Sempra Infrastructure · 10 hours ago
Cybersecurity Analyst - Governance, Risk, and Compliance (GRC)
Houston, TX
Full-time
Onsite
Entry, Mid Level
$92K/yr - $146K/yr
2+ years expSempra Infrastructure is a company focused on the energy sector, and they are seeking a Cybersecurity Analyst specializing in Governance, Risk, and Compliance (GRC). The role involves protecting sensitive data, conducting vulnerability assessments, and ensuring compliance with security practices while providing support and documentation related to IT processes.
EnergySustainabilityInfrastructure
Responsibilities
Assists the development, design, logistics, and facilitation of internal and external IS and cybersecurity exercises by conducting analysis of existing systems performance
Acts as the first line of defense against the compromise of all forms of sensitive data and delivers IS and cyber incident triage including identifying the specific vulnerability and making recommendations
Protects the organization's data and systems from unauthorized access and ensures that security practices are up-to-date and effective
Conducts vulnerability research activities, gathers information on new and emerging threats and vulnerabilities and provides day-to-day support, maintenance and troubleshooting of software and subsystems
Understands system risks when modifying security systems and processes and takes appropriate precautions to avoid compliance violations
Creates and maintains high quality documentation related to IT processes including flow charts and data flow diagrams
Performs other duties as assigned
Qualification
Required
Typically requires a 4 year degree in a relevant field, or equivalent combination of relevant education and experience
Typically requires 2 years of related experience
Information Security Management - Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities
Security assessment - Conducts threat modelling, vulnerability assessment and penetration testing to reveal vulnerabilities or lapses in the existing systems or security mechanisms and evaluates the extent to which systems are able to protect the organization's data and maintain functionality as intended
A/B Testing - Develop and disseminate corporate security policies, frameworks and guidelines to ensure that day-to-day business operations guard or are well protected against risks, threats and vulnerabilities
Cybersecurity Risk Management - Develop cyber risk assessment and treatment techniques that can effectively pre-empt and identify significant security loopholes and weaknesses, demonstration of the business risks associated with these loopholes and provision of risk treatment and prioritization strategies to effectively address the cyber-related risks, threats and vulnerabilities identified to ensure appropriate levels of protection, confidentiality, integrity and privacy in alignment with the security framework
Vulnerability Management - Defines, identifies, classifies and prioritizes vulnerabilities in computer systems, applications and network infrastructures and provides the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its business
Penetration Testing - Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually
Security Audits - A systematic evaluation of the security of a company's information system by measuring how well it conforms to an established set of criteria
Incident Response Management - An organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident
Intrusion Detection - Monitors network and system activity to identify potential intrusion or other anomalous behavior; analyzes the information and initiates an appropriate response, escalating as necessary; Uses security analytics, including the outputs from intelligence analysis, predictive research and root cause analysis in order to search for and detect potential breaches or identify recognised indicators and warnings; Monitors, collates and filters external vulnerability reports for organizational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes; Ensures that disclosure processes are put in place to restrict the knowledge of new vulnerabilities until appropriate remediation or mitigation is available; Produces warning material in a manner that is both timely and intelligible to the target audience(s)
Identity Management and Access Management - Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities
Company
Sempra Infrastructure
Sempra develop, build, operate and invest in infrastructure critical to meet the world's energy and climate needs. It is a sub-organization of Sempra Energy.
1001-5000 employees
Funding
Current Stage
Late StageTotal Funding
$15.15BKey Investors
Abu Dhabi Investment AuthorityKohlberg Kravis Roberts & Co.
2025-09-23Secondary Market· $10B
2021-12-21Secondary Market· $1.78B
2021-04-05Secondary Market· $3.37B
Leadership Team
Emily Shults
SVP & Chief Business Officer, Low Carbon Solutions
Recent News
Mexico Business
2026-02-02
Business News Americas
2026-01-06
Canada NewsWire
2025-11-14
Company data provided by crunchbase