What are the responsibilities and job description for the Cybersecurity Analyst - Governance, Risk, and Compliance (GRC) position at Sempra Infrastructure?
#25-72892
Houston, Texas, USA
Job Category
Information Technology
Full-Time/Part-Time
Full-time
Job Description
Duties and Responsibilities
Required Qualifications
Education
Houston, Texas, USA
Job Category
Information Technology
Full-Time/Part-Time
Full-time
Job Description
Duties and Responsibilities
- Assists the development, design, logistics, and facilitation of internal and external IS and cybersecurity exercises by conducting analysis of existing systems performance.
- Acts as the first line of defense against the compromise of all forms of sensitive data and delivers IS and cyber incident triage including identifying the specific vulnerability and making recommendations.
- Protects the organization's data and systems from unauthorized access and ensures that security practices are up-to-date and effective.
- Conducts vulnerability research activities, gathers information on new and emerging threats and vulnerabilities and provides day-to-day support, maintenance and troubleshooting of software and subsystems.
- Understands system risks when modifying security systems and processes and takes appropriate precautions to avoid compliance violations.
- Creates and maintains high quality documentation related to IT processes including flow charts and data flow diagrams.
- Performs other duties as assigned.
Required Qualifications
Education
- Typically requires a 4 year degree in a relevant field, or equivalent combination of relevant education and experience.
- Typically requires 2 years of related experience.
- Information Security Management - Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities.
- Security assessment - Conducts threat modelling, vulnerability assessment and penetration testing to reveal vulnerabilities or lapses in the existing systems or security mechanisms and evaluates the extent to which systems are able to protect the organization's data and maintain functionality as intended.
- A/B Testing - Develop and disseminate corporate security policies, frameworks and guidelines to ensure that day-to-day business operations guard or are well protected against risks, threats and vulnerabilities.
- Cybersecurity Risk Management - Develop cyber risk assessment and treatment techniques that can effectively pre-empt and identify significant security loopholes and weaknesses, demonstration of the business risks associated with these loopholes and provision of risk treatment and prioritization strategies to effectively address the cyber-related risks, threats and vulnerabilities identified to ensure appropriate levels of protection, confidentiality, integrity and privacy in alignment with the security framework.
- Vulnerability Management - Defines, identifies, classifies and prioritizes vulnerabilities in computer systems, applications and network infrastructures and provides the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its business.
- Penetration Testing - Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.
- Security Audits - A systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria.
- Incident Response Management - An organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident.
- Intrusion Detection - Monitors network and system activity to identify potential intrusion or other anomalous behavior; analyzes the information and initiates an appropriate response, escalating as necessary; Uses security analytics, including the outputs from intelligence analysis, predictive research and root cause analysis in order to search for and detect potential breaches or identify recognised indicators and warnings; Monitors, collates and filters external vulnerability reports for organizational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes; Ensures that disclosure processes are put in place to restrict the knowledge of new vulnerabilities until appropriate remediation or mitigation is available; Produces warning material in a manner that is both timely and intelligible to the target audience(s).
- Identity Management and Access Management - Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.
Salary : $92,000 - $146,000