Cybersecurity Governance, Risk, and Compliance Analyst

HollyFrontier-posted 7 months ago
Full-time • Mid Level
Dallas, TX
Petroleum and Coal Products Manufacturing
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

HF Sinclair is seeking a Cybersecurity Governance, Risk, and Compliance Analyst in Dallas, TX who will be responsible for executing key activities supporting the cybersecurity governance, risk management, and compliance (GRC) program, ensuring the organization maintains a strong cybersecurity posture while aligning with business objectives. This role will support the shift from a compliance-driven approach to a risk-based cybersecurity strategy by establishing governance frameworks, risk management processes, and policy enforcement mechanisms. The Cybersecurity GRC Analyst will report to the Senior Manager of Cybersecurity Governance, Risk & Compliance and collaborate with the IT Risk & Compliance team when necessary. This individual will engage in cybersecurity policy development, regulatory compliance, risk assessment, and governance enforcement.

  • Enhance and oversee the Third-Party Risk Management (TPRM) program, continuously ensuring vendors meet cybersecurity standards.
  • Implement continuous vendor security monitoring, assessment frameworks, and tiered risk scoring models.
  • Develop, maintain, and enforce cybersecurity policies, standards, and governance frameworks aligned with NIST CSF, IEC 62443 (OT), CMMC, GDPR, and industry regulations (TSA, NERC-CIP, MTS, NIS2, etc.).
  • Collaborate with IT Security, OT Security, Internal Audit and Enterprise Risk Management to align governance policies across business functions.
  • Define and enforce risk assessment processes for IT and OT environments, shifting from a compliance-based to a risk-based security model.
  • Maintain key risk and control artifacts such as the Cyber Risk Register, Controls Matrix, Cyber Risk Appetite Statement, and others as necessary.
  • Establish cybersecurity risk quantification (CRQ) methodologies to measure security risks.
  • Lead cybersecurity audit readiness efforts and serve as the primary interface with auditors and regulators.
  • Develop and deliver governance training programs to ensure employees, executives, and IT/OT teams understand cybersecurity risk and compliance obligations.
  • Partner with HR and Legal to embed cybersecurity governance into corporate risk awareness programs.
  • Define and track key cybersecurity governance KPIs to measure program effectiveness.
  • Implement Continuous Control Monitoring (CCM) to ensure governance processes remain effective and adaptable to evolving threats.
  • Conduct periodic cybersecurity governance assessments and audits to identify areas for improvement.
  • Special assignments or tasks assigned to the employee by their supervisor, as determined from time to time in their sole and complete discretion.
  • 3-5 years of experience in cybersecurity governance, risk management, compliance, audit or similar disciplines.
  • Strong background in policy development, regulatory compliance, and enterprise risk management.
  • Prior experience in both IT and OT cybersecurity governance is a strong plus.
  • Master's degree in relevant field.
  • CISSP/CISA/CISM/CRISC certifications.
  • FAIR Analyst Certification (for Cyber Risk Quantification).
  • ISO 27001 Lead Implementer.
  • Medical Insurance
  • Vision Insurance
  • Dental Insurance
  • Paid Time-Off
  • 401(k) Retirement Plan with match
  • Educational Reimbursement
  • Parental Bonding Time
  • Employee Discounts
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Analyst Resume Examples
Cybersecurity Analyst Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service