Principal Cybersecurity Analyst - Risk Mgmt & AI Security
UT MD Anderson · Houston, TX · 1 wk ago
RemoteRemoteInformation Technology$123k/yrFull-time
Responsibilities
- Serve as principal architect and subject matter expert for enterprise GRC and cybersecurity risk programs
- Define and maintain risk assessment methodologies, control frameworks, and risk scoring models
- Establish workflows across development, staging, and production environments
- Develop SOPs, roles, segregation of duties, and change management processes
- Lead design and execution of enterprise risk management strategies
- Architect and maintain integrations across Archer, Tenable, ServiceNow, Microsoft Configuration Manager (SCCM/MECM), and Medigate
- Design automated workflows consolidating asset, vulnerability, and risk data
- Enable enterprise-wide risk visibility and reporting through data-driven systems
- Ensure data quality, reconciliation, and interoperability across platforms and CMDB
- Apply frameworks including NIST CSF, NIST 800-53, HIPAA, and HITRUST
- Conduct control mapping, gap assessments, and compliance reporting
- Advise stakeholders on remediation strategies and regulatory requirements
- Align institutional policies with regulatory and accreditation standards
- Establish and mature AI security and governance programs
- Develop AI risk assessment criteria and governance standards
- Align controls to NIST AI Risk Management Framework and institutional policies
- Evaluate AI/ML tools and vendors for data protection and compliance risks
- Partner with data governance, privacy, and legal teams on AI initiatives
- Develop multi-year roadmaps, milestones, and resource plans
- Lead enterprise and project-level risk assessments
- Translate technical findings into executive-level reporting and dashboards
- Advise leadership on risk posture and investment prioritization
- Provide technical leadership and mentorship across teams
Qualifications
- Required: Bachelor's Degree in Computer Information Systems, Business Information Systems, Computer Science or related field.
- Preferred: Master's Degree in Information Security, Computer Science or related field
- Required: 7 years of experience in information security and/or cybersecurity, including two years of lead/supervisory experience.
- May substitute required education degree with additional years of equivalent experience on a one-to-one basis.
- Preferred: At least 7-8 years of progressive cybersecurity experience, hands-on risk management, led or owned a security risk management program or framework implementation, direct hands-on experience assessing the security or risk posture of AI/ML systems or GenAI deployments, ability to translate technical risk into business-level language for executive and governance audiences, experience using Archer, excellent communication skills, risk management, and cybersecurity framework.
- Preferred: CISSP, CISM, PMP, or other applicable security industry certifications.