Note: The job is a remote job and is open to candidates in USA. The University of Texas MD Anderson Cancer Center is seeking a highly skilled Principal Cybersecurity Analyst to serve as a technical authority within its Cybersecurity department. The role involves shaping and advancing enterprise-wide governance, risk, and compliance programs while safeguarding sensitive data and maintaining regulatory compliance.
Responsibilities
- Serve as principal architect and subject matter expert for enterprise GRC and cybersecurity risk programs
- Define and maintain risk assessment methodologies, control frameworks, and risk scoring models
- Establish workflows across development, staging, and production environments
- Develop SOPs, roles, segregation of duties, and change management processes
- Lead design and execution of enterprise risk management strategies
- Architect and maintain integrations across Archer, Tenable, ServiceNow, Microsoft Configuration Manager (SCCM/MECM), and Medigate
- Design automated workflows consolidating asset, vulnerability, and risk data
- Enable enterprise-wide risk visibility and reporting through data-driven systems
- Ensure data quality, reconciliation, and interoperability across platforms and CMDB
- Apply frameworks including NIST CSF, NIST 800-53, HIPAA, and HITRUST
- Conduct control mapping, gap assessments, and compliance reporting
- Advise stakeholders on remediation strategies and regulatory requirements
- Align institutional policies with regulatory and accreditation standards
- Establish and mature AI security and governance programs
- Develop AI risk assessment criteria and governance standards
- Align controls to NIST AI Risk Management Framework and institutional policies
- Evaluate AI/ML tools and vendors for data protection and compliance risks
- Partner with data governance, privacy, and legal teams on AI initiatives
- Develop multi-year roadmaps, milestones, and resource plans
- Lead enterprise and project-level risk assessments
- Translate technical findings into executive-level reporting and dashboards
- Advise leadership on risk posture and investment prioritization
- Provide technical leadership and mentorship across teams
Skills
- Bachelor's Degree Computer Information Systems, Business Information Systems, Computer Science or related field
- 7 years In information security and/or cybersecurity experience including multiple security domains, to include two years lead/supervisory experience
- Master's Degree Information Security, Computer Science or related field
- At least 7–8 years of progressive cybersecurity experience, hands-on risk management (risk assessment, risk register ownership, control evaluation, or risk quantification), led or owned a security risk management program or framework implementation (e.g., NIST RMF/CSF, ISO 27005, FAIR, or equivalent), direct hands-on experience assessing the security or risk posture of AI/ML systems or GenAI deployments, ability to translate technical risk into business-level language for executive and governance audiences (e.g., briefing a CISO, risk committee, or board), experience using Archer, excellent communication skills, risk management, and cybersecurity framework is a must
- CISSP - Cert IS Security Professional Issued by the International Information Systems Security Certification Consortium ((ISC)
- CISM - Cert Info Security Manager Issued by Information Systems Audit and Control Association (ISACA)
- PMP - Project Mgt Professional Issued by the Project Management Institute (PMI)
- Other applicable security industry certifications
Benefits
- Employer-paid medical coverage starting day one for employees working 30+ hours/week, plus optional group dental, vision, life, AD&D, and disability insurance.
- Accruals for PTO and Extended Illness Bank, plus paid holidays, wellness, childcare, and other leave options.
- Tuition Assistance Program after six months of service and access to extensive wellness, fitness, and employee resource groups.
- Defined-benefit pension through the Teachers Retirement System, voluntary retirement plans, and employer-paid life and reduced salary protection programs.
- Referral Bonus Available?
- Relocation Assistance Available?
Company Overview