Lead Information Security Analyst - Governance, Risk, & Compliance (GRC)
Harris County · Houston, TX · 3 days ago
Information TechnologyFull-time
Duties and Responsibilities
- Conduct information security risk assessments and facilitate reviews of cloud, hybrid cloud, and on-premises IT solutions and infrastructure.
- Perform third-party vendor security risk assessments to support governance efforts.
- Serve as a subject matter expert (SME) on Cloud Security, with an emphasis on Microsoft Azure.
- Stay updated on cybersecurity threats and vulnerabilities and provide recommendations for mitigation, particularly within Microsoft Azure cloud security.
- Utilize security controls to enhance security posture and research emerging threats relevant to cloud and hybrid cloud operations.
- Assess and prioritize information security risks, ensuring compliance with regulatory requirements and information security policies.
- Oversee assigned project activities to ensure timely completion.
- Develop remediation plans and proactively track progress, presenting cybersecurity risks and gaps to stakeholders.
- Provide design input, implementation, and maintenance of enterprise-wide security solutions to address cybersecurity needs.
- Communicate security vulnerabilities and risks to key stakeholders and consult on remediation efforts.
- Develop documentation to support cybersecurity operations, including: Communications, Job aids, Educational/training materials, Architecture diagrams, Technical reference guides, Procedures, Strategy/technology roadmaps, Request for Proposal/Offers (RFP/RFOs), Statement of Work (SOW), Metrics and reports, Project plans, Executive presentations.
- Coach and mentor junior-level technical staff.
- Participate in Cybersecurity Incident Response Team (CIRT) investigations and response activities.
Requirements
- Education: High school diploma or GED equivalency from an accredited educational institution. Five (5) years of experience in Information Security, IT, Computer Science, or IT Risk Management.
- Experience: Strong understanding of IT infrastructure and network security principles. Experience with cloud security (AWS, Azure, or GCP). Knowledge of scripting languages (Python, PowerShell, etc.) for automation.
Preferences
- Education: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent work experience).
- Certifications: Industry certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or GIAC Certified Incident Handler (GCIH) credentials.