About the position
As a Cybersecurity & Compliance Analyst, you will play a critical role in safeguarding our company's information systems and ensuring compliance with regulatory standards. You will be responsible for monitoring, analyzing, and responding to security incidents, conducting risk assessments, establishing and implementing cybersecurity, information risk management, and compliance best practices, and implementing controls to protect sensitive data. This role is fully remote. Specific location details and expectations will be discussed during the interview process.
Responsibilities
• Develop, implement, and maintain security policies, procedures, and controls to ensure compliance with industry standards and regulations (e.g., NERC CIP, SOX, ISO 27001, etc.)
• Evaluate, document, and respond to recommendations or alerts from internal security tools and Managed Security Services Provider
• Conduct regular risk assessments and vulnerability scans to ensure the security of the organization's information systems
• Assist in the investigation and response to security incidents, ensuring that all actions comply with regulatory requirements
• Coordinate with legal and regulatory bodies to ensure the organization remains compliant with evolving cybersecurity laws and regulations
• Prepare and present reports on compliance activities, findings, and recommendations to leadership
• Assist with the education and training of process/control owners to better understand technology control frameworks and their responsibilities when it comes to data handling
• Lead Data Loss Protection (DLP) initiatives, strategies, and controls within the company with the use of Microsoft Purview
• Perform security audits and assessments to identify areas of improvement and ensure compliance with regulatory requirements
• Assist in responding to external audits by preparing necessary documentation, coordinating with auditors and ensuring that all compliance requirements are met
• Maintain up-to-date knowledge of industry standards, regulations, and best practices related to cybersecurity compliance.
• Recommend and assist with implementation and management of Cybersecurity, Risk Management and Compliance tooling
• Support the development and maintenance of a robust cybersecurity governance framework
Requirements
• Bachelor’s degree in Information Technology, Information Security, Cybersecurity or related field and/or equivalent experience
• 3+ years of progressively more responsibility in directly related work
• Two or more years of experience in utilizing enterprise security or compliance solutions including but not limited to SIEM, Risk Management tools, GRC (Governance, Risk, and Compliance) tools, security detection and response tools, and endpoint security products
• Excellent knowledge of Microsoft Purview including Data Loss Protection and other compliance policies
• Proven experience in cybersecurity compliance, risk management, and audit processes.
• Familiarity with common network, system and web application attacks and mitigations
• Strong knowledge of regulatory requirements and industry standards related to cybersecurity and Risk Management (e.g., NIST, ISO27701, SOX)
• Ability to work effectively in a team environment and in cross-functional teams
• Ability to effectively document
• Excellent verbal and written communication skills
• Energetic, enthusiastic, charismatic
Benefits
• Employees (and their families) are eligible for medical, dental, vision, basic life and disability insurance.
• Employees can enroll in our company’s 401(k) plan and are provided vacation, sick and holiday pay.