Operational Cyber Risk Sr Analyst

Texas Capital is built to help businesses and their leaders. Our depth of knowledge and expertise allows us to bring the best of the big firms at a scale that works for our clients, with highly experienced bankers who truly invest in people's success - today and tomorrow.

While we are rooted in core financial products, we are differentiated by our approach. Our bankers are seasoned financial experts who possess deep experience across a multitude of industries. Equally important, they bring commitment - investing the time and resources to understand our clients' immediate needs, identify market opportunities and meet long-term objectives. At Texas Capital, we do more than build business success. We build long-lasting relationships.

Texas Capital provides a variety of benefits to colleagues, including health insurance coverage, wellness program, fertility and family building aids, life and disability insurance, retirement savings plans with a generous 401K match, paid leave programs, paid holidays, and paid time off (PTO).

Headquartered in Dallas with offices in Austin, Fort Worth, Houston, Richardson, Plano and San Antonio, Texas Capital was recently named Best Regional Bank in 2024 by Bankrate and was named to The Dallas Morning News' Dallas-Fort Worth metroplex Top Workplaces 2023 and GoBankingRate's 2023 list of Best Regional Banks. For more information about joining our team, please visit us at www.texascapitalbank.com.

Brief Overview of Position

As part of the firm's second line of defense (2LOD), the Operational Cyber Risk Sr Analyst is accountable for the design, execution, measurement, and continuous improvement of the enterprise security awareness and human‑centric cyber risk program within an Operational Risk / Enterprise Risk Management framework. This role provides strategic and operational ownership of initiatives that identify, assess, monitor, and mitigate human‑driven cyber risk, with full alignment to enterprise risk governance expectations.

The role requires a strong understanding for implementing, operating, and tracking security awareness and human risk management solutions, using data‑driven techniques, analytics, and automation to support risk identification, monitoring, and reporting. Responsibilities span workforce awareness, behavioral risk, policy adherence, control effectiveness, and issue remediation, ensuring consistency with enterprise risk management practices, risk appetite, and governance standards.

This is a senior‑level individual contributor role requiring independent judgment, strong cross‑functional influence, technical and analytical depth, and executive‑ready communication.

Responsibilities

Security Awareness & Human Risk Program Ownership

• Own and manage the enterprise security awareness and human‑centric cyber risk program within the broader ORM/ERM framework

• Define strategy, roadmap, execution approach, and success criteria for managing human‑driven cyber risk

• Oversee security awareness activities from a risk management perspective, including user behavior, policy compliance, and related controls

• Assess and respond to evolving threat conditions that impact human risk, including social engineering, fraud, AI‑enabled attacks, and process or control failures

• Leverage databases, analytics platforms, and scripting or query languages to aggregate, normalize, and analyze awareness, behavioral risk, compliance, and remediation data

• Define and maintain enterprise risk metrics, indicators, and KPIs measuring awareness effectiveness, behavioral risk exposure, policy compliance, and control performance

• Develop automated dashboards and executive‑level reporting that communicate human‑centric cyber risk posture, trends, and mitigation effectiveness

• Partner with Risk Management, Compliance, IT, Security, HR, Audit, and Communications teams to embed awareness and policy adherence into enterprise risk processes, policies, and business workflows

Issues & Remediation Management (Human‑Centric Cyber Risk)

• Maintain centralized tracking of awareness‑related issues, remediation actions, and risk treatment outcomes to support traceability and accountability

• Validate remediation closure through evidence review and data analysis related to user behavior, training completion, and policy compliance

• Prioritize issues based on risk severity, likelihood, business impact, and recurrence

Identify recurring themes or systemic human risk patterns to inform targeted awareness campaigns, policy updates, and control enhancements

Risk Governance & Enterprise Alignment

• Align security awareness outcomes, behavioral risk indicators, and compliance metrics with enterprise risk management frameworks and reporting structures

• Support Lines of Defense clarity by distinguishing first‑line ownership, second‑line oversight, and assurance activities related to human‑centric cyber risk

• Contribute to RCSA activities, including risk identification, control mapping, control effectiveness assessments, and documentation related to security awareness and policy compliance

• Partner with Operational Risk, Compliance, and Audit teams to support transparency, defensibility, and audit readiness

• Provide subject‑matter expertise on human‑centric cyber risk, awareness effectiveness, and policy adherence to risk committees and governance forums

Areas of Focus

Areas of focus encompass the identification, measurement, monitoring, and mitigation of human‑centric cyber risk across the enterprise, including workforce awareness, user behavior, policy compliance, emerging attack techniques that exploit human behavior, and the effectiveness of preventive and detective controls.

Qualifications

• 8+ years of experience in cybersecurity, security awareness, cyber or operational risk management, or related disciplines

• 3+ years of experience implementing, operating, and tracking security awareness or human risk management solutions

• Experience owning enterprise‑level risk programs within an ORM or ERM operating model

Strong understanding of human‑driven cyber risk, policy compliance, and control effectiveness

• Hands‑on experience working with databases, analytics, or reporting solutions, including queries, dashboards, or automated reporting

• Proven ability to translate behavioral and cyber risk into executive‑level, business‑focused risk insights

• Strong project management, analytical, and stakeholder engagement skills

• Experience with security awareness tools and applications, as well as governance, risk, and compliance processes and supporting platforms (e.g., KnowBe4, ServiceNow, Archer, Jira)

The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.Texas Capital is an Equal Opportunity Employer.