Cybersecurity Threat and Risk(Engineer OR Architect) - Hybrid
TRS
On-site
Austin, Texas, United States
$119,918 - $149,898 USD yearly
Location:
1900 Aldrich Street
Austin, Texas, 78723
United States
1900 Aldrich Street
Austin, Texas, 78723
United States
Cybersecurity Threat and Risk(Engineer OR Architect) - Hybrid
| Requisition ID: | req1166 | Employment Type: | Unclassified Regular Full-Time (URF) |
| Division: | Information Security Office | Compensation: | 108,036.00 - 149,898.00, Annual Salary |
| Location: | Alpha | Job Closing: | 1/31/2025 |
WHO WE ARE:
Service, Respect, and Connection are core to the individual and collective TRS experience. We know that great service rests on a foundation of relationships that connect us all to an empowering and rewarding career. At TRS, we’re inspired by our diverse community who bring authenticity and commitment to our mission to improve the retirement security of public education employees and retirees throughout Texas.
As a group of achievers, we tap collaboration and innovation to raise the bar in performance, administering and counseling pensions and healthcare benefits to ensure certainty for the future of our members. We invite you to join us, where both personal and career growth are respected and where you can make a difference in our members’ lives every day.
The Cybersecurity Threat & Risk Engineer is responsible for performing advanced information technology, and cyber security analysis and control work. The incumbent will provide technical writing, planning, coordinating, and implementation of security policies and procedures to protect cybersecurity assets and delivering cybersecurity incident detection, incident response, fraudulent activity, threat assessment, cyber intelligence, software security, and vulnerability assessment services. This position will proactively work with the Cybersecurity team, IT staff and agency employees.
The Cybersecurity Threat & Risk Architect performs highly advanced information technology, and cyber security analysis and control work. The incumbent will provide technical writing, planning, coordinating, and implementation of security policies and procedures to protect cybersecurity assets and delivering cybersecurity incident detection, incident response, threat assessment, cyber intelligence, software security, and vulnerability assessment services. This position will proactively work with the Cybersecurity team, IT Staff, and agency employees.
This is a hybrid position requiring onsite work conducted at our TRS office in Austin, TX approximately two to three times a week or as required for business needs.
Vacancy will be filled at one of two levels - Cybersecurity Threat & Risk Engineer OR Cybersecurity Threat & Risk Architect. Selected applicant will be offered the position that most closely matches their education and experience.
Salary Range
Engineer: $108,036-135,044
Architect: $119,918-149,898
WHAT WILL YOU DO:
Cybersecurity Threat & Risk Engineer
Risk Management
• Collaborates with stakeholders on the security risk assessment process to address security compliance and risk mitigation.
• Ensures plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Identifies and corrects potential company compliance gaps and/or areas of risk to ensure full compliance with security regulations.
Privacy
• Collaborates with stakeholders on the privacy risk assessment process to address privacy compliance and risk mitigation.
• Ensures that action plans, milestones, or remediation strategies are established to address vulnerabilities identified during risk assessments, audits, inspections, and similar evaluations.
• Identifies and corrects potential company compliance gaps and/or areas of risk to ensure full compliance with privacy regulations.
Governance
• Develops and drafts policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Establishes and maintains communication channels with stakeholders.
Training and Awareness
• Provides fraud and cyber-related training to internal and external stakeholders.
• Coordinates with internal and external subject matter experts to ensure existing standards reflect organizational functional requirements and meet industry standards.
• Assists with research strategies and knowledge management.
• Performs related work as assigned.
Cybersecurity Threat & Risk Architect
Risk Management
• Establishes, develops, and coordinates a risk management program and methods to monitor and measure risk, compliance, and assurance efforts.
• Ensures plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Evaluates the effectiveness of procurement functions in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
• Collaborates with legal counsel and management, key departments and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
• Interprets patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.
• Provides after hours support for information security functions as needed.
Governance
• Develops and drafts policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Establishes and maintain communication channels with stakeholders.
• Serves on agency and interagency policy boards.
• Formulates cyber-related enterprise policies and strategies.
• Works with organization administration, legal counsel, and other related parties to represent the organization’s information security/privacy interests with external parties which undertake to adopt or amend privacy legislation, regulations, or standards.
• Prepares audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
Privacy
• Establishes, implements, and maintains organization-wide policies and procedures to comply with privacy regulations.
• Works with legal counsel, management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
• Manages privacy incidents and breaches in conjunction with the Privacy Officer, Chief Information Security Officer, legal counsel, and the business units.
• Provides guidance on laws, regulations, policies, standards, or procedures to IT management.
• Works with the general counsel, external affairs, and businesses to ensure both existing and new services comply with privacy and data security obligations.
• Ensures that action plans, milestones, or remediation strategies are established to address vulnerabilities identified during risk assessments, audits, inspections, and similar evaluations.
Training and Awareness
• Provides fraud and cyber-related training to internal and external stakeholders.
• Works with organization senior management to lead an organization- wide Information Security Advisory Team and Privacy Oversight Committee.
• Establishes and maintains communication channels with stakeholders.
• Assists with research strategies and knowledge management.
• Performs related work as assigned.
WHAT WILL YOU BRING:
Required Education
• Bachelor's degree from an accredited college or university in Cybersecurity, Information Security or a closely related field.
• High school diploma or equivalent and additional full-time experience in cybersecurity, information security, systems analysis, programming, computer operations, IT business analysis or similarly related experience may be substituted on an equivalent year-for-year basis.
Required Experience
• Four(4) - Six (6) years of full-time directly related, progressively responsible experience in cybersecurity, information security, systems analysis, programming, computer operations, IT business analysis, or related experience.
• One(1) - Three (3) years of full-time directly related, progressively responsible experience developing and training employees on security/privacy policies, data handling practices and procedures, and legal obligations; and guidelines for implementation, or related experience.
• One (1) year of full-time directly related, progressively responsible experience conducting IT audits and needs analysis to improve business process solutions, as well as developing and writing IT policies, procedures, and audit responses, or related experience.
• Experience may be concurrent.
• A master's degree or doctoral degree in a directly related field may be substituted on an equivalent year-for-year basis.
Required Registration, Certification, or Licensure
• Certification as a Certified Information Systems Security Professional (CISSP) or other security related certifications.
Preferred Qualifications
• Experience with risk management frameworks as it pertains to the National Institute of Standards and Technology.
• Experience with various security monitoring tools, network and web assessment tools, and scripting languages.
Knowledge, Skills, and Abilities
Knowledge of:
• Computer systems and technology limitations, capabilities, and security infrastructures.
• Information security systems, controls, methodologies, practices, and regulations, including data encryption and information protection.
• National and international laws, regulations, policies, along with ethics as they relate to cybersecurity/privacy.
• Organization’s risk tolerance and/or risk management approach.
• Applicable state and federal laws, statutes, Presidential Directives, executive branch guidelines related to information security or cyber security.
• Current and emerging cyber technologies.
Skills in:
• Analyzing complex technical problems and developing workable solutions.
• Managing multiple conflicting tasks/deadlines.
• Effective verbal and written communication of complex technical information.
Ability to:
• Effectively assess areas of risk associated with information security.
• Determine the validity of technology trend data.
• Develop policy, plans, and strategies in compliance with laws, regulations, policies, and standards in support of organizational information security assurance.
• Establish and maintain harmonious working relationships with co-workers, agency staff, and external contacts.
• Work effectively in a professional team environment.
Military Occupational Specialty (MOS) Codes:
Veterans, Reservists or Guardsmen with experience in the Military Occupational Specialty ( https://www.trs.texas.gov/files/trs-military-crosswalk.xlsx ) along with the minimum qualifications listed above may meet the minimum requirements and are highly encouraged to apply. Please contact Talent Acquisition at careers@trs.texas.gov with questions or for additional information.
To view all job vacancies, visit www.trs.texas.gov/careers or www.trs.csod.com/careersite.
For more information, visit www.trs.texas.gov.