Senior Cybersecurity Compliance Analyst

About The Position

Requirements

• Must be a U.S. Citizen.
• Requires a minimum of 8 years of progressive Cybersecurity and Compliance experience.
• In depth knowledge of Cybersecurity, regulatory governance, and IT security practices.
• Experience documenting and maintaining Cybersecurity guidelines, policies, and standards.
• Experience performing Security Risk Assessments based on common control frameworks: e.g.: NIST SP 800-171/171a, NIST SP 800-53/53a, ISO27001 and SOC2.
• Strong verbal and written communication skills, with demonstrated ability to effectively present material to a variety of technical and non-technical audiences.
• Experience leveraging GRC tools to automate third-party risk reviews; including risk register integration and workflows to track ownership, progress and closure.

Nice To Haves

• Bachelor's degree or four relevant years of experience may be substituted for a degree.
• Strong ability to think strategically about business, products, and technical challenges.
• Experience analyzing business or technical problems and proposing and implementing solutions.
• Knowledge of networks, operating systems, applications, and cloud services.
• Familiarity with security frameworks and various compliance requirements; including: ISO27001, SOC2, NIST, CMMC. Knowledge of OWASP/SAMM.
• Experience with third-party risk and M&A Cybersecurity assessments.
• Certification related to Cybersecurity (e.g., CISSP, CISA, CISM).

Responsibilities

• Work collaboratively with business owners to maintain NIST 800-171/CMMC compliance by performing risk and control maturity assessments; targeting information systems that process, store, and transmit company and customer information.
• Provide cybersecurity risk consultation to internal teams focused on the alignment of information system design and implementation to the underlying cybersecurity control requirements.
• Assist with answering client security questionnaires and evaluating compliance with regulatory and contractual requirements.
• Provide more robustness to our existing TPRM (Third-Party Risk Management) program and be hands-on in planning and executing TPRM engagements.
• Participate in the creation and maintenance of Cybersecurity documents (policies, standards, guidelines, and procedures).
• Contribute to the Cybersecurity education program.

Benefits

• Health, Vision, Dental Insurance, and Employee Assistance Program
• 401K, with matching and immediate vesting
• Health Savings Account (HSA)/Flexible Spending Accounts (FSA) Options
• PTO, 10 Holidays, and Sick Time
• Maternity and Paternity Leave
• Adoption Reimbursement
• Flexible Hours, Hybrid work options
• Tuition Reimbursement and Student Loan Repayment
• Pet Insurance
• And More!