Cybersecurity Risk and Controls Analyst 1

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or related field. An equivalent combination of education, specialized training, and relevant professional experience may be considered in lieu of a formal degree.
• 3 to 6 years of experience in cybersecurity GRC, risk management, controls, or related roles.
• Strong understanding of cybersecurity frameworks and control standards, such as: NIST Cybersecurity Framework (CSF). ISO 27001. SOC 2.
• Experience designing, implementing, and assessing security controls in real-world environments.
• Familiarity with risk assessment methodologies and control testing practices.
• Experience supporting audits and managing evidence for compliance initiatives.
• Ability to translate technical and regulatory requirements into clear, actionable controls.
• Strong analytical, organizational, and communication skills with the ability to work cross-functionally.
• Possesses a valid U.S. Driver’s License. Employment is contingent upon meeting the company's driving standards, including an acceptable Motor Vehicle Record (MVR) in accordance with the company's policy.
• Must be legally authorized to work in the United States without the need for sponsorship.
• Must be at least 18 years of age or older.

Nice To Haves

• Experience in energy, critical infrastructure, or industrial environments.
• Familiarity with OT/ICS cybersecurity risks and control considerations.
• Experience with GRC or compliance automation tools (e.g., Drata or similar platforms).
• Understanding of third-party risk management practices and frameworks.
• Relevant certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Implementer.

Responsibilities

• Identify, assess, and manage cybersecurity risks across IT and OT environments, maintaining a clear and actionable risk register.
• Develop, implement, and maintain cybersecurity policies, standards, and procedures aligned with Beusa Energy’s risk profile and operational environment.
• Design, document, and manage a centralized control framework that maps to industry standards (e.g., NIST CSF, ISO 27001) and regulatory requirements.
• Lead and support enterprise risk assessments across IT and OT environments, including risk identification, analysis, tracking, and reporting.
• Partner with IT, engineering, and field operations teams to ensure security controls are practical, implemented effectively, and embedded into daily workflows.
• Support compliance initiatives and audits (e.g., SOC 2, ISO 27001), including control design, evidence collection, and audit coordination.
• Maintain risk registers, control inventories, and remediation plans, providing clear visibility and reporting to leadership.
• Support third-party risk management processes, including vendor risk assessments and ongoing monitoring.
• Collaborate with cybersecurity and technology teams to align security tooling, monitoring, and detection capabilities with defined controls and compliance objectives.
• Assist in developing and delivering security awareness, policy training, and control adoption initiatives.
• Produce clear, executive-level reporting on risk posture, control effectiveness, and program maturity.
• Continuously evaluate and improve governance processes, documentation, and control effectiveness to support a scalable cybersecurity program.
• Performs other related duties as assigned to assist with successful operations and business continuity.

Benefits

• Salary Exempt
• Up to 10% travel
• Monday Friday, 8am – 5pm work schedule
• Daily overtime required
• In-person, predictable attendance
• Company is committed to the cause of equal employment opportunity for all employees and applicants, thus abiding by all applicable state and federal laws. Our practices regarding employment, job promotion, compensation, training, and termination do not discriminate on the basis of race, color, religious creed, age, sex, national origin, veteran's status, disability, pregnancy, genetic information, or any other legally protected status.