Description

Job title: Cybersecurity Risk Analyst Location: Houston, San Ramon Role Description Summary: Cybersecurity Risk Analyst supporting Merger and Acquisition integrations and Divestments develops and maintains the cybersecurity Merger, Acquisition, and Divestment strategy, policies, and risk management processes to ensure that the organization effectively secures Chevron’s operations. Role Description: The Cybersecurity Risk Analyst is responsible for assessing risks, analyzing cyber threats, and assisting in preventing cyber-attacks being introduced through integration of IT or OT systems. They provide guidance measures to manage risk, identify/mitigate threats, and protect against unauthorized disclosure of confidential information. Duties also include tracking of identified remediation activities across multiple teams, escalation of risks or barriers to securing an IT or OT environment and assessing the adequacy of security guardrails. Ideal candidates will assist in ensuring effective execution of cybersecurity strategies and our risk management framework by managing relationships with key stakeholders, verifying that IT risks are appropriately mitigated, as well as providing periodic updates on the state of compliance. Responsibilities: Tracks portfolio of cybersecurity integrations and divestments. Identifies areas of concern or decision points for leadership awareness and support. Monitors, tracks, and reports mitigation and resolution of IT risks to Integration and Divestment Cyber Workstream Manager. Develops cybersecurity decision support packages to provide clearly stated risks and recommendations for leadership support to progress or pause integration or divestiture activity. Facilitates cyber risk assessment exercises, perform security compliance and risk validation, and other cyber assurance exercises as required. Coordinates external and internal assurance or advisory audits, representing information technology throughout the lifecycle of the audit (from planning through remediation strategy). Works across IT, Cybersecurity, and business units to develop fully aligned integration plans (program mgmt.) Develops and updates cybersecurity integration and divestment playbook based on established best practices on risk reduction and mitigation strategies. Align and incorporate additional risk analyst and risk managers required to support integration and/or divestment activities. Updates and Incorporates cybersecurity documentation to include Incident Response, Business Continuity and Disaster Recovery Plans to meet Chevron requirements. Facilitates identification of vulnerabilities in all equipment utilized in the IT, Process Control Network (PCN)/Operational Technology (OT) and Demilitarized Zone (DMZ), including timely remediation of critical vulnerabilities. Aligns Chevron cybersecurity standards into IT and OT environments being integrated. Addresses cybersecurity gaps in pre-integrated IT and OT environments through prioritization and tracking of remediation activities. Incorporates lessons-learned and best practices into integration playbooks. Serves as cyber integration representative for internal and external cyber initiatives. Works closely with other technical, incident management, and forensic personnel to develop a broader understanding of the intent, objectives, and activities of cyber threat actors and supports the cyber defense program. Required Qualifications/Skills: Minimum 3-5 years related work experience in Information Technology field. Knowledge of and experience with Industry Policies, Standards and Controls (e.g., NIST 800-53, IEC-62443 in an ICS environment, ISO 27001, COBIT, ITIL, SOX, PCI-DSS, SANS, etc.). Understanding of key technology/data concepts such as access control, confidential data, encryption, data privacy, information management, intellectual property, business continuity, disaster recovery, security scans, and 3rd party/vendor applications. Strong knowledge of IT organization business processes and systems including (IT Security, data management, architectural and planning, technology life cycle management, regulatory concerns). Certifications: Desired but not required - Certifications in Industrial Control Systems Cybersecurity, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager, (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or other Cybersecurity Certifications (e.g. GISCP, GCIP, or similar certifications). Preferred Qualifications/Skills: A self-starter that demonstrates "One Team" behaviors and demonstrated knowledge of effective influencing tactics and strategies. Highly organized with ability to prioritize and multi-task, as well as able to thrive in a fast-paced environment. Ability to impact decisions, influence and motivate teams, and work with a variety of disciplines, cultures, and environments. Communicates in a clear, concise, understandable manner both orally and in writing. Ability to explain detailed IT concepts and solutions in business terms and make complex materials clear and engaging. Utilizes qualitative and quantitative risk analysis best practices to provide a clear decision-making framework for managing information risk. Education: Associate or Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a similar technical degree. Relevant experience will be considered We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, caste, creed, religion, gender, marital status, age, ethnic and national origin, gender identity, gender expression, sexual orientation, political orientation, disability status, protected veteran status, or any other characteristic protected by law. “Wipro is committed to creating an accessible, supportive, and reasonable accommodations to all our applicates with disabilities throughout the recruitment and selection process. Should an applicant require accommodation or a special request due to a disability, Wipro encourages individuals to make their needs known in advance. Requests for accommodation will be considered on an individual basis and in accordance with the requirements of the applicable provincial laws. Wipro is dedicated to ensuring equal opportunities and a barrier-free recruitment process and employment for all qualified candidates”.

Role and Responsibilities

• Responsibilities: Tracks portfolio of cybersecurity integrations and divestments. Identifies areas of concern or decision points for leadership awareness and support. Monitors, tracks, and reports mitigation and resolution of IT risks to Integration and Divestment Cyber Workstream Manager. Develops cybersecurity decision support packages to provide clearly stated risks and recommendations for leadership support to progress or pause integration or divestiture activity. Facilitates cyber risk assessment exercises, perform security compliance and risk validation, and other cyber assurance exercises as required. Coordinates external and internal assurance or advisory audits, representing information technology throughout the lifecycle of the audit (from planning through remediation strategy). Works across IT, Cybersecurity, and business units to develop fully aligned integration plans (program mgmt.) Develops and updates cybersecurity integration and divestment playbook based on established best practices on risk reduction and mitigation strategies. Align and incorporate additional risk analyst and risk managers required to support integration and/or divestment activities.