The Texas Department of Family and Protective Services (DFPS) works to build on strengths of families and communities to keep children and vulnerable adults safe, so they thrive. We do this through investigations, services, and referrals. What You Get Beyond Your Paycheck When you join the State of Texas, your monthly paycheck is just one part of your real income. Our benefits provide extra value that many private employers simply don’t match—often adding hundreds of dollars each month to what you take home or save. Here’s what you get as a full-time employee: - 100% paid health insurance for you, and 50% paid for eligible family members—saving you hundreds every month in out-of-pocket medical costs - Retirement plans with lifetime monthly payments after five years of state service, plus options to save even more with 401(k) and 457 plans - Paid vacation, holidays, and sick leave so you can recharge and take care of life outside work (that’s time off you’re actually paid for) - Optional dental, vision, and life insurance—at rates much lower than most private plans - Flexible spending accounts for added tax savings on health and dependent care - Employee discounts on things like gym memberships, electronics, and entertainment You also might qualify for Public Service Loan Forgiveness, which could help you pay off federal student loans faster. You can see all the details here: ERS recruitment brochure Functional Title: Cybersecurity Analyst II Job Title: Cybersecurity Analyst II Agency: Dept of Family & Protectve Svc Department: Chief Inf Security Office-Op Posting Number: 15583 Closing Date: 10/01/2026 Posting Audience: Internal and External Occupational Category: Computer and Mathematical Salary Range: $5,797.66 - $9,508.25 Pay Frequency: Monthly Salary Group: TEXAS-B-25 Shift: Day Additional Shift: Telework: Eligible for Telework Travel: Up to 5% Regular/Temporary: Regular Full Time/Part Time: Full time FLSA Exempt/Non-Exempt: Exempt Facility Location: Job Location City: AUSTIN Job Location Address: 4900 N LAMAR BLVD Other Locations: Abilene; Alamo; Alice; Alpine; Alvin; Amarillo; Anahuac; Andrews; Angleton; Anson; Aransas Pass; Archer City; Arlington; Athens; Atlanta; Austin; Bacliff; Ballinger; Bandera; Bastrop; Bay City; Baytown; Beaumont; Bedford; Beeville; Bellville; Big Spring; Boerne; Bonham; Borger; Bowie; Brady; Breckenridge; Brenham; Brownfield; Brownsville; Brownwood; Bryan; Burnet; Caldwell; Cameron; Canton; Canutillo; Carlsbad; Carrizo Springs; Carrollton; Carthage; Center; Centerville; Childress; Clarksville; Cleburne; Cleveland; Coldspring; Columbus; Conroe; Copperas Cove; Corpus Christi; Corsicana; Crockett; Crosby; Crystal City; Cuero; Cypress; Daingerfield; Dallas; Decatur; Del Rio; Denton; Dickinson; Dumas; Duncanville; Eagle Pass; Eastland; Edinburg; El Paso; Elgin; Elsa; Ennis; Fabens; Falfurrias; Floresville; Fort Stockton; Fort Worth; Fredericksburg; Gainesville; Galveston; Garland; Gatesville; Georgetown; Giddings; Gilmer; Goliad; Gonzales; Graham; Granbury; Grand Prairie; Grapevine; Greenville; Hallettsville; Hamilton; Harlingen; Haskell; Hearne; Hemphill; Hempstead; Henderson; Hereford; Hillsboro; Hondo; Houston; Humble; Huntsville; Hurst; Irving; Jacksonville; Jasper; Johnson City; Jourdanton; Karnes City; Katy; Kaufman; Kerrville; Killeen; Kingsville; Kingwood; Kirbyville; La Grange; Lake Jackson; Lake Worth; Lamesa; Lampasas; Lancaster; Laredo; Levelland; Lewisville; Liberty; Linden; Littlefield; Livingston; Llano; Lockhart; Longview; Lubbock; Lufkin; Lumberton; Madisonville; Marble Falls; Marfa; Marlin; Marshall; Mcallen; Mckinney; Mercedes; Meridian; Mesquite; Mexia; Midland; Mineola; Mineral Wells; Mission; Monahans; Mount Pleasant; Mount Vernon; Nacogdoches; Navasota; New Boston; New Braunfels; Odessa; Orange; Palestine; Pampa; Paris; Pasadena; Pearland; Pearsall; Pecos; Perryton; Pharr; Pittsburg; Plainview; Plano; Pollok; Port Arthur; Port Lavaca; Presidio; Quitman; Raymondville; Refugio; Richardson; Richmond; Rio Grande City; Robstown; Rockwall; Rosenberg; Round Rock; Rowlett; Rusk; San Angelo; San Antonio; San Benito; San Juan; San Marcos; San Saba; Schertz; Seguin; Seminole; Seymour; Sherman; Silsbee; Sinton; Snyder; Socorro; Sonora; South Houston; Stephenville; Sugar Land; Sulphur Springs; Sweetwater; Taylor; Temple; Terrell; Texarkana; Texas City; The Woodlands; Tomball; Trinity; Tyler; Uvalde; Van Horn; Vernon; Victoria; Waco; Washington; Watauga; Waxahachie; Weatherford; Webster; Weslaco; Wharton; Wichita Falls; Woodville; Zapata MOS Codes: 0605,0630,0631,0639,0670,0679,0681,1702,1705,1710,1720,1721,1799,2611,2659,8055,8858,14N,14NX,170A 170B,17A,17B,17C,17C0,17DX,17S,17SX,17X,181X,182X,183X,184X,1B4X1,1D7X1,1N4X1,255A,255N,255S,25B,25D 26A,26B,26Z,514A,5C0X1D,5C0X1N,5C0X1R,5C0X1S,5IX,681X,682X,683X,781X,782X,783X,784X,CTI,CTM,CTR,CWT CYB10,CYB11,CYB12,CYB13,CYB14,IS,ISM,ISS,IT,ITS Brief Job Description: As a Cybersecurity Analyst II at the Texas Department of Family and Protective Services (DFPS) you will have at least one to two (1-2) years of related experience and be responsible for supporting the agency’s Governance, Risk, and Compliance (GRC) program by monitoring and assessing applicable cybersecurity, privacy, and regulatory requirements to mitigate potential risks and ensure adherence to industry standards. The Cybersecurity Analyst II will help perform risk assessments, support audits, and develop and maintain security policies and procedures. The Cybersecurity Analyst II will collaborate with departments, stakeholders, and external partners to maintain a comprehensive GRC program that supports the agency’s strategic objectives. This role applies professional knowledge of cybersecurity frameworks and compliance requirements to perform moderately complex assignments with increasing independence. How you will make an impact - Assist the Director of Security GRC and GRC Lead in developing, reviewing, and maintaining an enterprise-wide governance, risk management, and compliance program, aligning it with the agency’s goals and objectives. - Ensure policies, procedures, and controls comply with legal and regulatory requirements, industry standards, and best practices. - Conduct and document risk assessments of information systems, vendors, and business processes to identify vulnerabilities, assess the impact of risks, and recommend mitigation strategies. - Track and report on identified risks and mitigation strategies. - Support the organization’s risk register and help business units develop remediation plans. - Monitor compliance with internal policies and state regulatory requirements. - Support internal and external audit activities, including evidence collection and gap remediation. - Assist with regulatory reporting and compliance attestations. - Contribute to the development and delivery of role-based security awareness and compliance training. - Review security questionnaires, contracts, and vendor engagements to ensure third-party compliance with cybersecurity requirements. - Provide compliance support to SSCC/CBC partners. - Collaborate with key stakeholders, such as legal, finance, IT, and operations teams, to provide guidance on compliance-related matters and promote a culture of risk awareness and ethical behavior. - Stay informed on relevant laws, regulations, industry standards, and emerging governance, risk, and compliance trends, and communicate any changes or updates to the GRC Lead, Director and/or CISO. - Assist in conducting periodic audits and internal reviews to identify control weaknesses and recommend corrective actions. - Foster a culture of ethics, integrity, and accountability within the agency. The mission of DFPS is to build on strengths of families and communities to keep children and vulnerable adults safe, so they thrive. The Cybersecurity Analyst II is expected to work collaboratively with other team members from a positive, proactive, and mission-first perspective. They will assist in planning, monitoring, and maintaining cybersecurity and information technology security processes and controls. The DFPS cybersecurity environment is extensive and complex, allowing you to combine your previous experience in similar environments with your analytical skills. This position is classified as full-time (40 hours a week). This position is 100% telework within Texas and requires the candidate to maintain personal Wi-Fi and webcam capabilities during work hours to perform their duties. Work outside of regular hours may be required. Travel to other Austin offices(s) may be required. Works under limited supervision, with considerable latitude for initiative and independent judgment.       Essential Job Functions: - Supports the Cybersecurity Awareness Training Program by updating content, tracking completion metrics, and coordinating campaigns. - Maintains the accuracy and relevance of internal and external cybersecurity communications, including website content and shared dashboards. - Ensures the team's shared inbox and communication channels are monitored and responsive, enhancing stakeholder engagement and service delivery. - Provides day-to-day operational support of the GRC platform, including access control, user account management, and issue resolution. - Troubleshoots platform issues and works with internal IT or vendor support teams to ensure consistent system performance. - Assists in the configuration and enhancement of GRC workflows to streamline assessments, reporting, and risk tracking. - Organizes compliance evidence artifacts to satisfy internal, state, and federal reporting requirements. - Coordinates the upkeep of a centralized evidence repository to support recurring assessments and audit preparedness. - Collaborates with audit teams to ensure timely responses to findings, recommendations, and control testing activities. - Assists in assessing existing IT architecture and solutions for alignment with standards such as NIST 800-53, NIST CSF, and CJIS. - Contributes to the ongoing development and testing of Disaster Recovery (DR) and Business Continuity (BC) plans. - Participates in cross-functional architecture reviews to ensure security considerations are embedded in system design and implementation. - Assists in conducting risk assessments of third-party vendors and reviewing technology contracts for security and compliance considerations. - Collaborates with senior team members to ensure contractual terms align with cybersecurity policies and regulatory requirements. - Supports engagement efforts with business and IT stakeholders by gathering requirements and assisting with the coordination of risk management activities. - Conducts basic research on emerging cybersecurity risks to support team planning and help identify potential impacts to the Department of Family & Protective Services agency's third-party ecosystem. - Ensures division website content is accurate, up-to-date, and effectively communicated. Supports division email box is monitored and maintained. - Functions as a cybersecurity generalist to support and backfill work across the team. - Provides GRC system operational support, including troubleshooting issues, access control management, account management, and general technical support. - Advises customers and internal stakeholders on security configuration and best practice issues. Knowledge, Skills, and Abilities - Experience with State of Texas information security requirements, including Texas Administrative Code §202 and Texas Government Code 2054, is strongly preferred. - Knowledge of security controls in industry-standard frameworks including, but not limited to the Federal Information Security Management Act (FISMA), the Federal Risk and Authorization Management Program (FedRAMP), the National Institute of Standards (NIST) 800 Series Special Publications, the NIST Cybersecurity Framework, FBI Criminal Justice Information Services (CJIS) Security Policy or other security standards and regulations. - Proficiency in using GRC software and other relevant tools. - Ability to prepare technical issue papers and research reports and effectively deliver oral presentations and written reports to IT and non-IT management - Excellent analytical and problem-solving skills, with the ability to identify and evaluate potential risks and develop effective mitigation strategies. - Exceptional attention to detail and a thorough understanding of internal control systems. - Experience in developing and delivering compliance training programs. - Experience creating and managing policy, processes, and procedure documents. - Enjoys looking for and building efficiencies in the team, strong consensus building, multi-tasking, interpersonal, and analytical skills. - Experience auditing various Cloud architectures and deployment strategies such as Software-as-a-service, Infrastructure-as-a-service, Platform as a service, etc. - Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences. Registrations, Licensure Requirements, or Certifications: - If not already certified, must obtain within one year of employment a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), GIAC Critical Controls Certification (GCCC), (ISC)² Certified in Governance, Risk and Compliance (CGRC) or similar certification. Initial Screening Criteria: - Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology, computer engineering, computer information systems, computer science, management information systems, or a related field is generally preferred. Work experience may be substituted for education on a year-for-year basis. - 1-2 years’ experience in governance, risk management, and compliance roles, preferably in a regulated industry or highly complex environment. Note: You must meet the minimum initial screening criteria to be considered. You should only apply if your submittal documents clearly reflect experience meeting the initial screening criteria. Review our Tips for Success when applying for jobs at DFPS, DSHS and HHSC. Military occupation(s) that relate to the initial selection criteria and registration or licensure requirements for this position may include, but not limited to those listed in this posting. All active-duty military, reservists, guardsmen, and veterans are encouraged to apply if qualified to fill this position. For more information please see the Texas State Auditor’s Job Descriptions, Military Crosswalk and Military Crosswalk Guide at Texas State Auditor's Office - Job Descriptions. You may also contact the DFPS Military Liaison at dfpsmilvets@dfps.texas.gov with additional questions. Applicants selected for hire must pass a background check and if applicable a driver’s record check. State of Texas employees are required to maintain the security and integrity of critical infrastructure as defined in Section 117.001(2), State of Texas Business and Commerce Code. Applicants selected for hire comply with this code by completing related training and abiding by agency cybersecurity and communications system usage policies. As a state agency, DFPS is required by Texas Administrative Code (TAC 206 and 213) to ensure all Electronic Information Resources (EIR) follow accessibility standards. The staff must be familiar with the WCAG 2.1 AA and Section 508 to create accessible content including but not limited to; Microsoft Office documents, Adobe PDFs, webpages, software, training guides, video, and audio files. DFPS uses E-Verify. You must bring your I-9 documentation with you on your first day of work. Employees must provide documentation to DFPS to show their identity and authorization to work in the US. Please review the following link for authorized documents: https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents . In compliance with the Americans with Disabilities Act (ADA), HHS/DFPS agencies will provide reasonable accommodation during the hiring and selection process for qualified individuals with a disability. If you need assistance completing the on-line application, contact the HHS/DFPS Employee Service Center at 1-888-894-4747. If you are contacted for an interview and need accommodation to participate in the interview process, please notify the person scheduling the interview.