Comptroller- Risk & Compliance Associate/ Analyst

Comptroller- Risk & Compliance Associate/ Analyst (00050994) 

Organization

: COMPTROLLER OF PUBLIC ACCOUNTS 

Primary Location

: Texas-Austin 

Work Locations

: Lyndon B Johnson Building (304-00001) 111 E 17th Street  Austin 78774 

  

Job

: Computer and Mathematical 

Employee Status

: Regular 

Schedule

: Full-time Standard Hours Per Week: 40.00 

Travel

: Yes, 5 % of the Time State Job Code: 0319 0320 Salary Admin Plan: B Grade: 23 25 

Salary (Pay Basis)

: 6,250.00 - 8,083.33 (Monthly) 

Number of Openings

: 1 

Overtime Status

: Exempt 

Job Posting

: Jul 7, 2025, 5:16:22 PM 

Closing Date

: Jul 22, 2025, 4:59:00 AM 

Description

 

Applications must be filed at
https://capps.taleo.net/careersection/ex/jobdetail.ftl?job=00050994

Please note that this job posting can be closed without notice and earlier than the closing date indicated in the posting if a suitable candidate is found. We encourage applicants to submit and complete the application promptly.

 

Are you ready to grow, make a positive impact? If you are seeking to gain knowledge, build your career, and network among goal-oriented professionals, this is the place for you!

Innovation, collaboration, and a commitment to excellence best describes the culture here at the Comptroller’s Office. We take pride in the work we do serving as Texas' accountant, tax collector, treasurer, and much more! The Comptroller’s office serves virtually every citizen in the state. As Texas’ chief tax collector, accountant, revenue estimator, treasurer and purchasing manager, the agency is responsible for writing the checks and keeping the books for the multi-billion-dollar business of state government.

Our agency workforce is as diverse as the people of Texas we serve. We value our employees and take very seriously our collective commitment to public service.  Personal development opportunities are strongly encouraged through available workshops, teambuilding exercises, and on the job training. We offer flexible scheduling that helps employees maintain a healthy work-life balance. 

Click here to see an inside look at the Texas Comptroller’s office

 

About The Division

Information Security Division is dedicated to ensuring the confidentiality, integrity and availability of critical data and systems. We relentlessly defend against cyber threats, cultivate a culture of awareness and drive innovation to protect our organization and its stakeholders. 

General description
Join the information Security Division as a Risk & Compliance Associate/ Analyst! This role performs journey- level information security and cybersecurity analysis work involving planning, implementing, and monitoring security measures for the protection of information systems and infrastructure. 

Apply today and help the Comptroller's office keep the Texas economy strong.

Work Hours

Work hours are Monday through Friday from 8:00am to 5:00pm, 40 hours per week with occasional evening and weekend hours. Hours may change based upon business need. 

This position may be eligible for a flexible/hybrid work schedule if certain conditions are met; working arrangements may change at any time as business necessitates.

  

Cybersecurity Analyst I/ Risk & Compliance Associate: $6,250.00-$6,666.67

Cybersecurity Analyst II/ Risk & Compliance Analyst: $7,583.33-$8,083.33

 

Qualifications

 

Minimum Qualifications 

• Graduation from an accredited college or university with a bachelor's degree.
• Experience:
  • Cybersecurity Analyst I: One (1) year professional experience in cybersecurity, information security, risk management, compliance, audit, or related field.
  • Cybersecurity Analyst II: Two (2) yeasr professional experience in cybersecurity, information security, risk management, compliance, audit, or related field.

 

Preferred Qualifications 

• Graduation from an accredited college or university with a bachelor’s degree major coursework in cybersecurity, information security, computer engineering, computer information systems, computer science, management information systems, business administration, or related field.
• Experience with regulatory compliance frameworks (NIST, HIPAA, PCI DSS, FERPA)
• Risk assessment and management experience
• Audit coordination and response experience
• Policy development and implementation experience

Substitution:

• One (1) additional year of the full-time minimum experience as stated above may substitute for each year (30 semester hours) of the required education with a maximum of 120 semester hours (four years).
• Graduation from an accredited college or university with a bachelor’s degree in Cybersecurity or Information Security may substitute for one (1) year of experience requirement.

In this role you will:

Cybersecurity Analyst I/ Risk & Compliance Associate:

Risk Assessment & Analysis:

• Performs agency risk and security assessments and reviews of account permissions, computer data access needs, security violations, programming changes, and new and existing applications and systems, including data center physical security environment.
• Assists in developing and maintaining procedures related to risk and security assessments as appropriate.
• Prepares, gathers and maintains working papers to support evidence of risk and security controls.
• Assists with business unit plans of actions and milestones related to risk and security assessment finding.
• Assists business units through providing training and guidance on information security and privacy controls.

 

Policy Development & Compliance Support:

• Performs agency risk and security assessments related to privacy and information security laws, regulations, standards, and other requirements (e.g. National Institute of Standards and Technology, Internal Revenue Service Publication 1075, Health Insurance Portability and Accountability Act, Payment Card Industry Data Security Standards, contractual obligations, etc.).
• Research privacy and information security laws, regulations, standards, and other requirements and applies knowledge to risk and security assessment processes as applicable.
• Assists in reviewing contracts, scope of work, and other documents for inclusion of appropriate security controls and provisions.

 

Stakeholder Management & Communication:

• Assists with preparation of meetings, presentations and training materials to support staff education on risks and mitigations under supervision.
• Supports engagement with internal resources and learns to apply relevant laws, regulations, policies, procedures, standards, guidelines and best practices with guidance.
• Assists with coordination activities between business units regarding risk assessment findings and remediation activities as directed.
• Supports maintenance of relationships with regulatory bodies and external auditors through administrative tasks and documentation support.

 

Documentation & Reporting:

• Prepares formal written reports/maintains draft versions incorporating comments and management reviews.
• Documents security incidents and compliance findings for management review.
• Maintains accurate records of risk assessments and remediation activities.
• Tracks and reports on compliance metrics and key performance indicators.

 

Other Duties:

• Performs other duties as assigned.

 

Cybersecurity Analyst II/ Risk & Compliance Analyst:

 Risk & Security Assessment:

• Performs comprehensive agency risk and security assessments related to privacy and information security laws, regulations, standards, and other requirements (NIST, IRS Publication 1075, HIPAA, PCI DSS, contractual obligations, FERPA, etc.).
• Researches and applies knowledge of privacy and information security requirements to risk and security assessment processes across agency operations and technology systems.
• Develops plans to safeguard computer configuration and data files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
• Performs comprehensive technical risk assessments and reviews of complex systems, applications, and business processes to identify vulnerabilities and control gaps.
• Quantifies and communicates residual risk in business terms to management and stakeholders through formal written reports and presentations.
• Prepares, gathers, and maintains working papers to support evidence of risk and security controls for audit and compliance purposes.
• Reviews contracts, scope of work, and other documents for inclusion of appropriate security controls and provisions.

 

Policy Development & Compliance Support:

• Assists in maintenance of agency Information Protection Policies & Standards (IPPS) tailored from the National Institute of Standards and Technology (NIST) security framework.
• Researches and recommends security policy and standards to reduce risk to the agency and ensures alignment with regulatory requirements.
• Assists with implementation of Department of Information Resources' cybersecurity requirements including development and maintenance of agency information security plan.
• Assists in developing and maintaining procedures related to risk and security assessments as appropriate to agency operations.
• Reviews contracts, scope of work, and other documents for inclusion of appropriate security controls and provisions.

 

Information Security Division Support:

• Assists with information security division functions including tracking and prioritizing known security risks and providing reports to management.
• Responds to security incidents and supports incident response activities as needed.
• Research new security risks and mitigation strategies, tools, techniques and solutions and provides recommendations to CISO.
• Assists business units through providing training and guidance on information security and privacy controls implementation.
• Assists with business unit plans of actions and milestones related to risk and security assessment findings.
• Assists with internal and external audits including preparation, coordination, and response activities.

 

Stakeholder Management & Communication:

• Prepares and conducts meetings, presentations and training to educate staff on risks and mitigations
• Engages internal and external resources and applies relevant laws, regulations, policies, procedures, standards, guidelines and best practices
• Coordinates with business units on risk assessment findings and remediation activities
• Maintains relationships with regulatory bodies and external auditors

 

Other Duties:

• Performs other duties as assigned.

 

 

 

Maximize Your Earnings!

At the Comptroller's office, we know potential employees are looking for more than just a paycheck. The agency offers a strong benefits package for you and your family. Insurance, retirement plans, and a flexible work schedule are just the start. See our benefits offering

If you are seeking to gain knowledge, build your career, and network among goal-oriented professionals, this is the place for you!

Important Note to the Candidate:

 
Salary is contingent upon qualifications. If you are scheduled for an interview and require any reasonable accommodation in our interview process, please inform the hiring representative who calls you to schedule your interview. Whenever possible, please give the hiring representative sufficient time to consider and respond to your request.

MILITARY PREFERENCE

To receive MILITARY PREFERENCE, you are required to provide proof by attaching the necessary documentation to this job application.

 

https://hr.sao.texas.gov/CompensationSystem/JobDescriptions
Click on the occupational category for the position.

Additional MOS can be found at the State Auditor’s Office, 

Military Crosswalk Guide.

 

The Texas Veterans Commission provides helpful employment information. Go to: http://www.texasskillstowork.com, http://www.onetonline.org, https://hr.sao.texas.gov/CompensationSystem/JobDescriptions/ or www.careeronestop.org for assistance translating your military experience and training courses into civilian job terms, qualifications/requirements and skill sets.

Applications submitted through Work in Texas:

Work In Texas (WIT) applicants must complete supplemental questions to be considered for the position. To complete the supplemental questions please go to CAPPS Recruit to register or login and access your profile.

The Comptroller’s Office is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity.

Resumes will not be accepted in lieu of completed applications. The application must contain the necessary information in the work history for the applicant to qualify for the position.

An applicant must be eligible to work in the United States to be hired at the Comptroller’s office and must remain eligible, without sponsorship or any assurance of financial or other assistance from this agency, during the term of their employment.