Contract: 6 Months (3 Yrs Ext)

Deadline: 3/6/26

Job Description:

Key Responsibilities

System Security Planning (SSP)

• Develop, update, and maintain System Security Plans for Client applications and systems.

• Work with program teams, Information Owners, and Custodians to gather control implementation evidence.

• Ensure System Security Plans align with NIST, DIR, and HHSC CISO Office standards.

Security Assessments (SA)

• Plan and conduct Security Assessments to validate implementation and effectiveness of security controls.

• Review technical, administrative, and operational evidence.

• Document assessment results and track remediation activities.

Risk Assessments (RA)

• Facilitate Risk Assessment workshops with Information Owners and Custodians.

• Identify threats, vulnerabilities, likelihood, and impact.

• Document risks, mitigation plans, and Risk-Based Decisions in RSA Archer.

GRC & Compliance Operations

• Maintain security artifacts, risks, and remediation plans in RSA Archer GRC.

• Support system authorization (ATO) activities and continuous monitoring.

• Prepare audit and oversight evidence.

• Produce leadership reports and security posture metrics.

Stakeholder Engagement

• Serve as liaison between program areas, technical teams, and CISO Office leadership.

• Provide guidance and training on System Security Plans, Security Assessments, and Risk Assessment processes.

Deliverables

• Completed and updated System Security Plans (SSPs)

• Documented Security Assessment reports and findings

• Completed Risk Assessments and Risk-Based Decisions

• RSA Archer risk and compliance records

• Remediation tracking and status reports

• Audit-ready security documentation packages

Required Certifications

At least one of:

• CompTIA Security+

• GIAC GSEC

• CAP

• CISSP

Required Skills:

• 4 Yrs of in cybersecurity GRC, system security planning, or information assurance.

• 4 Yrs of Hands-on experience developing System Security Plans (SSPs), conducting Security Assessments, and facilitating Risk Assessments.

• 4 Yrs of Knowledge of NIST SP 800-53 and NIST Risk Management Framework.

• 4 Yrs of Experience using GRC platforms (RSA Archer preferred).

• 4 Yrs of Experience working with Information Owners and Custodians.

• 4 Yrs of Strong technical writing and documentation skills.

• 4 Yrs of Ability to work independently on complex assignments.

Preferred Skills:

• 3 Yrs of Familiarity with DIR Security Control Standards.

• 3 Yrs of Experience supporting ATO and continuous monitoring.

• 2 Yrs of Experience in state or federal government cybersecurity programs.

• 1 Yr of CRISC or CISA certification.