Sr. Cybersecurity & Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Electrical Engineering, or a related field from an accredited university, or equivalent practical experience
• 4+ years of cybersecurity experience, with exposure to medical devices or other regulated industries preferred
• Hands-on experience with enterprise security tools and technologies, including EDR, vulnerability management, identity and access management, and cloud security
• Experience securing enterprise productivity and collaboration environments, including Microsoft 365 and Google Workspace
• Familiarity with compliance frameworks and regulations including NIST Cybersecurity Framework, CIS Critical Security Controls, HIPAA, Sarbanes-Oxley (SOX) IT General Controls, and FDA regulatory requirements
• Ability to work effectively with cross-functional teams, manage competing priorities, and operate with a high degree of initiative in a fast-paced environment

Nice To Haves

• Professional certifications such as Security+, CCSP, CISM, or similar are a plus
• Scripting or automation experience (PowerShell, Python, or similar) is a plus, along with strong communication skills and the ability to convey technical concepts to non-technical audiences

Responsibilities

• Implement and operate enterprise security technologies, including EDR, vulnerability management, DNS filtering, and email security
• Monitor, investigate, and respond to security events and incidents, supporting threat detection and contributing to improvements in response and recovery procedures
• Maintain and update cybersecurity policies, procedures, and standards aligned with NIST Cybersecurity Framework, CIS Critical Security Controls, and applicable regulations
• Support regulatory compliance activities related to HIPAA, FDA 21 CFR Part 11, and Sarbanes-Oxley (SOX) IT General Controls, including audit preparation, evidence collection, and control testing
• Provide support for core IT systems, including user account management, directory services, and endpoint management, in coordination with IT operations
• Develop and deliver cybersecurity awareness training and phishing simulation programs to build a strong security culture across the organization
• Administer enterprise patch management processes, including vulnerability prioritization, coordination with IT operations, and validation of remediation for critical systems
• Support the administration and security of the company’s external web hosting environment, including configuration hardening, monitoring, and coordination with hosting vendors
• Help maintain the organizational risk register, conduct third-party risk assessments, and support internal and external audits through evidence collection and control testing

Benefits

• medical, dental and vision plans
• FSA
• 401(k) plan with company matching
• unlimited Paid Time Off (PTO)
• approximately 18 paid company holidays per year