Job Summary

The Information Security Analyst Sr contributes to the Information Assurance team byperforming advanced information security tasks, including assessing, analyzing, and monitoring County data and systems. The analyst contributes to the development and implementation of security policies, standards, practices, and procedures. The analyst conducts comprehensive risk assessments using both qualitative and quantitative methods, develops risk analysis scenarios and response procedures, and performs compliance auditing to ensure adherence to industry standards and applicable regulations.

Distinguishing Characteristics:

The Information Security Analyst Sr has technical expertise that includes a thorough understanding of cybersecurity frameworks such as NIST, proficiency in risk management methodologies, and a strong ability to identify vulnerabilities and recommend mitigation strategies. The analyst has exceptional analytical and problem-solving skills, attention to detail, experience in mentoring junior analysts, and can communicate clearly and effectively. This classification may require a flexible work schedule in order to meet the needs of the department.

Duties And Responsibilities

• Develop, implement, and maintain information security policies, standards, practices and procedures to ensure alignment with government frameworks and adaption to evolving threats, legal changes, regulations, and County policies.
• Collaborates with Information and Telecommunication Systems (ITS) staff to coordinate the implementation of information security policies, procedures, technical standards, and practices across all County departments. Supports efforts in encouraging adoption countywide adoption of security initiatives.
• Conducts compliance assessments, analysis, monitoring and management activities to evaluate adherence to internal policies and external regulations. Contribute to the development of compliance monitoring methodologies, procedures, and reporting practices.
• Performs gap analyses and makes data-driven recommendations for improving existing policies, standards, and technical controls based on the findings of compliance and audit activities. Executes both technical and administrative audits to evaluate security effectiveness.
• Train and mentor junior analysts, providing guidance on security frameworks and best practices to foster internal talent development and ensure operational continuity.
• Perform third-party risk assessments and vendor security evaluations, ensuring that external partners meet County and regulatory security standards and requirements.
• Coordinate with County leadership, ITS stakeholders, and program managers to prioritize, plan, and implement enterprise security projects that align with County goals.
• Contribute to strategic planning, policy development, and resource management for the Information Assurance team, supporting long-term cybersecurity objectives and capacity building.
• Prepare and deliver risk assessments, compliance updates, and incident reports to senior leadership, translating findings into actionable insights and easily digestible business impact.
• Work directly with internal and external customers to educate, advise, and resolve issues related to enterprise data management and information protection, including support for the Data Loss Prevention program and data classification initiatives.
• May mentor, supervise, and train security staff
• Performs other job-related duties as assigned
  
  

Minimum Requirements

Education and Experience:

Bachelor's degree in Computer Science, Information Systems, Business Administration or a directly related field AND five (5) years of relevant work experience, including at least three (3) years experience in information security;

OR,

Any combination of education and experience that has been achieved and is equivalent to the stated education and experience and required knowledge, skills, and abilities sufficient to successfully perform the duties and responsibilities of this job.

Licenses, Registrations, Certifications, or Special Requirements:

Valid Texas Driver's License.

CompTIA Security+ Certification, Certified Information Systems Security Professional (CISSP) or equivalent industry-recognized certification required

Knowledge, Skills, and Abilities:

Knowledge of:

• Policies, practices, procedures and terminology of assigned function.
• Knowledge of Federal, State, Local and County applicable laws, rules, regulations and guidelines, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA), Criminal Justice Information Services (CJIS), and Payment Card Industry and Data Security Standards (PCI-DSS).
• Familiarity with Information Security frameworks, including NIST 800-53, NIST CSF, and Risk Management Framework.
• Solid understanding of confidentiality, integrity, and availability as it relates to Information Security.
• Advanced Information Technology risk assessment techniques (qualitative and quantitative).
• Threats to systems, networks, applications and information for both standalone and interconnected computers.
• May be required to develop knowledge of and adhere to federal and state laws requiring the confidential handling of certain health information.
• Understanding of governance structures and how security policy supports operational goals.
• Experience conducting audits, assessments, and gap analyses.
• Understanding of how operating systems, networks, and cloud environments are secured.
• Knowledge of data classification, data handling requirements, and incident escalation protocols.
• Understanding of vendor risk management, third-party assessments, and contractual security requirements.
• Ability to communicate technical concepts to non-technical stakeholders.
  
  

Skill in:

• Interacting with and supporting the activities of other information technology and information security professionals.
• Providing customer service to a wide range of internal and external customers.
• Problem-solving and decision-making.
• Both verbal and written communication, including presentations and communicating technical issues in non-technical language.
  
  

Ability to:

• Comprehend the language of policies and standards and present them in an understandable way to ITS staff members and department users.
• Read, comprehend, comply with and assist customers in complying with complex technical standards and procedures.
• Work independently and efficiently and as part of a team.
• Manage time well, perform multiple tasks and organize diverse activities.
• Research, compile, analyze, interpret and prepare a variety of memorandums or reports.
• Establish and maintain effective working relationships with departmental clientele, representatives of outside agencies and providers, other County employees and officials, and the general public.
  
  

Work Environment & Other Information

Work primarily performed in office setting, either on-site or in a secure hybrid/telework environment. May involve occasional visits to data centers, agency offices, or vendor locations for security inspections, audits, or meetings. Must adhere to strict security protocols and procedures, including physical access controls, background checks, and secure area clearances. May occasionally work outside normal business hours to respond to security incidents or meet project deadlines.

Physical requirements include extended periods of sitting, using a computer and other standard office equipment. Subject to visual acuity, speech and hearing, hand and eye coordination and manual dexterity necessary to operate a computer and office equipment. Occasional lifting or carrying of equipment or materials (typically less than 25 pounds) may be required. Must be able to remain focused and alert while working on detailed technical tasks, especially during incident response or time-sensitive audits.

Travis County employees play an important role in business continuity. As such, employees can be assigned to business continuity efforts outside of normal job functions.

Work Hours: 8 am - 5 pm, Monday-Friday. May work some

holidays, some nights, some weekends

Location: 700 Lavaca St, Austin, TX 78701

Department: Information Security

Criminal background check, driving, education, and

employment verification are required.

This job description is intended to be generic in nature. It is not necessarily an exhaustive list of all duties and responsibilities. The essential duties, functions and responsibilities and overtime eligibility may vary based on the specific tasks assigned to the position.