Cybersecurity Analyst - Governance, Risk, and Compliance (GRC)

Sempra

Primary Purpose

This role will lead initiatives to foster a strong cybersecurity culture across the organization, driving awareness programs and educational campaigns to our employees. The Cybersecurity Analyst is part of a broader cybersecurity team that ensures all system design, implementation, and standards protect Sempra's network from cyber-attacks. The Analyst of Governance, Risk, and Compliance (GRC) is focused on preventing security threats and ensuring laws and industry standards are upheld, working with a cross-functional team of across various information security functions to conduct third-party assessments, cybersecurity clause review, exception request handling, SOC reviews, risk control evaluation, and threat intelligence monitoring.

Duties and Responsibilities

Technical Analysis & Delivery

  • Supports the implementation of the governance & risk frameworks, policy creation & management, IT control management, and security audits & assessments.
  • Manages issues and corrective actions plans identified in risk assessments through closure.
  • Reviews cybersecurity clauses in contracts, applicability criteria, exceptions requests and mitigating controls in accordance with company policies and industry standards.
  • Conducts SOC II reviews and audits.
  • Monitors Cyber Threat Intelligence resources (such as Sempra, CISA, FBI, and others).
  • Proposes and implements innovative ways to establish adequate controls, optimize risk management, and improve continuous monitoring.
  • Coordinates cybersecurity assessments (such as maturity, risk, and penetration testing).
  • Develops and monitors cybersecurity KRIs and KPIs.
  • Increases the level of maturity in risk management and controls.

Communication & Stakeholder Management

  • Designs, implements, and manages a comprehensive Cybersecurity Awareness Program, including phishing simulations, threat education campaigns, and targeted training for high-risk roles.
  • Develops engaging content (videos, newsletters, infographics) to promote security best practices and reduce social engineering risks.
  • Coordinates Cybersecurity Ambassadors Community and champions cultural change initiatives across business units.

Functional Area Leadership

  • Acts as the primary point of contact for awareness-related metrics and reporting to leadership, ensuring visibility into human risk trends and program effectiveness.

Troubleshooting

  • Maintains good operational relationships with 3rd party risk assessment managed service providers to perform risk assessments, develop mitigation plans, and ensure appropriate service levels.
  • Ensures team works closely with System Engineers to implement security controls and patches based on capability and need.
  • Contacts and coordinates vendor, carrier, and remote support when necessary to resolve high-impact security issues.
  • Document problems and report to management, engineers and/or peers.

Performs other duties as assigned (no more than 5% of duties).

Job Alerts

Get notified when new positions matching your interests become available at {organizationName}.

Need Help?

Questions about our hiring process or want to learn more about working with us?