Cybersecurity Analyst - Governance, Risk, and Compliance; GRC

Job

#25-72892

Houston, Texas, USA

Information Technology

Full-time

• Assist the development, design, logistics, and facilitation of internal and external IS and cybersecurity exercises by conducting analysis of existing systems performance.
• Act as the first line of defense against the compromise of all forms of sensitive data and deliver IS and cyber incident triage, including identifying the specific vulnerability and making recommendations.
• Protect the organization’s data and systems from unauthorized access and ensure that security practices are up‑to‑date and effective.
• Conduct vulnerability research activities, gather information on new and emerging threats and vulnerabilities, and provide day‑to‑day support, maintenance and troubleshooting of software and subsystems.
• Understand system risks when modifying security systems and processes and take appropriate precautions to avoid compliance violations.
• Create and maintain high quality documentation related to IT processes, including flow charts and data flow diagrams.
• Perform other duties as assigned.

• Typically requires a 4‑year degree in a relevant field, or equivalent combination of relevant education and experience.

• Typically requires 2 years of related experience.

• Information Security Management – defines and manages controls that an organization needs to implement to ensure it protects the confidentiality, availability, and integrity of assets.
• Security Assessment – conducts threat modelling, vulnerability assessment and penetration testing to reveal vulnerabilities or lapses in existing systems.
• A/B Testing – develops and disseminates corporate security policies, frameworks and guidelines to protect day‑to‑day business operations.
• Cybersecurity Risk Management – develops cyber risk assessment and treatment techniques that pre‑empt significant security loopholes and provides risk treatment and prioritization strategies.
• Vulnerability Management – defines, identifies, classifies and prioritizes vulnerabilities in computer systems, applications and network infrastructures.
• Penetration Testing – tests computer systems, networks or web applications to find security vulnerabilities that attackers could exploit.
• Security Audits – systematically evaluates the security of a company’s information system against established criteria.
• Incident Response Management – organizes approaches to addressing and managing the aftermath of a security breach or cyberattack.
• Intrusion Detection – monitors network and system activity to detect potential intrusions, analyzes information, and initiates appropriate responses.
• Identity Management and Access Management – framework of processes, policies and technologies that manage electronic or digital identities.