee.
Selective Service Registration Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.
H-1B Visa Sponsorship We are unable to sponsor or take over sponsorship of an employment Visa at this time.
Equal Opportunity Employer The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability. Please call 512-475-4922 to request reasonable accommodation.
Position Description What We Do We are a technology agency powered by people.
DIR offers secure, modern, and cost-effective technology to help government entities in Texas serve their constituents.
DIR is a fast-paced and collaborative environment with highly motivated, innovative, and engaged employees dedicated to achieving the best value for the state. We have over 325 professionals working at DIR who are honored to serve as the cornerstone of public sector technology in Texas. By joining DIR, you will be an integral part of transforming how Texas government serves Texans.
Position Summary This Cybersecurity Analyst III (STS GRC Analyst) role within the Chief Operations Office (COO) supports DIR’s Shared Technology Services (STS) security program through governance, risk, and compliance (GRC) oversight and vendor security assurance. The position works with state agencies, DIR teams, and vendor partners to strengthen security governance, validate security documentation and control implementation, and support risk-based decision-making for services delivered through STS. The role also supports situational awareness of threats and vulnerabilities and communicates actionable security information to a wide range of stakeholders.
This role performs highly complex (senior-level) cybersecurity analysis work. Interacts frequently with state agencies, state agency government staff and leadership, STS vendor personnel and leadership, and other interagency personnel using a variety of communication mechanisms to engage and deliver incident response services. May provide guidance to others. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment.
Provides GRC oversight for STS services by reviewing System Security Plans (SSPs), Service Management Manuals (SMMs), and supporting security artifacts to ensure documentation is accurate, complete, testable, and aligned with DIR requirements and applicable frameworks.
Serves as a primary interface between DIR, agencies, and vendors to translate security and compliance requirements into clear, auditable expectations and measurable deliverables.
Reviews vendor operational process documentation (for example incident/change/access/vulnerability management, logging/monitoring, backup/DR, configuration management) and validate alignment between documented controls and operational execution; identify gaps and drive corrective actions to closure.
Supports periodic risk assessments, compliance reviews, and security exception evaluations, ensuring risk decisions include impact, compensating controls, accountable owners, and timelines.
Reviews vendor assurance artifacts, including SOC 2 Type II reports and bridge letters, to assess scope alignment, control coverage, test period relevance, exceptions, subservice organization considerations, and residual risk to STS services.
Analyzes SOC 2 exceptions and auditor observations, validate complementary user entity controls (CUECs), review vendor security policies and standards, and translate findings into actionable requirements, remediation expectations, and risk statements.
Maintains situational awareness of emerging risks and threats impacting STS services, produce clear written outputs for leadership and stakeholders (findings summaries, remediation tracking, and program metrics), contribute to continuous improvement of STS security governance (workflows, checklists/templates, reporting cadence), and participate in an on-call rotation for incident escalation support and oversight.
Performs other work-related duties as assigned.
Education
Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, cybersecurity, management information systems, or a related field.
Additional work‑related experience may be substituted for education on a year‑for‑year basis (High‑school diploma required).
Experience and Training Required
Five (5) years of experience in information security, IT risk management, compliance, or related IT security functions.
Experience in one or more of the following areas: vulnerability management/scanning, formal risk assessments, security documentation/technical writing, regulatory compliance (TX‑RAMP, FedRAMP, CJIS, IRS Pub. 1075, etc.), third‑party/vendor assurance, or enterprise/data center security.
Experience reviewing and interpreting security documentation and evidence, and producing clear written outputs such as findings, risk statements, and remediation tracking.
Working knowledge of control frameworks and requirements mapping (for example NIST SP 800‑53 or comparable control frameworks), including control narratives and evidence expectations.
Experience and Training Preferred
Experience and training in analyzing, recommending, developing, and implementing cogent enterprise‑wide policies, standards, and guidelines.
Experience reviewing or producing SSPs, security control narratives, or comparable security documentation (for example, system security plans, control implementation summaries, audit packages).
Experience evaluating operational process documentation and translating requirements into testable controls.
Experience with third‑party/vendor risk or service assurance reviews, including SOC 2 Type II interpretation and CUEC validation.
Experience in researching and documenting findings on information technology issues, processes, or programs.
Experience researching and documenting findings on information technology issues, processes, or programs.
Experience creating and editing documentation, related processes, public presentations, and other written communications.
Possession of, or progress toward, certifications such as CEH, CISA, CISM, CRISC, CISSP, GSEC, or similar.
Knowledge, Skills, and Abilities
Knowledge of applied security concepts, such as the principle of least privilege, multi‑factor authentication, and identity and access management.
Broad understanding of identity management, access management, access governance, and privileged access management capabilities and methodologies.
Knowledge of generally accepted information technology standards and practices and IT management practices.
Knowledge of the security limitations and capabilities of computer systems and of information security practices, procedures, and regulations.
Knowledge of security architecture and security program requirements.
Knowledge of relevant DIR IT Security Services and regulations including Texas Government Code Chapter 2059, Texas Administrative Code §202, and related security documentation, standards, and best practices.
Knowledge of ITIL processes and standards.
Knowledge of standard concepts, practices, and procedures for computer operations and data center operations.
Demonstrated documentation skills and ability to produce clear, defensible written outputs for technical and non‑technical audiences.
Ability to communicate effectively using interpersonal skills and appropriate supporting technology.
Ability to learn and adapt quickly in a dynamic environment.
Ability to manage work across multiple stakeholders and priorities in diverse and decentralized environments.
Skill in the use of applicable software and in the configuring, deploying, monitoring, and automating of security applications and infrastructure.
Ability to resolve complex security issues in diverse and decentralized environments; to plan, develop, monitor, and maintain cybersecurity and information technology security processes and controls; and to communicate effectively.
Ability to promote and support the mission, goals, and efforts of DIR and the statewide security program.
Ability to understand, follow and convey brief oral and/or written instructions.
Ability to communicate both verbally and in writing, in a clear and concise manner.
Ability to work independently and as part of a team, and to support and contribute to a cohesive team environment.
Ability to work under pressure and exacting schedules to complete assigned tasks.
Ability to work a flexible schedule to meet required deadlines.
Ability to comply with all agency policy and applicable laws.
Ability to comply with all applicable safety rules, regulations, and standards.
Ability to maintain the security and integrity of any critical infrastructure researched, worked on, or accessed for work purposes.
Computer Skills
Proficiency in using approved productivity and collaboration tools (Microsoft Office preferred) and authorized AI/LLM tools in accordance with DIR policies to support research, drafting, summarization, and workflow efficiency while protecting sensitive information.
Other Requirements
Regular and punctual attendance at the workplace.
Criminal background check.
Working Conditions
Frequent use of computers, copiers, printers, and telephones.
Frequent standing, walking, sitting, listening, and talking.
Frequent work under stress, as a team member, and in direct contact with others.
Occasional bending, stooping, lifting, and climbing.
May occasionally work extended hours.
#J-18808-Ljbffr
Opened: 3/16/2026
Closes: 3/31/2026
Position Title Cybersecurity Analyst III (Shared Technology Services Governance, Risk, and Compliance Analyst)
Class/Group 0321/B27
Military Occupation Specialty Code Army: 17C, 25D; Navy: IT; Coast Guard: CYB10, CYB11, CYB12; Marine Corps: 0681, 0605; Air Force: 1D7X1, 1N4X1, Space Force: 5C0X1D, 5C0X1N, 5C0X1S
Fair Labor Standards Act Status Exempt
Number of Vacancies 1
Division/Section COO/Shared Technology Services Security
Salary Range $8,333.34 - $10,000.00 /month
Duration Regular
Hours Worked Weekly 40
Travel Occasional
Work Location North / Austin, Texas 78758
Web site https://dir.texas.gov/
Refer Inquiries to People and Culture Office
Telephone (512) 475-4957
How To Apply
Select the link below to search for this position: https://capps.taleo.net/careersection/313/jobsearch.ftl?lang=en
Enter the job posting number "00056958" in the keyword search.
You must create a CAPPS Career Section candidate profile or be logged in to apply.
Update your profile and apply for the job by navigating through the pages and steps.
Once ready, select "Submit" on the "Review and Submit" page.
If you have problems accessing the CAPPS Career Section, please follow the instructions in Resetting CAPPS Password for Job Candidate desk aid.
Special Instructions
Applicants must provide in-depth information in the
EXPERIENCE & CREDENTIALS
section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.
Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the
EXPERIENCE & CREDENTIALS
section of the application.
Interview Place/Time Candidates will be notified for appointments as determined by the selection committee.
Selective Service Registration Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.
H-1B Visa Sponsorship We are unable to sponsor or take over sponsorship of an employment Visa at this time.
Equal Opportunity Employer The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age, or disability. Please call 512-475-4922 to request reasonable accommodation.
Position Description What We Do We are a technology agency powered by people.
DIR offers secure, modern, and cost-effective technology to help government entities in Texas serve their constituents.
DIR is a fast-paced and collaborative environment with highly motivated, innovative, and engaged employees dedicated to achieving the best value for the state. We have over 325 professionals working at DIR who are honored to serve as the cornerstone of public sector technology in Texas. By joining DIR, you will be an integral part of transforming how Texas government serves Texans.
Position Summary This Cybersecurity Analyst III (STS GRC Analyst) role within the Chief Operations Office (COO) supports DIR’s Shared Technology Services (STS) security program through governance, risk, and compliance (GRC) oversight and vendor security assurance. The position works with state agencies, DIR teams, and vendor partners to strengthen security governance, validate security documentation and control implementation, and support risk-based decision-making for services delivered through STS. The role also supports situational awareness of threats and vulnerabilities and communicates actionable security information to a wide range of stakeholders.
This role performs highly complex (senior-level) cybersecurity analysis work. Interacts frequently with state agencies, state agency government staff and leadership, STS vendor personnel and leadership, and other interagency personnel using a variety of communication mechanisms to engage and deliver incident response services. May provide guidance to others. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment.
Provides GRC oversight for STS services by reviewing System Security Plans (SSPs), Service Management Manuals (SMMs), and supporting security artifacts to ensure documentation is accurate, complete, testable, and aligned with DIR requirements and applicable frameworks.
Serves as a primary interface between DIR, agencies, and vendors to translate security and compliance requirements into clear, auditable expectations and measurable deliverables.
Reviews vendor operational process documentation (for example incident/change/access/vulnerability management, logging/monitoring, backup/DR, configuration management) and validate alignment between documented controls and operational execution; identify gaps and drive corrective actions to closure.
Supports periodic risk assessments, compliance reviews, and security exception evaluations, ensuring risk decisions include impact, compensating controls, accountable owners, and timelines.
Reviews vendor assurance artifacts, including SOC 2 Type II reports and bridge letters, to assess scope alignment, control coverage, test period relevance, exceptions, subservice organization considerations, and residual risk to STS services.
Analyzes SOC 2 exceptions and auditor observations, validate complementary user entity controls (CUECs), review vendor security policies and standards, and translate findings into actionable requirements, remediation expectations, and risk statements.
Maintains situational awareness of emerging risks and threats impacting STS services, produce clear written outputs for leadership and stakeholders (findings summaries, remediation tracking, and program metrics), contribute to continuous improvement of STS security governance (workflows, checklists/templates, reporting cadence), and participate in an on-call rotation for incident escalation support and oversight.
Performs other work-related duties as assigned.
Education
Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, cybersecurity, management information systems, or a related field.
Additional work‑related experience may be substituted for education on a year‑for‑year basis (High‑school diploma required).
Experience and Training Required
Five (5) years of experience in information security, IT risk management, compliance, or related IT security functions.
Experience in one or more of the following areas: vulnerability management/scanning, formal risk assessments, security documentation/technical writing, regulatory compliance (TX‑RAMP, FedRAMP, CJIS, IRS Pub. 1075, etc.), third‑party/vendor assurance, or enterprise/data center security.
Experience reviewing and interpreting security documentation and evidence, and producing clear written outputs such as findings, risk statements, and remediation tracking.
Working knowledge of control frameworks and requirements mapping (for example NIST SP 800‑53 or comparable control frameworks), including control narratives and evidence expectations.
Experience and Training Preferred
Experience and training in analyzing, recommending, developing, and implementing cogent enterprise‑wide policies, standards, and guidelines.
Experience reviewing or producing SSPs, security control narratives, or comparable security documentation (for example, system security plans, control implementation summaries, audit packages).
Experience evaluating operational process documentation and translating requirements into testable controls.
Experience with third‑party/vendor risk or service assurance reviews, including SOC 2 Type II interpretation and CUEC validation.
Experience in researching and documenting findings on information technology issues, processes, or programs.
Experience researching and documenting findings on information technology issues, processes, or programs.
Experience creating and editing documentation, related processes, public presentations, and other written communications.
Possession of, or progress toward, certifications such as CEH, CISA, CISM, CRISC, CISSP, GSEC, or similar.
Knowledge, Skills, and Abilities
Knowledge of applied security concepts, such as the principle of least privilege, multi‑factor authentication, and identity and access management.
Broad understanding of identity management, access management, access governance, and privileged access management capabilities and methodologies.
Knowledge of generally accepted information technology standards and practices and IT management practices.
Knowledge of the security limitations and capabilities of computer systems and of information security practices, procedures, and regulations.
Knowledge of security architecture and security program requirements.
Knowledge of relevant DIR IT Security Services and regulations including Texas Government Code Chapter 2059, Texas Administrative Code §202, and related security documentation, standards, and best practices.
Knowledge of ITIL processes and standards.
Knowledge of standard concepts, practices, and procedures for computer operations and data center operations.
Demonstrated documentation skills and ability to produce clear, defensible written outputs for technical and non‑technical audiences.
Ability to communicate effectively using interpersonal skills and appropriate supporting technology.
Ability to learn and adapt quickly in a dynamic environment.
Ability to manage work across multiple stakeholders and priorities in diverse and decentralized environments.
Skill in the use of applicable software and in the configuring, deploying, monitoring, and automating of security applications and infrastructure.
Ability to resolve complex security issues in diverse and decentralized environments; to plan, develop, monitor, and maintain cybersecurity and information technology security processes and controls; and to communicate effectively.
Ability to promote and support the mission, goals, and efforts of DIR and the statewide security program.
Ability to understand, follow and convey brief oral and/or written instructions.
Ability to communicate both verbally and in writing, in a clear and concise manner.
Ability to work independently and as part of a team, and to support and contribute to a cohesive team environment.
Ability to work under pressure and exacting schedules to complete assigned tasks.
Ability to work a flexible schedule to meet required deadlines.
Ability to comply with all agency policy and applicable laws.
Ability to comply with all applicable safety rules, regulations, and standards.
Ability to maintain the security and integrity of any critical infrastructure researched, worked on, or accessed for work purposes.
Computer Skills
Proficiency in using approved productivity and collaboration tools (Microsoft Office preferred) and authorized AI/LLM tools in accordance with DIR policies to support research, drafting, summarization, and workflow efficiency while protecting sensitive information.
Other Requirements
Regular and punctual attendance at the workplace.
Criminal background check.
Working Conditions
Frequent use of computers, copiers, printers, and telephones.
Frequent standing, walking, sitting, listening, and talking.
Frequent work under stress, as a team member, and in direct contact with others.
Occasional bending, stooping, lifting, and climbing.
May occasionally work extended hours.
#J-18808-Ljbffr