Cybersecurity Risk and Controls Analyst 1

Cybersecurity Risk and Controls Analyst

Job Description

Department: Information Technology                   

Job Status: Full Time

FLSA Status: Salary Exempt

Reports To: Cybersecurity Manager

Location: The Woodlands, TX

Amount of Travel Required: Less than 5%

Work Schedule: Monday Friday, 8am – 5pm                           

Positions Supervised: n/a

AIP: Level 7

POSITION SUMMARY:

Beusa Energy is seeking a Cybersecurity Risk & Controls Analyst to help build and scale our cybersecurity governance, risk, and compliance (GRC) program across both enterprise IT and operational technology (OT) environments.

This role is responsible for defining, implementing, and continuously improving the controls that protect Beusa Energy’s systems, infrastructure, and operations. You will translate cybersecurity risks and regulatory expectations into practical, enforceable controls that align with real world operating conditions in the energy sector.

As Beusa Energy continues to grow, this role will be central to ensuring cybersecurity is embedded into how we operate. You will help establish consistency, accountability, and visibility in how cybersecurity risk is identified, mitigated, and communicated across the organization.

ESSENTIAL FUNCTIONS: (The following duties and responsibilities are all essential job functions, as

defined by the ADA, except for those that begin with the word "may")

• Identify, assess, and manage cybersecurity risks across IT and OT environments, maintaining a clear and actionable risk register.
• Develop, implement, and maintain cybersecurity policies, standards, and procedures aligned with Beusa Energy’s risk profile and operational environment.
• Design, document, and manage a centralized control framework that maps to industry standards (e.g., NIST CSF, ISO 27001) and regulatory requirements.
• Lead and support enterprise risk assessments across IT and OT environments, including risk identification, analysis, tracking, and reporting.
• Partner with IT, engineering, and field operations teams to ensure security controls are practical, implemented effectively, and embedded into daily workflows.
• Support compliance initiatives and audits (e.g., SOC 2, ISO 27001), including control design, evidence collection, and audit coordination.
• Maintain risk registers, control inventories, and remediation plans, providing clear visibility and reporting to leadership.
• Support third-party risk management processes, including vendor risk assessments and ongoing monitoring.
• Collaborate with cybersecurity and technology teams to align security tooling, monitoring, and detection capabilities with defined controls and compliance objectives.
• Assist in developing and delivering security awareness, policy training, and control adoption initiatives.
• Produce clear, executive-level reporting on risk posture, control effectiveness, and program maturity.
• Continuously evaluate and improve governance processes, documentation, and control effectiveness to support a scalable cybersecurity program.
• Performs other related duties as assigned to assist with successful operations and business continuity.

POSITION REQUIREMENTS:

• Successfully passes all applicable general pre-employment testing, including but not limited to: background check, pre-employment drug screening, pre-employment fit tests, pre-employment aptitude and/or competency assessment(s).
• Possesses a valid U.S. Driver’s License. Employment is contingent upon meeting the company's driving standards, including an acceptable Motor Vehicle Record (MVR) in accordance with the company's policy.
• Daily overtime required and in-person, predictable attendance.
• Must be legally authorized to work in the United States without the need for sponsorship.
• Must be at least 18 years of age or older.

EDUCATION/EXPERIENCE LEVEL

• Bachelor’s degree in Cybersecurity, Information Technology, or related field.  An equivalent combination of education, specialized training, and relevant professional experience may be considered in lieu of a formal degree.
• 3 to 6 years of experience in cybersecurity GRC, risk management, controls, or related roles.
• Strong understanding of cybersecurity frameworks and control standards, such as:
  • NIST Cybersecurity Framework (CSF).
  • ISO 27001.
  • SOC 2.
• Experience designing, implementing, and assessing security controls in real-world environments.
• Familiarity with risk assessment methodologies and control testing practices.
• Experience supporting audits and managing evidence for compliance initiatives.
• Ability to translate technical and regulatory requirements into clear, actionable controls.
• Strong analytical, organizational, and communication skills with the ability to work cross-functionally.

QUALIFICATIONS, SKILLS, COMPETENCIES, AND ABILITIES

• Experience in energy, critical infrastructure, or industrial environments.
• Familiarity with OT/ICS cybersecurity risks and control considerations.
• Experience with GRC or compliance automation tools (e.g., Drata or similar platforms).
• Understanding of third-party risk management practices and frameworks.
• Relevant certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Implementer.

PHYSICAL REQUIREMENTS/WORK ENVIRONMENT

The physical demands and work environment described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Employee works indoors in an office setting, primarily sitting for extended periods at a desk station. The role requires keyboarding and repetitive motions with wrists, hands, and fingers. Vision abilities required include close vision and the ability to adjust focus while reading and staring at a computer monitor. The Employee must speak clearly and audibly, and have the ability to hear, understand, and distinguish speech and other sounds (e.g., building alarms) from in-person speech, telephone, or remote communication. While in the office, the Employee may be called upon to stand, kneel, push, pull, reach overhead, stoop, crouch, climb, and lift; therefore, the Employee should be able to independently lift 25 lbs. No adverse environmental conditions are expected.

Work hours may include early morning, late evenings, and weekends, depending on business necessity.

AAP/EEO STATEMENT

The Company is committed to the cause of equal employment opportunity for all employees and applicants, thus abiding by all applicable state and federal laws. Our practices regarding employment, job promotion, compensation, training, and termination do not discriminate on the basis of race, color, religious creed, age, sex, national origin, veteran's status, disability, pregnancy, genetic information, or any other legally protected status. It is expected that all employees, both management and staff, will fully support these nondiscriminatory policies.

The company has reviewed this job description to ensure essential functions and duties have been included. It is not intended to be an exhaustive list of all functions, responsibilities, skills, and abilities.

Last Revised (05/2026)