Information Security Compliance Analyst - Richmond, VA

Overview

You develop and execute security controls, defenses, and countermeasures to intercept and prevent internal or external attacks targeting company email, data, e-commerce, and web-based systems. You research attempted or successful efforts to compromise systems security and design effective countermeasures. You maintain hardware, software, and network firewalls and encryption protocols. You administer security policies that control physical and virtual access to systems. You provide clear, timely information to management regarding the business impact of theft, destruction, alteration, or denial of access to information and systems.

Responsibilities

• Monitor the operating environment for compliance with SOC 2+ VA SEC 530 controls, track deviations and remediation activities in a Plan of Action & Milestones (POA&M).
• Coordinate security incident handling, liaise with the Global Cybersecurity Incident Response Team towards containment, root cause determination, and updates to the POA&M.
• Coordinate preparation and execution of external audit activities to ensure evidence completeness, accuracy, and appropriateness. Work closely with the external auditors to ensure scope and testing results are fair and accurate.
• Track to remediation any audit findings and vulnerabilities documented in the POA&M and collaborate with Infrastructure, Application, and Operations teams to design and deploy countermeasures and security enhancements.
• Prepare concise reports and briefings that translate technical findings into business impact and recommended actions.

Qualifications

• Solid understanding of cybersecurity compliance scoping methodologies, control environments, and evidence management.
• Hands-on experience implementing and coordinating with technical teams, the implementation security controls, across a variety of technical, operational, and personnel requirements.
• Ability to investigate incidents, research vulnerabilities, correlate logs and alerts, and clearly communicate findings and recommended actions to technical teams.
• Bachelor’s degree in related field or experience in lieu of a degree
• 2+ years of dedicated related security operations, compliance, or incident response experience required.
• Equivalent military or directly relevant work experience considered.
• Exposure to SOC 2 audits, control testing, evidence collection, and remediation tracking.
• Familiarity with NIST 800-53 control families and mapping to enterprise policies.
• Experience producing executive-level compliance or risk dashboards.
• Professional certifications aligned to information security compliance and governance, such as CISA, CRISC, CAP (NIST RMF), or similar credentials, preferred.

Success Profile

• Leading Complexity
• Leading People
• Leading the Business
• Leading Self

#LI-NA1 #LI-HYBRID