FIND_THE_RIGHTJOB.
Cybersecurity Analyst - Governance, Risk, and Compliance (GRC)
JOB_REQUIREMENTS
Hires in
Not specified
Employment Type
Not specified
Company Location
Not specified
Salary
Not specified
Primary Purpose
This role will lead initiatives to foster a strong cybersecurity culture across the organization, driving awareness programs and educational campaigns to our employees. The Cybersecurity Analyst is part of a broader cybersecurity team that ensures all system design, implementation, and standards protect Sempra's network from cyber-attacks. The Analyst of Governance, Risk, and Compliance (GRC) is focused on preventing security threats and ensuring laws and industry standards are upheld, working with a cross-functional team of across various information security functions to conduct third-party assessments, cybersecurity clause review, exception request handling, SOC reviews, risk control evaluation, and threat intelligence monitoring.
Duties and Responsibilities
Technical Analysis & Delivery
Supports the implementation of the governance & risk frameworks, policy creation & management, IT control management, and security audits & assessments️.
Manages issues and corrective actions plans identified in risk assessments through closure.
Reviews cybersecurity clauses in contracts, applicability criteria, exceptions requests and mitigating controls in accordance with company policies and industry standards.
Conducts SOC II reviews and audits.
Monitors Cyber Threat Intelligence resources (such as Sempra, CISA, FBI, and others).
Proposes and implements innovative ways to establish adequate controls, optimize risk management, and improve continuous monitoring.
Coordinates cybersecurity assessments (such as maturity, risk, and penetration testing).
Develops and monitors cybersecurity KRIs and KPIs.
Increases the level of maturity in risk management and controls.
Communication & Stakeholder Management
Designs, implements, and manages a comprehensive Cybersecurity Awareness Program, including phishing simulations, threat education campaigns, and targeted training for high-risk roles.
Develops engaging content (videos, newsletters, infographics) to promote security best practices and reduce social engineering risks.
Coordinates Cybersecurity Ambassadors Community and champions cultural change initiatives across business units.
Functional Area Leadership
Acts as the primary point of contact for awareness-related metrics and reporting to leadership, ensuring visibility into human risk trends and program effectiveness.
Troubleshooting
Maintains good operational relationships with 3rd party risk assessment managed service providers to perform risk assessments, develop mitigation plans, and ensure appropriate service levels.
Ensures team works closely with System Engineers to implement security controls and patches based on capability and need.
Contacts and coordinates vendor, carrier, and remote support when necessary to resolve high-impact security issues.
Document problems and report to management, engineers and/or peers.
Performs other duties as assigned (no more than 5% of duties).
Qualifications
Education
Bachelor's Degree in Computer Science, Information Technology, or equivalent relevant work experience.
Experience
4+ years' experience in Information Security, Cyber Security, or relevant roles.
2+ years' experience managing Governance, Risk, and Compliance of an organization with a complex Information Technology environment.
Knowledge, Skills, and Abilities
Bilingual in Spanish/English is a plus
Proven experience in cybersecurity awareness program design and delivery, including phishing simulations and behavioral risk reduction strategies
Strong communication and content development skills to engage non-technical audiences effectively
Knowledge of adult learning principles and experience leveraging e-learning platforms or gamified training tool
Strong understanding of security contract management and legal requirements.
Hands-on experience of enterprise GRC tools (e.g., ServiceNow, Archer etc.).
Ability to implement global regulatory requirements surrounding data security & privacy (e.g., GDPR, CCPA, CRPA etc.).
Understanding of relevant cybersecurity regulations and agencies pertinent to utility environments.
General understanding of cyber security operations functions, in areas such as incident response, security monitoring, threat and vulnerability, SOC and SOC service.
General knowledge of OT network infrastructure, SCADA/DCS systems, data/communication systems, and management systems.
General knowledge of security software architecture/programing concepts and security integration into SDLC.
Ability to manage a diverse technical workforce in multiple locations; ability to coach.
Personal drive and energy level to achieve superior results individually and through others.
Proven experience in cybersecurity awareness program design and delivery, including phishing simulations and behavioral risk reduction strategies
Strong communication and content development skills to engage non-technical audiences effectively
Knowledge of adult learning principles and experience leveraging e-learning platforms or gamified training tools
Strong understanding of security contract management and legal requirements.
Hands-on experience of enterprise GRC tools (e.g., ServiceNow, Archer etc.).
Ability to implement global regulatory requirements surrounding data security & privacy (e.g., GDPR, CCPA, CRPA etc.).
Understanding of relevant cybersecurity regulations and agencies pertinent to utility environments.
General understanding of cyber security operations functions, in areas such as incident response, security monitoring, threat and vulnerability, SOC and SOC service.
General knowledge of OT network infrastructure, SCADA/DCS systems, data/communication systems, and management systems.
General knowledge of security software architecture/programing concepts and security integration into SDLC.
Ability to manage a diverse technical workforce in multiple locations; ability to coach.
Personal drive and energy level to achieve superior results individually and through others.
Licenses and Certifications
Standard certifications in Information Security (CISSP, CISM, CISA, or equivalent)
Technical certifications (GRC related e.g. ISACA CRISC)
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
This role will lead initiatives to foster a strong cybersecurity culture across the organization, driving awareness programs and educational campaigns to our employees. The Cybersecurity Analyst is part of a broader cybersecurity team that ensures all system design, implementation, and standards protect Sempra's network from cyber-attacks. The Analyst of Governance, Risk, and Compliance (GRC) is focused on preventing security threats and ensuring laws and industry standards are upheld, working with a cross-functional team of across various information security functions to conduct third-party assessments, cybersecurity clause review, exception request handling, SOC reviews, risk control evaluation, and threat intelligence monitoring.
Duties and Responsibilities
Technical Analysis & Delivery
Supports the implementation of the governance & risk frameworks, policy creation & management, IT control management, and security audits & assessments️.
Manages issues and corrective actions plans identified in risk assessments through closure.
Reviews cybersecurity clauses in contracts, applicability criteria, exceptions requests and mitigating controls in accordance with company policies and industry standards.
Conducts SOC II reviews and audits.
Monitors Cyber Threat Intelligence resources (such as Sempra, CISA, FBI, and others).
Proposes and implements innovative ways to establish adequate controls, optimize risk management, and improve continuous monitoring.
Coordinates cybersecurity assessments (such as maturity, risk, and penetration testing).
Develops and monitors cybersecurity KRIs and KPIs.
Increases the level of maturity in risk management and controls.
Communication & Stakeholder Management
Designs, implements, and manages a comprehensive Cybersecurity Awareness Program, including phishing simulations, threat education campaigns, and targeted training for high-risk roles.
Develops engaging content (videos, newsletters, infographics) to promote security best practices and reduce social engineering risks.
Coordinates Cybersecurity Ambassadors Community and champions cultural change initiatives across business units.
Functional Area Leadership
Acts as the primary point of contact for awareness-related metrics and reporting to leadership, ensuring visibility into human risk trends and program effectiveness.
Troubleshooting
Maintains good operational relationships with 3rd party risk assessment managed service providers to perform risk assessments, develop mitigation plans, and ensure appropriate service levels.
Ensures team works closely with System Engineers to implement security controls and patches based on capability and need.
Contacts and coordinates vendor, carrier, and remote support when necessary to resolve high-impact security issues.
Document problems and report to management, engineers and/or peers.
Performs other duties as assigned (no more than 5% of duties).
Qualifications
Education
Bachelor's Degree in Computer Science, Information Technology, or equivalent relevant work experience.
Experience
4+ years' experience in Information Security, Cyber Security, or relevant roles.
2+ years' experience managing Governance, Risk, and Compliance of an organization with a complex Information Technology environment.
Knowledge, Skills, and Abilities
Bilingual in Spanish/English is a plus
Proven experience in cybersecurity awareness program design and delivery, including phishing simulations and behavioral risk reduction strategies
Strong communication and content development skills to engage non-technical audiences effectively
Knowledge of adult learning principles and experience leveraging e-learning platforms or gamified training tool
Strong understanding of security contract management and legal requirements.
Hands-on experience of enterprise GRC tools (e.g., ServiceNow, Archer etc.).
Ability to implement global regulatory requirements surrounding data security & privacy (e.g., GDPR, CCPA, CRPA etc.).
Understanding of relevant cybersecurity regulations and agencies pertinent to utility environments.
General understanding of cyber security operations functions, in areas such as incident response, security monitoring, threat and vulnerability, SOC and SOC service.
General knowledge of OT network infrastructure, SCADA/DCS systems, data/communication systems, and management systems.
General knowledge of security software architecture/programing concepts and security integration into SDLC.
Ability to manage a diverse technical workforce in multiple locations; ability to coach.
Personal drive and energy level to achieve superior results individually and through others.
Proven experience in cybersecurity awareness program design and delivery, including phishing simulations and behavioral risk reduction strategies
Strong communication and content development skills to engage non-technical audiences effectively
Knowledge of adult learning principles and experience leveraging e-learning platforms or gamified training tools
Strong understanding of security contract management and legal requirements.
Hands-on experience of enterprise GRC tools (e.g., ServiceNow, Archer etc.).
Ability to implement global regulatory requirements surrounding data security & privacy (e.g., GDPR, CCPA, CRPA etc.).
Understanding of relevant cybersecurity regulations and agencies pertinent to utility environments.
General understanding of cyber security operations functions, in areas such as incident response, security monitoring, threat and vulnerability, SOC and SOC service.
General knowledge of OT network infrastructure, SCADA/DCS systems, data/communication systems, and management systems.
General knowledge of security software architecture/programing concepts and security integration into SDLC.
Ability to manage a diverse technical workforce in multiple locations; ability to coach.
Personal drive and energy level to achieve superior results individually and through others.
Licenses and Certifications
Standard certifications in Information Security (CISSP, CISM, CISA, or equivalent)
Technical certifications (GRC related e.g. ISACA CRISC)
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
Similar jobs
Sr. Cyber Security Analyst-Salesforce
GiantMind Solutions
Remote, United States
4 days ago
Senior Cybersecurity Analyst - Security Operations Center (Operations Technology)
Sempra Infrastructure
Houston, United States
4 days ago
Journeyman Digital Forensic Analyst
Peraton
Arlington, United States
4 days ago
Cyberspace Analyst
Peraton
Fort Meade, United States
4 days ago
Cybersecurity Analyst (Sustainment)
Infinity Technology Services
Colorado Springs, United States
4 days ago
Cybersecurity Analyst
Massachusetts Bay Transportation Authority
Boston, United States
4 days ago
Analyst I, Security
Southern Company
Birmingham, United States
4 days ago
© 2025 Qureos. All rights reserved.