Principal Cybersecurity Analyst - Risk Mgmt & AI Security
Indexed description
The Principal Cybersecurity Analyst contributes directly to safeguarding sensitive data, maintaining regulatory compliance, and strengthening the organization's security posture through innovative, data-driven risk management and governance strategies. The Principal Cybersecurity Analyst serves as a trusted advisor, architect, and leader within the cybersecurity function.
The ideal candidate brings advanced education in information systems or cybersecurity, extensive experience leading enterprise risk management or GRC programs, and strong knowledge of frameworks such as NIST, HIPAA, and HITRUST. Preferred candidates will also have hands-on experience assessing AI/ML risk, strong executive communication skills, and certifications such as CISSP, CISM, or PMP.
Minimum $123,000 - Midpoint $154,000 - Maximum $185,000
Work Location: Remote 100%
Why Us?
At UT MD Anderson, the Principal Cybersecurity Analyst plays an essential role in advancing cybersecurity innovation in a mission-driven healthcare environment. This position offers the opportunity to shape enterprise risk strategy, influence executive decision-making, and lead emerging AI governance practices, all while supporting an organization dedicated to saving lives. Employees benefit from a collaborative culture, professional development opportunities, and a strong commitment to work-life balance.
- Employer-paid medical coverage starting day one for employees working 30+ hours/week, plus optional group dental, vision, life, AD&D, and disability insurance.
- Accruals for PTO and Extended Illness Bank, plus paid holidays, wellness, childcare, and other leave options.
- Tuition Assistance Program after six months of service and access to extensive wellness, fitness, and employee resource groups.
- Defined-benefit pension through the Teachers Retirement System, voluntary retirement plans, and employer-paid life and reduced salary protection programs.
- Serve as principal architect and subject matter expert for enterprise GRC and cybersecurity risk programs
- Define and maintain risk assessment methodologies, control frameworks, and risk scoring models
- Establish workflows across development, staging, and production environments
- Develop SOPs, roles, segregation of duties, and change management processes
- Lead design and execution of enterprise risk management strategies
- Architect and maintain integrations across Archer, Tenable, ServiceNow, Microsoft Configuration Manager (SCCM/MECM), and Medigate
- Design automated workflows consolidating asset, vulnerability, and risk data
- Enable enterprise-wide risk visibility and reporting through data-driven systems
- Ensure data quality, reconciliation, and interoperability across platforms and CMDB
- Apply frameworks including NIST CSF, NIST 800-53, HIPAA, and HITRUST
- Conduct control mapping, gap assessments, and compliance reporting
- Advise stakeholders on remediation strategies and regulatory requirements
- Align institutional policies with regulatory and accreditation standards
- Establish and mature AI security and governance programs
- Develop AI risk assessment criteria and governance standards
- Align controls to NIST AI Risk Management Framework and institutional policies
- Evaluate AI/ML tools and vendors for data protection and compliance risks
- Partner with data governance, privacy, and legal teams on AI initiatives
- Develop multi-year roadmaps, milestones, and resource plans
- Lead enterprise and project-level risk assessments
- Translate technical findings into executive-level reporting and dashboards
- Advise leadership on risk posture and investment prioritization
- Provide technical leadership and mentorship across teams
- Required: Bachelor's Degree Computer Information Systems, Business Information Systems, Computer Science or related field.
- Preferred: Master's Degree Information Security, Computer Science or related field
- Required: 7 years In information security and/or cybersecurity experience including multiple security domains, to include two years lead/supervisory experience.
- May substitute required education degree with additional years of equivalent experience on a one to one basis.
- Preferred: At least 7-8 years of progressive cybersecurity experience, hands-on risk management (risk assessment, risk register ownership, control evaluation, or risk quantification), led or owned a security risk management program or framework implementation (e.g., NIST RMF/CSF, ISO 27005, FAIR, or equivalent), direct hands-on experience assessing the security or risk posture of AI/ML systems or GenAI deployments, ability to translate technical risk into business-level language for executive and governance audiences (e.g., briefing a CISO, risk committee, or board), experience using Archer, excellent communication skills, risk management, and cybersecurity framework is a must.
- Preferred: CISSP - Cert IS Security Professional Issued by the International Information Systems Security Certification Consortium ((ISC).
- Preferred: CISM - Cert Info Security Manager Issued by Information Systems Audit and Control Association (ISACA).
- Preferred: PMP - Project Mgt Professional Issued by the Project Management Institute (PMI).
- Preferred: Other applicable security industry certifications.
This position may be responsible for maintaining the security and integrity of critical infrastructure, as defined in Section 113.001(2) of the Texas Business and Commerce Code and therefore may require routine reviews and screening. The ability to satisfy and maintain all requirements necessary to ensure the continued security and integrity of such infrastructure is a condition of hire and continued employment.
It is the policy of The University of Texas MD Anderson Cancer Center to provide equal employment opportunity without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, disability, protected veteran status, genetic information, or any other basis protected by institutional policy or by federal, state, or local laws unless such distinction is required by law.http://www.mdanderson.org/about-us/legal-and-policy/legal-statements/eeo-affirmative-action.html
Additional Information
- Requisition ID: 181706
- Employment Status: Full-Time
- Employee Status: Regular
- Work Week: Days
- Minimum Salary: US Dollar (USD) 123,000
- Midpoint Salary: US Dollar (USD) 154,000
- Maximum Salary : US Dollar (USD) 185,000
- FLSA: exempt and not eligible for overtime pay
- Fund Type: Hard
- Work Location: Remote (within Texas only)
- Pivotal Position: Yes
- Referral Bonus Available?: Yes
- Relocation Assistance Available?: Yes
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search