Cybersecurity Analyst - Governance, Risk, and Compliance (GRC) - Houston, TX

Apply

Duties and Responsibilities

• Assists the development, design, logistics, and facilitation of internal and external IS and cybersecurity exercises by conducting analysis of existing systems performance.
• Acts as the first line of defense against the compromise of all forms of sensitive data and delivers IS and cyber incident triage including identifying the specific vulnerability and making recommendations.
• Protects the organization's data and systems from unauthorized access and ensures that security practices are up-to-date and effective.
• Conducts vulnerability research activities, gathers information on new and emerging threats and vulnerabilities and provides day-to-day support, maintenance and troubleshooting of software and subsystems.
• Understands system risks when modifying security systems and processes and takes appropriate precautions to avoid compliance violations.
• Creates and maintains high quality documentation related to IT processes including flow charts and data flow diagrams.
• Performs other duties as assigned.

Required Qualifications

Education

• Typically requires a 4 year degree in a relevant field, or equivalent combination of relevant education and experience.

Experience

• Typically requires 2 years of related experience.

Knowledge, Skills and Abilities

• Information Security Management - Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities.
• Security assessment - Conducts threat modelling, vulnerability assessment and penetration testing to reveal vulnerabilities or lapses in the existing systems or security mechanisms and evaluates the extent to which systems are able to protect the organization's data and maintain functionality as intended.
• A/B Testing - Develop and disseminate corporate security policies, frameworks and guidelines to ensure that day-to-day business operations guard or are well protected against risks, threats and vulnerabilities.
• Cybersecurity Risk Management - Develop cyber risk assessment and treatment techniques that can effectively pre-empt and identify significant security loopholes and weaknesses, demonstration of the business risks associated with these loopholes and provision of risk treatment and prioritization strategies to effectively address the cyber-related risks, threats and vulnerabilities identified to ensure appropriate levels of protection, confidentiality, integrity and privacy in alignment with the security framework.
• Vulnerability Management - Defines, identifies, classifies and prioritizes vulnerabilities in computer systems, applications and network infrastructures and provides the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its business.
• Penetration Testing - Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.
• Security Audits - A systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.
• Incident Response Management - An organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident.
• Intrusion Detection - Monitors network and system activity to identify potential intrusion or other anomalous behavior; analyzes the information and initiates an appropriate response, escalating as necessary; Uses security analytics, including the outputs from intelligence analysis, predictive research and root cause analysis in order to search for and detect potential breaches or identify recognised indicators and warnings; Monitors, collates and filters external vulnerability reports for organizational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes; Ensures that disclosure processes are put in place to restrict the knowledge of new vulnerabilities until appropriate remediation or mitigation is available; Produces warning material in a manner that is both timely and intelligible to the target audience(s).
• Identity Management and Access Management - Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.

HYBRID: Work a combination of onsite and remote days each week, typically 4 days per week onsite.

Information Technology

Full-time

Note: The Company strives to ensure that employees are paid equitably and competitively. Starting salaries may vary based on factors such as relevant experience, qualifications, and education.

Sempra Infrastructure offers a competitive total rewards package that goes beyond base salary. This position is eligible for an annual performance-based incentive (bonus) as well as merit-based recognition. Company benefits include health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.

Houston Center of Excellence-TXHS

Pay Range Pay Range

The estimated pay range for this job. Disclosing pay information promotes competitive and equitable pay.

The actual pay rate will depend on the person's qualifications and experience.

$92,000.00 - $146,000.00 / year

In order to support the Fair Compensation Strategy by the US Govt., HR Dept., clients are required to adhere to "Pay Transparency Law"; in the impacted states; that have mandated the employers to list the salary ranges in Job advertisements or postings for job opportunities and Job promotions.