Compliance Analyst

Primary Responsibilities

The perfect candidate will have experience with and a passion for not only identifying compliance issues, but also in helping clients overcome the issues and develop a manageable maintainable compliance posture.

• Working under general supervision, the Compliance Analyst will be responsible for monitoring, managing, and closing existing compliance issues while also ensuring that internal and external systems are compliant with security standards
• In carrying out these functions, the Compliance Analyst’s responsibilities include the identification, evaluation, and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks
• Performs cybersecurity readiness assessments, gap analyses, and maturity assessments using the Cybersecurity Maturity Model Certification (CMMC) model
• Engage with clients and conduct security & risk assessments with a focus on the NIST 800-53 and 800-171 frameworks
• Consulting with end clients to gather requirements and understand our client's key business and security challenges.
• Working with team members to advise on practical and cost-effective solutions to help mitigate our clients’ cybersecurity risks and challenges
• In-depth knowledge of security regulatory compliance requirements with a focus on CMMC, NIST 800-171 and HIPAA, and translating those into business processes and security controls to enhance and support clients’ compliance status.
• Articulating and defending IT controls testing approach and performing tests of design and operating effectiveness
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle
• Performs vulnerability and compliance network scans, analysis of results, and provides mitigation recommendations
• Supports Cyber74 by responding timely to questions pertaining to security practices, policies, and controls.  
• Collaborate with New Charter Technologies Operating Company stakeholders and personnel to share security knowledge, vulnerability trends, and analysis findings

Expected Compensation is $75,000 and up DOE

Skills & Experience

• Experience in security/compliance focused role with 2-4+ years of experience performing technical security audits and risk assessments
• Experience implementing with NIST 800-53, 800-171, ISO27001, and CMMC controls

• Experience performing cybersecurity readiness assessments including maturity assessments using the Cybersecurity Maturity Model Certification (CMMC) model.
• Experience performing cybersecurity readiness assessments including assessments using the Health Insurance Portability and Accountability Act (HIPAA) model.

• Experience in creating Supplier Performance Risk Scores (SPRS)
• Experience performing IT/IS security risk assessments, audits, and manages/conducts security incident investigations
• Minimum 1+ years’ experience with cloud-based concepts with an emphasis on development and auditing AWS or Azure controls
• Well-rounded expertise and exposure to a variety of security technologies including anti-virus, data loss prevention, intrusion prevention, application whitelisting, etc.
• Experienced at assessing on-premise systems along with enterprise SaaS and cloud offerings, including various infrastructure platforms such as Active Directory, Windows, Linux, etc.
• Strong working knowledge of network firewalls, switches, routers, and endpoints
• Experience working with network scanning tools such as Tenable Nessus, Qualys, or Rapid-fire Tools
• Strong EQ with the ability to develop rapport and provide technical security and risk-related to technical and non-technical audiences
• Must be able to influence without authority, innovate to tackle tough problems, and communicate clearly to all levels of the organization
• Ability to thrive in a supportive, result-oriented community and are committed to the relentless pursuit of continuous growth

Preferred Certifications (One or More certifications of the following)

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• GIAC Security Essentials (GSEC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)

Our Team members enjoy

• A Fun, friendly culture
• The ability to work from home / work remotely for nearly all positions
• A collaborative environment where you can make an impact and help direct our future
• Family friendly, flexible schedules
• Company provided training and growth opportunities
• A career path and roadmap that allows you to move up in the company and try new things
• We’re a mission focused cybersecurity company, we all love security (and might be a little paranoid about it), and we love protecting our clients
• Unlimited Responsible Time Off Policy
• Gym membership
• Company paid cell phone
• 401k with immediate 5% match, Health/Dental/Vision Insurance, Paid Gym memberships, Etc. (the typical stuff)

Physical Requirements

Work is primarily knowledge-worker oriented using computer systems.  Occasional exertion and lifting of up to 20 pounds to move office or computer equipment.  Occasional crawling, kneeling, and squatting.  Constant use of computer (keyboard/mouse), and phone.  Visually inspects, prepares, and analyzes data & figures, views computer constantly.  Occasional travel (car/airplane).  Occasional exposure to outdoor environmental conditions as a result of travel.    

Cyber74 is committed to creating an inclusive environment and is proud to be an equal opportunity employer. Cyber74 recruits, employs, trains, compensates, and promotes regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.