Cybersecurity Compliance Analyst II

As a Cybersecurity Compliance Analyst II, you will be a key player in ensuring our organization's cybersecurity and GRC (Governance, Risk, and Compliance) posture aligns with modern industry standards and critical government regulations. This role is crucial for an A/E/C (Architecture, Engineering, and Construction) firm that works with government and commercial clients. You will be responsible for maturing our cybersecurity program, with a specific focus on navigating complex compliance requirements such as the Cybersecurity Maturity Model Certification

(CMMC), Federal Acquisition Regulation (FAR), and Defense Federal Acquisition Regulation Supplement (DFARS). You will operate with a high degree of independence, leading projects, performing detailed assessments, and translating technical and regulatory requirements into actionable business practices.

Responsibilities:
In the role of a Cybersecurity Compliance Analyst II, we’ll count on you to:

• Compliance and Frameworks: Support and enhance the company’s GRC program by focusing on key government and industry compliance frameworks, including NIST SP 800-171/53, CMMC, DFARS, and FAR. Direct experience with SOC 2 and ISO 27001 is a plus.
• Risk and Vulnerability Management: Conduct risk assessments, support the vulnerability management program, and track remediation efforts. Your work will directly support our mission to identify and mitigate cybersecurity risks.
• Audits and Controls: Participate in internal and external security audits, perform control testing, and review security policies and procedures. You'll ensure our documentation is accurate and our practices align with applicable standards.
• Incident Response: Assist with the coordination of incident response activities, investigate security-related incidents, and recommend remediation steps to improve our security posture.
• Solution Implementation: Under the guidance of senior staff, you will help design and implement new security solutions. You'll perform technology implementation tasks with limited oversight, demonstrating your ability to execute projects from start to finish.
• Security Development and Strategies: Assist with the design and implementation of new security solutions under the direction of senior team members.
• Documentation and Reporting: Maintain up-to-date documentation for our GRC program, including policies, procedures, and reports for management. You will translate complex technical and regulatory requirements into clear, actionable business practices.
• Technology Implementation: Conduct technology implementation tasks with limited review required by higher-level technical/managerial staff.

Preferred Qualifications:

• Certifications: Professional certifications such as CGRC, CMMC-CP, CISSP, CISA, or Security+.
• Experience: Prior experience with risk assessment methodologies, vulnerability management programs, and security compliance audits.
• Regulated Environments: Experience working in regulated environments with formal compliance requirements, particularly within the A/E/C industry.

*This role is ineligible for Visa sponsorship*

#LI-KV1