Cybersecurity Senior Analyst GRC Policy and Compliance

About The Position

Requirements

• A minimum of 5 years’ experience in cybersecurity, Governance, Risk and Compliance, security auditing, or relevant IT role working with cybersecurity concepts and tools is required.
• Bachelor’s Degree in a business or technical discipline from an accredited college or university is required.

Nice To Haves

• ServiceNow GRC experience strongly preferred
• Experience in data processing and analytics preferred.
• CISSP, CRISC, or other relevant cybersecurity certifications preferred.
• In-depth knowledge and experience in technology risk assessments and information security risk management preferred.
• Demonstrated program and project management planning/execution skills
• Experience working with common information security standards, such as NIST Cybersecurity Framework (NIST) preferred and a plus

Responsibilities

• Develop and maintain cybersecurity policies and standards working closely with other peers and managers within cyber, IT and across the business
• Provide high quality cybersecurity policy and standards consultation to CenterPoint Energy business leaders
• Design, implement, and operationalize the Policy Lifecycle Management program in ServiceNow
• Develop and maintain core Governance, risk and compliance artifacts, including GRC program charter, cybersecurity service catalog and related documentation
• Provide subject matter expertise on common control frameworks and lead efforts to create, improve, and monitor cybersecurity controls.
• Develop and maintain standards and SOPs standard operating procedures for third party risk management, solution risk assessments, exception management, and other GRC processes
• Lead the integration of common controls into ServiceNow IRM, including mapping authoritative documents to citations, aligning citations to control objectives, and developing clear, risk‑aligned control statements and risk statements.
• Conduct detailed gap analyses between NIST frameworks such as NIST CSF, NIST 800‑53 and CNP’s cybersecurity policies and standards, identify control gaps, recommend remediation actions, and partner with control owners to align enterprise cybersecurity policies with industry frameworks.
• Serve as the subject‑matter expert for NIST frameworks, advising Cyber leadership on alignment, gaps, and required updates to policies and standards.
• Develop and maintain a NIST‑to‑CNP mapping library to support audits, assessments, and future regulatory alignment.
• Lead cybersecurity projects and initiatives, including project planning, stakeholder engagement, and progress reporting to leadership.
• Leverage and expand ServiceNow GRC capabilities to automate workflows, improve data quality, and enhance reporting
• Strong understanding of information security risk management methodologies, third party risk management, and solution risk assessments
• Promotes productivity and teamwork in assigned area with open communication, timely decision making, and use of personal leadership skills to set high standards of performance while providing the direction necessary to achieve that performance.
• Develop Trusted Advisor relationship with business leaders to understand business and technical risks
• Identification of new or emerging risks and develop mitigation plans.
• Provide technical leadership and GRC subject matter expertise around use of technologies and business initiatives.
• Driven, energetic, team player with exceptional written and verbal communication skills with the ability to create clear, concise, and executive‑ready documentation.
• Superior customer service and interpersonal skills to effectively relate to end user experience and needs; ability to build working relationships and promote information-sharing.  Possess a high degree of originality, creativity, initiative requiring minimal supervision.
• Proficiency with Microsoft Office (Word, PowerPoint, and Excel) and performing data analysis.
• Able to assess complex technologies and vendor risks/issues that require sophisticated analytical or problem-solving techniques to identify cause
• Able to provide professional input to complex assignments/projects as well as direction to more junior professionals
• Able to adapt to change, and sometimes competing priorities
• Able to prioritize and schedule tasks, pay attention to detail, and demonstrate good organizational skills.
• Able to proactively follow up on action items and outstanding tasks

Benefits

• Competitive pay
• Paid training
• Benefits eligibility begins on your first day
• Transit subsidies
• Flexible work schedule, paid holidays and paid time off
• Access to discounts at fitness clubs and an on-site wellness center at our headquarters in Houston
• Professional growth and development programs including tuition reimbursement
• 401(k) Savings Plan featuring a company match dollar-for-dollar up to 6% and a company contribution of 3% regardless of your contribution