Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Cyber Security Compliance Analyst

A

Associate Staffing LLC

Cyber Security Compliance Analyst

Charlotte, NC
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

    THIS OPPORTUNITY IS CURRENTLY 100% REMOTE!

    THIS IS A 40 HOUR A WEEK 12 MONTH CONTRACT-TO-HIRE OPPORTUNITY!

    NO BENEFITS ARE PROVIDED THROUGHOUT THE DURATION OF THE CONTRACT!

     

    We has an immediate need for a Cybersecurity compliance manager. The qualified candidate will manage closing current compliance gaps by working with internal departments and external assessors. This role includes responding to Cybersecurity questionnaires from potential clients. Excellent communication and project management skills are expected.

     

    JOB DUTIES:

    • Manage achieving CMMC level 3 compliance. This effort is well under way but requires diligent coordination with external consultants and corporate digital technology departments.
    • Supplement corporate policy documents as needed for CMMC compliance.
    • Assist with SOX compliance documentation, data gathering, and reporting.
    • Maintain business unit DT policy and standards.
    • Review and respond to Cybersecurity questionnaires and contract clauses from clients.

    MINIMUM QUALIFICATIONS:

    • Bachelor’s Degree in Computer Science or IT security related field from a four-year technical engineering ABET accredited institution. Equivalent experience in lieu of college degree will be considered.
    • Knowledge and experience with Federal Government security processes and standards, including NIST 800-171, Risk Management Framework (RMF) and related NIST CSF.
    • Knowledge and experience of U.S. commercial and Government standards, regulations and codes (e.g., DoD Unified Facility Criteria, OSHA, NFPA, ASHRAE, NIST, DoDi, RMF, NERC CIP Cyber security, etc.).
    • Certified Information Systems Security Professional (CISSP), or equivalent is preferred.
    • Project management experience (PMP certification preferred).
    • Excellent communication skills.

     

    JUSTIFICATION (FOR CCS APPROVALS):

    Work assigned to this position:

    Immediate assignments until end of year:

    • Manage bringing the company into CMMC compliance by end of 2021
      • Manage mature implementation of all 130 CMMC level 3 security controls
      • Immediate focus: Close 18 open NIST 800-171 controls by end of September
      • Write supplemental policy to augment Carrier DT policy as needed; This includes review of proposed policy by senior leadership, external compliance consultants, and Carrier DT leadership
      • Project manage implementation of missing security controls by Carrier DT departments
      • Track progress and communicate updates on a weekly basis
      • Estimated effort is 24 hours per week until end of 2021.
    • Internal Audit
      • Gather requested documentation
      • Update IT systems documentation and share with Carrier audit as needed
      • Update SaaS service subscription documentation and add detail as needed
      • Update internal process documentation
      • Attend all audit meetings (as frequently as daily) as needed
      • Estimated effort is 16 hours per week until end of Q3

    Assignments starting Q1 of 2022:

    • CMMC – this is an ongoing process requiring ongoing documentation
      • Policy documents need to get reviewed at least annually. Due to the current fluidity of Carrier policy these reviews need to occur quarterly in collaboration with Carrier
      • All 130 controls need to get reviewed quarterly and documentation updated as needed
      • Ongoing user training and incident review
      • Review user access to restricted projects and systems quarterly
      • Manage DLP deployment
      • Monitor and respond to DLP alarms, manage DLP policy
      • Estimated effort: 30 hours per week; DLP represents the majority of time spent.
    • SOX Compliance
      • Manage quarterly Privileged User Access Reviews (PARs)
      • Update SOX related policy and procedures twice annually
      • Oversee and document DR testing; Ensure it is performed on agreed upon schedule
      • Manage SOX reviews with PWC or other Carrier assigned contractor
      • Manage Sailpoint tasks assigned
      • Oversee SOX application compliance
      • Oversee change management for all of the company
      • Estimated effort: 6 hours per week
    • Contract Review for Cybersecurity Clauses
      • A majority of contracts contain Cybersecurity clauses. These need to get reviewed based on up to date Carrier processes to determine compliance. In case of questions Carrier digital technology and legal experts need to get called in to respond.
      • Generate a database (can be a large Excel spreadsheet, SharePoint, or other) of Carrier DT procedures
      • Estimated effort: 4 hours per week (this is a rapidly growing area of work)
    • Formulate processes (currently ad-hoc activities)
    • Future: Project Cybersecurity (not gov compliance) project documentation, inventory, and support
    • IT systems documentation

     

    Present until 8/31:

    CMMC: 24h per week

    Audit: 16h per week

    2021 Q4:

    CMMC 32h per week

    Policy review, business process review and documentation 8h per week

    2022 Q1:

    CMMC 24h per week