Cybersecurity Analyst - Governance, Risk, and Compliance (GRC) at Sempra Infrastructure

Houston, Texas, United States -

Full Time

Start Date

Immediate

Expiry Date

25 Feb, 26

Salary

0.0

Posted On

27 Nov, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cybersecurity, Risk Management, Governance, Compliance, Cyber Threat Intelligence, Security Audits, Content Development, Phishing Simulations, E-Learning, Data Security, Privacy Regulations, Incident Response, SOC Operations, GRC Tools, Communication, Training

Industry

Oil and Gas

Description

Primary Purpose This role will lead initiatives to foster a strong cybersecurity culture across the organization, driving awareness programs and educational campaigns to our employees. The Cybersecurity Analyst is part of a broader cybersecurity team that ensures all system design, implementation, and standards protect Sempra's network from cyber-attacks. The Analyst of Governance, Risk, and Compliance (GRC) is focused on preventing security threats and ensuring laws and industry standards are upheld, working with a cross-functional team of across various information security functions to conduct third-party assessments, cybersecurity clause review, exception request handling, SOC reviews, risk control evaluation, and threat intelligence monitoring. Duties and Responsibilities Technical Analysis & Delivery * Supports the implementation of the governance & risk frameworks, policy creation & management, IT control management, and security audits & assessments️. * Manages issues and corrective actions plans identified in risk assessments through closure. * Reviews cybersecurity clauses in contracts, applicability criteria, exceptions requests and mitigating controls in accordance with company policies and industry standards. * Conducts SOC II reviews and audits. * Monitors Cyber Threat Intelligence resources (such as Sempra, CISA, FBI, and others). * Proposes and implements innovative ways to establish adequate controls, optimize risk management, and improve continuous monitoring. * Coordinates cybersecurity assessments (such as maturity, risk, and penetration testing). * Develops and monitors cybersecurity KRIs and KPIs. * Increases the level of maturity in risk management and controls. Communication & Stakeholder Management * Designs, implements, and manages a comprehensive Cybersecurity Awareness Program, including phishing simulations, threat education campaigns, and targeted training for high-risk roles. * Develops engaging content (videos, newsletters, infographics) to promote security best practices and reduce social engineering risks. * Coordinates Cybersecurity Ambassadors Community and champions cultural change initiatives across business units. Functional Area Leadership * Acts as the primary point of contact for awareness-related metrics and reporting to leadership, ensuring visibility into human risk trends and program effectiveness. Troubleshooting * Maintains good operational relationships with 3rd party risk assessment managed service providers to perform risk assessments, develop mitigation plans, and ensure appropriate service levels. * Ensures team works closely with System Engineers to implement security controls and patches based on capability and need. * Contacts and coordinates vendor, carrier, and remote support when necessary to resolve high-impact security issues. * Document problems and report to management, engineers and/or peers. Performs other duties as assigned (no more than 5% of duties). Qualifications Qualifications Education * Bachelor's Degree in Computer Science, Information Technology, or equivalent relevant work experience. Experience * 4+ years' experience in Information Security, Cyber Security, or relevant roles. * 2+ years' experience managing Governance, Risk, and Compliance of an organization with a complex Information Technology environment. Knowledge, Skills, and Abilities * Bilingual in Spanish/English is a plus * Proven experience in cybersecurity awareness program design and delivery, including phishing simulations and behavioral risk reduction strategies * Strong communication and content development skills to engage non-technical audiences effectively * Knowledge of adult learning principles and experience leveraging e-learning platforms or gamified training tool * Strong understanding of security contract management and legal requirements. * Hands-on experience of enterprise GRC tools (e.g., ServiceNow, Archer etc.). * Ability to implement global regulatory requirements surrounding data security & privacy (e.g., GDPR, CCPA, CRPA etc.). * Understanding of relevant cybersecurity regulations and agencies pertinent to utility environments. * General understanding of cyber security operations functions, in areas such as incident response, security monitoring, threat and vulnerability, SOC and SOC service. * General knowledge of OT network infrastructure, SCADA/DCS systems, data/communication systems, and management systems. * General knowledge of security software architecture/programing concepts and security integration into SDLC. * Ability to manage a diverse technical workforce in multiple locations; ability to coach. * Personal drive and energy level to achieve superior results individually and through others. * Proven experience in cybersecurity awareness program design and delivery, including phishing simulations and behavioral risk reduction strategies * Strong communication and content development skills to engage non-technical audiences effectively * Knowledge of adult learning principles and experience leveraging e-learning platforms or gamified training tools * Strong understanding of security contract management and legal requirements. * Hands-on experience of enterprise GRC tools (e.g., ServiceNow, Archer etc.). * Ability to implement global regulatory requirements surrounding data security & privacy (e.g., GDPR, CCPA, CRPA etc.). * Understanding of relevant cybersecurity regulations and agencies pertinent to utility environments. * General understanding of cyber security operations functions, in areas such as incident response, security monitoring, threat and vulnerability, SOC and SOC service. * General knowledge of OT network infrastructure, SCADA/DCS systems, data/communication systems, and management systems. * General knowledge of security software architecture/programing concepts and security integration into SDLC. * Ability to manage a diverse technical workforce in multiple locations; ability to coach. * Personal drive and energy level to achieve superior results individually and through others. Licenses and Certifications * Standard certifications in Information Security (CISSP, CISM, CISA, or equivalent) * Technical certifications (GRC related e.g. ISACA CRISC)

Responsibilities

The Cybersecurity Analyst will lead initiatives to promote a strong cybersecurity culture and manage various assessments and compliance activities. This role involves coordinating with cross-functional teams to ensure adherence to security standards and regulations.