Security Compliance Management Analyst

Posted:
7/18/2024, 5:00:00 PM

Location(s):
Chicago, Illinois, United States ⋅ Illinois, United States ⋅ Georgia, United States ⋅ Atlanta, Georgia, United States ⋅ Virginia, United States ⋅ McLean, Virginia, United States

Experience Level(s):
Junior ⋅ Mid Level ⋅ Senior

Field(s):
IT & Security

Workplace Type:
Remote

Job Family:

IT Cyber Security


Travel Required:

Up to 10%


Clearance Required:

None

What You Will Do:
The Security Compliance Management Analyst is a member of a service-oriented team with upwards to six (6) personnel within the Information Security Compliance Management team that are focused on framework compliance for the following frameworks: ISO 27001, ISO 20000, NIST SP 800-171, NIST SP 800-53, UK Cyber Essentials, CMMC, HIPAA, HITRUST, and IT General Controls.

Other services in scope of the Information Security Compliance Management team include management of the Governance Risk and Compliance solution, continuous monitoring, evidence assessment, and client audits. Effectively supports and executes multiple or more complex IT Security Compliance Management projects that may span company-wide initiatives within scope, timeline, and budget. Applies technical knowledge to innovation and performance improvement while demonstrating critical thinking and sound logic when assessing problems and opportunities in generating solutions.

Accountable for ensuring the day-to-day operations of maintaining and protecting Guidehouse and Client data to the NIST SP 800-171 standards with the management of the compliance and execution of all Guidehouse compliance programs. Reports directly to the IT Security Compliance Associate Director.

Job Function:

  • Understands and supports the IT Security Compliance Management initiatives that support overall IT Security GRC goals and objectives
  • Demonstrates effective written and verbal communication skills; delivered in a professional, respectful, and timely manner
  • Manages GRC services to facilitate the organization of evidence for audits
  • Produces high quality work product leveraging existing templates, tools, and methodologies that align to applicable professional standards and best practices
  • Clearly and concisely conveys more complex messages to IT Security Compliance Management team; effectively presenting facts and recommendations
  • Designs and configures monitoring and alerts for identity and access management in accordance with Guidehouse Policies, Standards, and Procedures
  • Assists in conducting risk assessments and security audits to identify vulnerabilities and recommending mitigations to enhance security posture
  • Proactively asks questions, validates what is heard, and shares relevant informed point of view in meetings and client discussions
  • Demonstrates the ability to sense and respond to verbal and non-verbal cues and adapt messages and approach based on the audience
  • Demonstrates honest and professional behavior in all interactions
  • Identifies risk issues (e.g., technical, client service, engagement, team, internal and external) and escalate them to IT Security supervisors and senior leaders
  • Helps with issue resolution, risk mitigation and contingency planning in alignment with IT Security Compliance Management leader guidance and IT Security risk mitigation plans
  • Uses critical thinking, analysis, expertise, and collaboration to develop technical solutions and solve problems
  • Thinks innovatively to proactively identify opportunities for system and process enhancements and make recommendations to IT Security Compliance Management leadership
  • Works in unstructured or unclear circumstances
  • Mentors and/or trains IT Security Compliance Management team and/or IT Security, working with supervisor/leaders to position them for success, serving as a resource to peers
  • Promotes the development of new technical knowledge and skills within IT Security Compliance Management team
  • Conducts quality assurance reviews using established or establishing KPIs and self-audit work before showing work to more senior staff and/or clients, learning from mistakes
  • Takes ownership of my tasks and the tasks delegated, resolving issues and escalating as appropriate
  • Presents themselves and the company in a manner that always promotes a positive lasting impression of high quality, promptness, and professional service
  • Draws from experience to propose solutions to meet needs, focusing the team accordingly
  • Builds a high level of trust with stakeholders by meeting and anticipating needs and expectations
  • Demonstrates an advanced understanding within compliance arena and ability to apply technical or specialized knowledge specific to role, industry, business line, and/or functional area within compliance frameworks
  • Stays current on compliance events, trends, and issues in the news relevant to IT Security
  • Ensures prescribed IT Security policies, procedures, and standards are followed while identifying opportunities for system and process enhancements
  • Communicates with parties within and outside of IT Security; May have responsibility for communicating with parties external to the organization (e.g., customers, vendors, etc.)
  • Works independently on mid to large or complex projects and assignments, with minimal guidance and to influence parties within and outside the job function at an operational level regarding policies, best practices, and procedures
  • Responsible for developing compliance solutions that may require collaboration with internal expertise and deep analysis of the technical system
  • Problems and issues faced are difficult and may require understanding of broader set of issues. Problems typically involve consideration of multiple issues, job areas or specialties; Problems are typically solved through drawing from prior compliance experience and analysis of issues.
  • Ability to participate in cross- department discussions to influence job area processes
  • Exhibits practical knowledge of project management
  • Advanced understanding and ability to apply standards, principles, theories, and technical concepts obtained through advanced education combined with experience


What You Will Need:

  • Bachelor’s degree with 2-4 years of experience OR 8 Years of experience in lieu of degree
  • United States Citizenship
  • Clearance: Ability to obtain a National Security Clearance or a U.S. Federal Government Public Trust
  • Must be able to work East Coast US business hours
  • Experience working with Executive Leadership
  • Experience supporting Microsoft Windows 11 operating system
  • Experience with conducting external and/or internal audits
  • Experience managing with one or more of the following frameworks:
    • ISO 27001
    • IT General Controls/SOX
    • NIST SP 800-171
    • NIST SP 800-53
    • Supplier Performance Risk System (SPRS)
    • Cybersecurity Maturity Model Certification (CMMC)
    • Federal Risk and Authorization Management Program (FEDRAMP)
    • HIPAA
    • HITRUST
    • ISO 9001
    • ISO 20000
    • UK Cyber Essentials / UK Cyber Essentials Plus (+)
  • Experience documenting processes and procedures to comply with required NIST and IT standards
  • Working knowledge of risk governance and mitigation strategies with vulnerability management, phishing simulation training, and 3rd party penetration tests (internal and external)
  • Ability to work on many concurrent and changing priorities – flexibility is a must
  • Action-oriented and able to manage and meet aggressive timelines and deadlines
  • Must have excellent organizational and time management skills


What Would Be Nice To Have:

  • Degree in computer-related or cyber field
  • Shall possess one or more of the following certifications:
    • (ISC)2 Certified Information Security Professional (CISSP)
    • ISACA Certified Information Security Manager (CISM)
    • ISACA Certified Information Systems Auditor (CISA)
    • ISO 27001 Certified Lead Auditor
    • ISO 9001 Certified Lead Auditor
    • Project Management Professional (PMP)
    • Security+
  • Experience supporting Microsoft Azure and O365 cloud environments
  • Experience supporting Amazon AWS cloud environments
  • Experience working with Governance Risk and Compliance tools beyond the manual processes of excel sheets, folders, and emails
  • Working knowledge of Qualys
  • Experience with PCI and SOC controls
  • Experience with Microsoft Azure Compliance Center
  • Working knowledge of Active Directory, Exchange, SharePoint, and Teams
  • Demonstrated ability to learn and document new technologies/solutions
  • Experience with ServiceNow is a plus
  • Experience with Cyber Security ScoreCards such as: Security ScoreCard, BitSight, etc.
  • Experience working in an ITIL environment
  • Preference will be given to candidates who are located within 50 miles of a Guidehouse office

The annual salary range for this position is $65,400.00-$98,200.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.


What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

  • Medical, Rx, Dental & Vision Insurance

  • Personal and Family Sick Time & Company Paid Holidays

  • Position may be eligible for a discretionary variable incentive bonus

  • Parental Leave and Adoption Assistance

  • 401(k) Retirement Plan

  • Basic Life & Supplemental Life

  • Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts

  • Short-Term & Long-Term Disability

  • Student Loan PayDown

  • Tuition Reimbursement, Personal Development & Learning Opportunities

  • Skills Development & Certifications

  • Employee Referral Program

  • Corporate Sponsored Events & Community Outreach

  • Emergency Back-Up Childcare Program

  • Mobility Stipend

About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.


Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.


If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at [email protected]. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.


Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.