🌎
This job posting isn't available in all website languages

(While navigating through the site, please be sure to disable your pop-up blocker.)


📁
Information Technology
💼
📅
181706 Requisition #
Sign Up for Job Alerts

The University of Texas MD Anderson Cancer Center is seeking a highly skilled Principal Cybersecurity Analyst to serve as a technical authority within its Cybersecurity department. The Principal Cybersecurity Analyst plays a critical role in shaping and advancing enterprise-wide governance, risk, and compliance (GRC) programs, with expanded accountability for emerging AI security and governance initiatives. This role operates at a strategic and architectural level while also ensuring operational effectiveness across cybersecurity risk management practices.
The Principal Cybersecurity Analyst contributes directly to safeguarding sensitive data, maintaining regulatory compliance, and strengthening the organization’s security posture through innovative, data-driven risk management and governance strategies. The Principal Cybersecurity Analyst serves as a trusted advisor, architect, and leader within the cybersecurity function.
The ideal candidate brings advanced education in information systems or cybersecurity, extensive experience leading enterprise risk management or GRC programs, and strong knowledge of frameworks such as NIST, HIPAA, and HITRUST. Preferred candidates will also have hands-on experience assessing AI/ML risk, strong executive communication skills, and certifications such as CISSP, CISM, or PMP.
Minimum $123,000 – Midpoint $154,000 – Maximum $185,000
Work Location: Remote 100%

Why Us?
At UT MD Anderson, the Principal Cybersecurity Analyst plays an essential role in advancing cybersecurity innovation in a mission-driven healthcare environment. This position offers the opportunity to shape enterprise risk strategy, influence executive decision-making, and lead emerging AI governance practices, all while supporting an organization dedicated to saving lives. Employees benefit from a collaborative culture, professional development opportunities, and a strong commitment to work-life balance.
• Employer-paid medical coverage starting day one for employees working 30+ hours/week, plus optional group dental, vision, life, AD&D, and disability insurance.
• Accruals for PTO and Extended Illness Bank, plus paid holidays, wellness, childcare, and other leave options.
• Tuition Assistance Program after six months of service and access to extensive wellness, fitness, and employee resource groups.
• Defined-benefit pension through the Teachers Retirement System, voluntary retirement plans, and employer-paid life and reduced salary protection programs.
Responsibilities
Governance, Risk & Compliance (GRC) Architecture & Risk Management Program Leadership
• Serve as principal architect and subject matter expert for enterprise GRC and cybersecurity risk programs
• Define and maintain risk assessment methodologies, control frameworks, and risk scoring models
• Establish workflows across development, staging, and production environments
• Develop SOPs, roles, segregation of duties, and change management processes
• Lead design and execution of enterprise risk management strategies
Security & Risk Platform Integration and Automation
• Architect and maintain integrations across Archer, Tenable, ServiceNow, Microsoft Configuration Manager (SCCM/MECM), and Medigate
• Design automated workflows consolidating asset, vulnerability, and risk data
• Enable enterprise-wide risk visibility and reporting through data-driven systems
• Ensure data quality, reconciliation, and interoperability across platforms and CMDB
Regulatory & Compliance Framework Management
• Apply frameworks including NIST CSF, NIST 800-53, HIPAA, and HITRUST
• Conduct control mapping, gap assessments, and compliance reporting
• Advise stakeholders on remediation strategies and regulatory requirements
• Align institutional policies with regulatory and accreditation standards
AI Security & Governance
• Establish and mature AI security and governance programs
• Develop AI risk assessment criteria and governance standards
• Align controls to NIST AI Risk Management Framework and institutional policies
• Evaluate AI/ML tools and vendors for data protection and compliance risks
• Partner with data governance, privacy, and legal teams on AI initiatives
Strategic Risk Visioning, Assessment & Executive Advisory
• Develop multi-year roadmaps, milestones, and resource plans
• Lead enterprise and project-level risk assessments
• Translate technical findings into executive-level reporting and dashboards
• Advise leadership on risk posture and investment prioritization
• Provide technical leadership and mentorship across teams

EDUCATION

  • Required: Bachelor's Degree Computer Information Systems, Business Information Systems, Computer Science or related field.
  • Preferred: Master's Degree Information Security, Computer Science or related field

WORK EXPERIENCE

  • Required: 7 years In information security and/or cybersecurity experience including multiple security domains, to include two years lead/supervisory experience.
  • May substitute required education degree with additional years of equivalent experience on a one to one basis.
  • Preferred: At least 7–8 years of progressive cybersecurity experience, hands-on risk management (risk assessment, risk register ownership, control evaluation, or risk quantification), led or owned a security risk management program or framework implementation (e.g., NIST RMF/CSF, ISO 27005, FAIR, or equivalent), direct hands-on experience assessing the security or risk posture of AI/ML systems or GenAI deployments, ability to translate technical risk into business-level language for executive and governance audiences (e.g., briefing a CISO, risk committee, or board), experience using Archer, excellent communication skills, risk management, and cybersecurity framework is a must. 

LICENSES AND CERTIFICATIONS

  • Preferred: CISSP - Cert IS Security Professional Issued by the International Information Systems Security Certification Consortium ((ISC).
  • Preferred: CISM - Cert Info Security Manager Issued by Information Systems Audit and Control Association (ISACA). 
  • Preferred: PMP - Project Mgt Professional Issued by the Project Management Institute (PMI). 
  • Preferred: Other applicable security industry certifications. 

The University of Texas MD Anderson Cancer Center offers excellent benefits, including medical, dental, paid time offretirement, tuition benefits, educational opportunities, and individual and team recognition.

This position may be responsible for maintaining the security and integrity of critical infrastructure, as defined in Section 113.001(2) of the Texas Business and Commerce Code and therefore may require routine reviews and screening. The ability to satisfy and maintain all requirements necessary to ensure the continued security and integrity of such infrastructure is a condition of hire and continued employment. 

It is the policy of The University of Texas MD Anderson Cancer Center to provide equal employment opportunity without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, disability, protected veteran status, genetic information, or any other basis protected by institutional policy or by federal, state, or local laws unless such distinction is required by law.http://www.mdanderson.org/about-us/legal-and-policy/legal-statements/eeo-affirmative-action.html

My Submissions

Track your opportunities.

My Submissions

Similar Listings

United States, Texas, Houston, Houston (TX Med Ctr)

📁 Information Technology

Requisition #: 178303

United States, Texas, Houston, Houston (TX Med Ctr)

📁 Information Technology

Requisition #: 181000