Jobs · Information Technology

Principal Cybersecurity Analyst - Risk Mgmt & AI Security

UT MD Anderson · Houston, TX · 1 wk ago
RemoteRemoteInformation Technology$123k/yrFull-time

Responsibilities

  • Serve as principal architect and subject matter expert for enterprise GRC and cybersecurity risk programs
  • Define and maintain risk assessment methodologies, control frameworks, and risk scoring models
  • Establish workflows across development, staging, and production environments
  • Develop SOPs, roles, segregation of duties, and change management processes
  • Lead design and execution of enterprise risk management strategies
  • Architect and maintain integrations across Archer, Tenable, ServiceNow, Microsoft Configuration Manager (SCCM/MECM), and Medigate
  • Design automated workflows consolidating asset, vulnerability, and risk data
  • Enable enterprise-wide risk visibility and reporting through data-driven systems
  • Ensure data quality, reconciliation, and interoperability across platforms and CMDB
  • Apply frameworks including NIST CSF, NIST 800-53, HIPAA, and HITRUST
  • Conduct control mapping, gap assessments, and compliance reporting
  • Advise stakeholders on remediation strategies and regulatory requirements
  • Align institutional policies with regulatory and accreditation standards
  • Establish and mature AI security and governance programs
  • Develop AI risk assessment criteria and governance standards
  • Align controls to NIST AI Risk Management Framework and institutional policies
  • Evaluate AI/ML tools and vendors for data protection and compliance risks
  • Partner with data governance, privacy, and legal teams on AI initiatives
  • Develop multi-year roadmaps, milestones, and resource plans
  • Lead enterprise and project-level risk assessments
  • Translate technical findings into executive-level reporting and dashboards
  • Advise leadership on risk posture and investment prioritization
  • Provide technical leadership and mentorship across teams

Qualifications

  • Required: Bachelor's Degree in Computer Information Systems, Business Information Systems, Computer Science or related field.
  • Preferred: Master's Degree in Information Security, Computer Science or related field
  • Required: 7 years of experience in information security and/or cybersecurity, including two years of lead/supervisory experience.
  • May substitute required education degree with additional years of equivalent experience on a one-to-one basis.
  • Preferred: At least 7-8 years of progressive cybersecurity experience, hands-on risk management, led or owned a security risk management program or framework implementation, direct hands-on experience assessing the security or risk posture of AI/ML systems or GenAI deployments, ability to translate technical risk into business-level language for executive and governance audiences, experience using Archer, excellent communication skills, risk management, and cybersecurity framework.
  • Preferred: CISSP, CISM, PMP, or other applicable security industry certifications.

Similar jobs