Operational Risk Jobs in Dallas, TX (NOW HIRING)

As part of the firm's second line of defense (2LOD), the Operational Cyber Risk Sr Analyst is accountable for the design, execution, measurement, and continuous improvement of the enterprise security awareness and humancentric cyber risk program within an Operational Risk / Enterprise Risk Management framework. This role provides strategic and operational ownership of initiatives that identify, assess, monitor, and mitigate humandriven cyber risk, with full alignment to enterprise risk governance expectations.

The role requires a strong understanding for implementing, operating, and tracking security awareness and human risk management solutions, using datadriven techniques, analytics, and automation to support risk identification, monitoring, and reporting. Responsibilities span workforce awareness, behavioral risk, policy adherence, control effectiveness, and issue remediation, ensuring consistency with enterprise risk management practices, risk appetite, and governance standards.

This is a seniorlevel individual contributor role requiring independent judgment, strong crossfunctional influence, technical and analytical depth, and executiveready communication.

Security Awareness & Human Risk Program Ownership

• Own and manage the enterprise security awareness and humancentric cyber risk program within the broader ORM/ERM framework

• Define strategy, roadmap, execution approach, and success criteria for managing humandriven cyber risk

• Oversee security awareness activities from a risk management perspective, including user behavior, policy compliance, and related controls

• Assess and respond to evolving threat conditions that impact human risk, including social engineering, fraud, AIenabled attacks, and process or control failures

• Leverage databases, analytics platforms, and scripting or query languages to aggregate, normalize, and analyze awareness, behavioral risk, compliance, and remediation data

• Define and maintain enterprise risk metrics, indicators, and KPIs measuring awareness effectiveness, behavioral risk exposure, policy compliance, and control performance

• Develop automated dashboards and executivelevel reporting that communicate humancentric cyber risk posture, trends, and mitigation effectiveness

• Partner with Risk Management, Compliance, IT, Security, HR, Audit, and Communications teams to embed awareness and policy adherence into enterprise risk processes, policies, and business workflows

Issues & Remediation Management (HumanCentric Cyber Risk)

• Maintain centralized tracking of awarenessrelated issues, remediation actions, and risk treatment outcomes to support traceability and accountability

• Validate remediation closure through evidence review and data analysis related to user behavior, training completion, and policy compliance

• Prioritize issues based on risk severity, likelihood, business impact, and recurrence
  Identify recurring themes or systemic human risk patterns to inform targeted awareness campaigns, policy updates, and control enhancements

Risk Governance & Enterprise Alignment

• Align security awareness outcomes, behavioral risk indicators, and compliance metrics with enterprise risk management frameworks and reporting structures

• Support Lines of Defense clarity by distinguishing firstline ownership, secondline oversight, and assurance activities related to humancentric cyber risk

• Contribute to RCSA activities, including risk identification, control mapping, control effectiveness assessments, and documentation related to security awareness and policy compliance

• Partner with Operational Risk, Compliance, and Audit teams to support transparency, defensibility, and audit readiness

• Provide subjectmatter expertise on humancentric cyber risk, awareness effectiveness, and policy adherence to risk committees and governance forums

Areas of Focus

Areas of focus encompass the identification, measurement, monitoring, and mitigation of humancentric cyber risk across the enterprise, including workforce awareness, user behavior, policy compliance, emerging attack techniques that exploit human behavior, and the effectiveness of preventive and detective controls.

• 8+ years of experience in cybersecurity, security awareness, cyber or operational risk management, or related disciplines

• 3+ years of experience implementing, operating, and tracking security awareness or human risk management solutions

• Experience owning enterpriselevel risk programs within an ORM or ERM operating model
  Strong understanding of humandriven cyber risk, policy compliance, and control effectiveness

• Handson experience working with databases, analytics, or reporting solutions, including queries, dashboards, or automated reporting

• Proven ability to translate behavioral and cyber risk into executivelevel, businessfocused risk insights

• Strong project management, analytical, and stakeholder engagement skills

• Experience with security awareness tools and applications, as well as governance, risk, and compliance processes and supporting platforms (e.g., KnowBe4, ServiceNow, Archer, Jira)

The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.Texas Capital is an Equal Opportunity Employer.