Please paste the following URL into a browser to view the entire job posting in the CAPPS Career Section: https://capps.taleo.net/careersection/ex/jobdetail.ftl?job=00042131 You may apply to the job directly through the CAPPS Career Section. It is not necessary to apply both through Work In Texas and CAPPS Career Section

IDEAL CANDIDATE: DPS is currently seeking a Cybersecurity Risk and Governance Analyst who is familiar with cybersecurity governance, risk management, and compliance. The successful candidate will play a pivotal role in safeguarding our organization's data. Responsibilities include conducting cyber security controls assessments, system and network assessments, and other cyber security risk management and governance duties. PLEASE NOTE: All applications must contain complete job histories, which includes job title, dates of employment, name of employer, supervisor's name and phone number and a description of duties performed. If this information is not submitted, your application may be rejected because it is incomplete. Resumes do not take the place of this required information. SUBMITTED THROUGH WORK IN TEXAS: Work In Texas (WIT) applicants must complete the supplemental questions to be considered for the posting. In order to complete the supplemental questions please go to CAPPS Recruit to register or login and access your profile. Go to CAPPS Recruit to Sign In https://capps.taleo.net/careersection/ex/jobsearch.ftl?lang=en GENERAL DESCRIPTION: Perform moderately complex (journey-level) information security and cybersecurity analysis work. Work involves planning, implementing, and monitoring security measures for information systems and infrastructure to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information. Conduct security risk management activities including security control assessments, system and network risk assessments, and communication of risk levels to technical and non-technical audiences. May train others. Work under general supervision, with moderate latitude for the use of initiative and independent judgment. The following Military Occupational Specialty codes are generally applicable to this position. https://hr.sao.texas.gov/Compensation/MilitaryCrosswalk/MOSC_InformationTechnology.pdf Applicants must fully complete the summary of experience to determine if minimum qualifications are met. ESSENTIAL DUTIES / RESPONSIBILITIES: 1. Perform complex technical risk assessments and security plan reviews for new and established applications or systems. 2. Advise management and users regarding security procedures. 3. Coordinate with agency personnel and outside vendors to discuss issues such as system security plans and risk assessments. 4. Coordinate with users to discuss issues such as information system security plans with agency personnel and outside vendors. 5. Coordinate the implementation of information system security plans with agency personnel and vendors. 6. Develop plans to safeguard computer files, correct errors, or change individual access status. 7. Review agency contracts to ensure appropriate security requirements are included and adhered to. 8. Perform technical risk assessments and reviews of new and existing applications and systems, including data center physical security and environment. 9. Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed and elevate them for review. 10. Ensure residual risk is elevated and formally documented on a corrective action plan, if the CISO approves a system that does not meet all the security requirements for operation. 11. Ensure that all risks not mitigated are documented for CISO acceptance and that Plans of Action and Milestones (POAM) are created. 12. Ensure each system is evaluated based on its environment and sensitivity levels. 13. Evaluate complex business and technical requirements and communicate inherent securi y risks to technical and non-technical owners. 14. Collaborate with IT to manage security vulnerabilities. 15. Ensure the NIST based risk management process is followed and evangelize adoption of best practices. 16. Research systems and procedures for the prevention, detection, containment, and correction of data security breaches. 17. Perform other duties as assigned. Qualifications: GENERAL QUALIFICATIONS and REQUIREMENTS: Education Graduation from a standard high school or GED equivalent is required. Graduation from an accredited two-year college with major course work in computer science, information technology, or a related discipline is preferred. Experience Minimum of two (2) years experience performing cybersecurity analysis, information security analysis, or information technology is required. Substitution Note: Education may be substituted for the experience requirement on a year-for-year basis. Licensure and/or Certification If driving is required, must possess a valid driver license from state of residence. Regulatory Knowledge Working knowledge of, or the ability to rapidly assimilate information related to TXDPS, State and Federal regulations, legislation, guidelines, policies and procedures. Security/Risk Knowledge Extensive in-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls. Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans. In-depth knowledge of risk assessment methods and technologies. Proficiency in performing risk, business impact, control and vulnerability assessments. Ability to provide guidance for security activities in the project management life cycle, system development life cycle and application development efforts. Technology (computers/hardware/software/operating systems) Must possess appropriate levels of proficiency with utilized software and systems and be able to learn new software/systems. Considerable knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Strong working knowledge of information technology and security, including vulnerability scanning/penetration tools, network firewall technologies, Internet applications, E-Business, telecommunications and/or computer systems analysis. Demonstrated proficiency with Microsoft Office Suite (Word, Excel, PowerPoint, Outlook). Interpersonal Skills Must demonstrate an ability to exercise poise, tact, diplomacy and an ability to establish and maintain positive, working/professional relationships with internal/external customers. Organizational and Prioritization Skills Must be organized, flexible, and able to effectively prioritize in a multi-demand and constantly changing environment; able to meet multiple and sometimes conflicting deadlines without sacrificing accuracy, timeliness or professionalism. Presentation/Communication Skills Must be able to construct and deliver clear, concise, and professional presentations to a variety of audiences and/or individuals. Research and Comprehension Must demonstrate ability to quickly and efficiently access relevant information, and be able to utilize and/or present research and conclusions in a clear and concise manner. Analytical Reasoning/Attention to Detail Must demonstrate an ability to examine data/information, discern variations/similarities, and be able identify trends, relationships and causal factors, as well as grasp issues, draw accurate conclusions, and solve problems. Confidentiality and Protected Information