Cybersecurity Analyst - Governance, Risk, and Compliance (GRC) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Sempra Infrastructure · 3 hours ago

Cybersecurity Analyst - Governance, Risk, and Compliance (GRC)

positionHouston, TX
timeFull-time
remoteOnsite
seniorityMid, Senior Level
date4+ years exp

Sempra Infrastructure is focused on fostering a strong cybersecurity culture and is seeking a Cybersecurity Analyst specializing in Governance, Risk, and Compliance (GRC). This role involves leading initiatives to enhance cybersecurity awareness, conducting risk assessments, and ensuring compliance with industry standards.

EnergyInfrastructureSustainability

Responsibilities

Supports the implementation of the governance & risk frameworks, policy creation & management, IT control management, and security audits & assessments️
Manages issues and corrective actions plans identified in risk assessments through closure
Reviews cybersecurity clauses in contracts, applicability criteria, exceptions requests and mitigating controls in accordance with company policies and industry standards
Conducts SOC II reviews and audits
Monitors Cyber Threat Intelligence resources (such as Sempra, CISA, FBI, and others)
Proposes and implements innovative ways to establish adequate controls, optimize risk management, and improve continuous monitoring
Coordinates cybersecurity assessments (such as maturity, risk, and penetration testing)
Develops and monitors cybersecurity KRIs and KPIs
Increases the level of maturity in risk management and controls
Designs, implements, and manages a comprehensive Cybersecurity Awareness Program, including phishing simulations, threat education campaigns, and targeted training for high-risk roles
Develops engaging content (videos, newsletters, infographics) to promote security best practices and reduce social engineering risks
Coordinates Cybersecurity Ambassadors Community and champions cultural change initiatives across business units
Acts as the primary point of contact for awareness-related metrics and reporting to leadership, ensuring visibility into human risk trends and program effectiveness
Maintains good operational relationships with 3rd party risk assessment managed service providers to perform risk assessments, develop mitigation plans, and ensure appropriate service levels
Ensures team works closely with System Engineers to implement security controls and patches based on capability and need
Contacts and coordinates vendor, carrier, and remote support when necessary to resolve high-impact security issues
Document problems and report to management, engineers and/or peers
Performs other duties as assigned (no more than 5% of duties)

Qualification

GovernanceRiskComplianceCybersecurity Awareness ProgramEnterprise GRC ToolsInformation Security CertificationsData Security RegulationsSecurity Contract ManagementCybersecurity Regulations KnowledgeOT Network InfrastructureContent Development SkillsAdult Learning PrinciplesCoaching AbilityPersonal DriveBilingual in Spanish/EnglishCommunication Skills

Required

Bachelor's Degree in Computer Science, Information Technology, or equivalent relevant work experience
4+ years' experience in Information Security, Cyber Security, or relevant roles
2+ years' experience managing Governance, Risk, and Compliance of an organization with a complex Information Technology environment
Proven experience in cybersecurity awareness program design and delivery, including phishing simulations and behavioral risk reduction strategies
Strong communication and content development skills to engage non-technical audiences effectively
Knowledge of adult learning principles and experience leveraging e-learning platforms or gamified training tools
Strong understanding of security contract management and legal requirements
Hands-on experience of enterprise GRC tools (e.g., ServiceNow, Archer etc.)
Ability to implement global regulatory requirements surrounding data security & privacy (e.g., GDPR, CCPA, CRPA etc.)
Understanding of relevant cybersecurity regulations and agencies pertinent to utility environments
General understanding of cyber security operations functions, in areas such as incident response, security monitoring, threat and vulnerability, SOC and SOC service
General knowledge of OT network infrastructure, SCADA/DCS systems, data/communication systems, and management systems
General knowledge of security software architecture/programing concepts and security integration into SDLC
Ability to manage a diverse technical workforce in multiple locations; ability to coach
Personal drive and energy level to achieve superior results individually and through others
Standard certifications in Information Security (CISSP, CISM, CISA, or equivalent)
Technical certifications (GRC related e.g. ISACA CRISC)

Preferred

Bilingual in Spanish/English is a plus

Company

Sempra Infrastructure

twittertwittertwitter
company-logo
Sempra develop, build, operate and invest in infrastructure critical to meet the world's energy and climate needs. It is a sub-organization of Sempra Energy.
dateFounded in 1998
location
San Diego, California, USA
people-size1001-5000 employees
web-link
https://semprainfrastructure.com

Funding

Current Stage
Late Stage
Total Funding
$15.15B
Key Investors
Abu Dhabi Investment AuthorityKohlberg Kravis Roberts
2025-09-23Secondary Market· $10B
2021-12-21Secondary Market· $1.78B
2021-04-05Secondary Market· $3.37B

Leadership Team

leader-logo
Emily Shults
SVP & Chief Business Officer, Low Carbon Solutions
linkedin

Recent News

Business News Americas
Contract inking marks the beginning of the transformation of route PY01 through a PPP
2026-01-06
Canada NewsWire
CPP Investments Net Assets Total $777.5 Billion at Second Quarter Fiscal 2026 Français
2025-11-14
Business News Americas
Battery uncertainty clouds Mexico’s clean energy push
2025-11-09
Company data provided by crunchbase