Cybersecurity Analyst - Governance, Risk, and Compliance (GRC)

Primary PurposeThis role will lead initiatives to foster a strong cybersecurity culture across the organization, driving awareness programs and educational campaigns to our employees. The Cybersecurity Analyst is part of a broader cybersecurity team that ensures all system design, implementation, and standards protect Sempra's network from cyber-attacks. The Analyst of Governance, Risk, and Compliance (GRC) is focused on preventing security threats and ensuring laws and industry standards are upheld, working with a cross-functional team of across various information security functions to conduct third-party assessments, cybersecurity clause review, exception request handling, SOC reviews, risk control evaluation, and threat intelligence monitoring.Duties and ResponsibilitiesTechnical Analysis & Delivery• Supports the implementation of the governance & risk frameworks, policy creation & management, IT control management, and security audits & assessments. • Manages issues and corrective actions plans identified in risk assessments through closure. • Reviews cybersecurity clauses in contracts, applicability criteria, exceptions requests and mitigating controls in accordance with company policies and industry standards. • Conducts SOC II reviews and audits.• Monitors Cyber Threat Intelligence resources (such as Sempra, CISA, FBI, and others). • Proposes and implements innovative ways to establish adequate controls, optimize risk management, and improve continuous monitoring. • Coordinates cybersecurity assessments (such as maturity, risk, and penetration testing). • Develops and monitors cybersecurity KRIs and KPIs. • Increases the level of maturity in risk management and controls. Communication & Stakeholder Management• Designs, implements, and manages a comprehensive Cybersecurity Awareness Program, including phishing simulations, threat education campaigns, and targeted training for high-risk roles.• Develops engaging content (videos, newsletters, infographics) to promote security best practices and reduce social engineering risks. • Coordinates Cybersecurity Ambassadors Community and champions cultural change initiatives across business units. Functional Area Leadership• Acts as the primary point of contact for awareness-related metrics and reporting to leadership, ensuring visibility into human risk trends and program effectiveness. Troubleshooting• Maintains good operational relationships with 3rd party risk assessment managed service providers to perform risk assessments, develop mitigation plans, and ensure appropriate service levels.• Ensures team works closely with System Engineers to implement security controls and patches based on capability and need. • Contacts and coordinates vendor, carrier, and remote support when necessary to resolve high-impact security issues. • Document problems and report to management, engineers and/or peers. Performs other duties as assigned (no more than 5% of duties). Apply tot his job