Cybersecurity Risk and Compliance Analyst

Cybersecurity Analyst

Location: HOUSTON, TX

FLSA Class: EXEMPT

Responsible to: Senior Manager of Technical Operations

Position Summary

VoltaGrid is seeking a Cybersecurity Risk & Compliance Analyst to help formalize and scale our risk governance, compliance, and policy framework across both IT and operational environments. This role is central to evolving our cybersecurity program from reactive support to structured, institutionalized risk governance. You will drive clarity and consistency in how we manage risk, controls, policies, and audit readiness, ensuring alignment with both regulatory requirements and real-world operational needs.

The ideal candidate brings a strong understanding of GRC principles, paired with the ability to translate complex requirements into practical, enforceable processes that integrate seamlessly into day-to-day operations. As VoltaGrid continues to scale, cybersecurity must evolve into a structured, measurable, and governance-driven function. This role ensures that our approach to risk and compliance is not just about meeting requirements, but about building a repeatable, scalable framework that supports secure growth across both digital and physical infrastructure. You will play a key role in establishing clarity, accountability, and trust in how VoltaGrid manages risk across the organization.

Essential Duties And Responsibilities

• Develop, implement, and maintain cybersecurity policies, standards, and procedures, ensuring they are clear, actionable, and aligned with organizational needs.
• Own and manage risk assessment processes, including identifying, evaluating, and tracking risks across IT and operational technology environments.
• Support and drive compliance initiatives (e.g., SOC 2, ISO 27001), including control design, evidence collection, and audit coordination.
• Establish and maintain a control framework that aligns security practices with regulatory and business requirements.
• Partner with engineering, IT, and operations teams to ensure controls are implemented effectively and embedded into workflows.
• Manage and track risk registers, control gaps, and remediation efforts, providing visibility to leadership.
• Support third-party risk management, including vendor assessments and ongoing monitoring.
• Collaborate with cybersecurity and technology teams to align security tooling and monitoring with compliance and risk objectives.
• Assist in developing and maintaining security awareness and policy training programs.
• Produce clear, executive-ready reporting on risk posture, compliance status, and program maturity.
• Continuously evaluate and improve the organization’s governance model, processes, and documentation.

Other Requirements

• 3-6 years of experience in GRC, cybersecurity compliance, risk management, or related roles.
• Strong understanding of common frameworks and standards such as: SOC 2, ISO 27001, NIST CSF or similar.
• Experience developing and managing policies, controls, and risk assessments.
• Familiarity with audit processes and evidence management.
• Ability to translate technical and regulatory requirements into practical processes.
• Strong organizational, analytical, and communication skills.

Preferred Qualification

• Experience in critical infrastructure, energy, or industrial environments.
• Familiarity with OT/ICS risk and compliance considerations.
• Experience with GRC tools or compliance automation platforms (e.g., Drata).
• Understanding of third-party risk management frameworks.
• Relevant certifications (e.g., CISA, CRISC, CISSP, ISO 27001 Lead Implementer).

VoltaGrid is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, genetic information, arrest record, or any other characteristic protected by applicable federal, state or local laws. Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities, and general treatment during employment.

Key skills/competency

• Cybersecurity Risk and Compliance Analyst
• GRC
• Risk Governance
• Compliance Frameworks
• Policy Development
• Risk Assessment
• Audit Readiness
• NIST CSF
• SOC 2
• ISO 27001