Sr. Cybersecurity Analyst – Audit and Compliance

Last Updated: October 30, 2023By


Job title: Sr. Cybersecurity Analyst – Audit and Compliance

Company: Sierra Nevada Corporation

Job description: The Cybersecurity Senior Audit and Compliance Analyst contributes to the success of our mission by performing assessments of systems and networks within the network environment or enclave and works with various business units to conduct evaluations of SNC information systems to ensure controls are adequate, appropriate, and effective. Senior Analysts are expected to lead independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within SNC’s enterprise information system to determine compliance with published standards. The Senior Audit and Compliance Analyst is the technical backbone of the GRC team and are responsible for training and developing the junior analysts. This position will report to the Cybersecurity Governance, Risk, and Compliance Manager to develop and execute strategic vision for the team and assist in continued success of the organization and GRC team.

The Mission Solutions and Technologies (MST) business area provides affordable, turn-key command/control, communications, integrated ISR, force protection and security solutions worldwide. The MST team has a long legacy of supporting the Department of Defense, Department of Homeland Security, commercial and international customers with years of experience in platform operations, engineering and full lifecycle management across domains – air, land, sea, space and cyber.

Responsibilities:

  • Analyze and develop the organization’s cyber defense policies and configurations to ensure compliance with regulations and organizational directives
  • Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
  • Plan and conduct internal stakeholder interviews to collect artifacts and follow up with stakeholders as necessary to drive the audit to closure
  • Lead the maintenance and management of an audit database to track and monitor audit requests and responses
  • Lead maintenance of a findings list and follow the plan(s) of action and milestones through remediation and closure
  • Assesses system or network designs that encompass multiple enclaves, including those with different data protection or classification
  • Maintain knowledge of applicable cyber defense policies, regulations, standards, and compliance documents specifically related to cyber defense auditing
  • Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes)

Must Haves:

  • Bachelor’s degree in a related discipline or 10 or more years of relevant experience
  • A higher level degree may substitute for experience
  • Related experience may be considered in lieu of required education
  • Experience supporting, troubleshooting, and administering a variety of networks, OSs, and applications.
  • Strong knowledge and experience administering a variety of current Microsoft platforms.
  • Knowledge of data security administration principles, methods, and techniques
  • Familiarity with domain structures, user authentication, and digital signatures
  • Knowledge and experience with a variety of current Microsoft platforms
  • Knowledge of computer networking concepts and protocols, and network security methodologies
  • Knowledge of data security administration principles, methods, and techniques
  • Knowledge of cyber security and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data
  • Knowledge of information security controls and frameworks such as NIST CSF, RMF, SP 800-53, SP 800-171, DFARS, CMMC, FISMA, ISO 27000 series, COBIT, PCI DSS, or Center for Internet Security (CIS) 20 Critical Security Controls
  • Familiarity with domain structures, user authentication, and digital signatures
  • Experience responding to, analyzing, and communicating control status through presentations and formal written reports
  • Ability to develop security standards and guidance based on industry best practices and requirements
  • Strong interpersonal and written communication skills
  • Ability to effectively execute multiple, complex tasks
  • Strong analytical, and problem-solving skills

Preferred:

  • Experience with enterprise GRC tool(s)
  • Ability to adapt to unexpected events, new facts, and rapidly changing circumstances
  • Ability to thrive in a sense-of-urgency environment and leverage best practices
  • Ability to manage competing deadlines and multiple projects at various stages of development using effective organizational skills and attention to detail

At least one of the following, and the ability to achieve one of the approved DoDD 8140 cybersecurity certifications within six months:

  • CMMC-AB certifications (any) • Certified Information System Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • Certified in Risk and Information Security System Controls (CRISC)
  • Certified Ethical Hacker (CEH) • GAIC Systems and Network Auditor (GSNA)

At Sierra Nevada Corporation (SNC) we deliver customer-focused technology and best-of-breed integrations in the aerospace and defense sectors. SNC has been honored as one of the most innovative U.S. companies in space, a Tier One Superior Supplier for the U.S. Air Force, and as one of America’s fastest-growing companies.

SNC offers annual incentive pay based upon performance that is commensurate with the level of the position.

SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 6%, life insurance, 3 weeks paid time off, tuition reimbursement, and .

IMPORTANT NOTICE: This position requires the ability to obtain and maintain a Secret U.S. Security Clearance. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-U.S. citizens may not be eligible to obtain a security clearance. The Department of Defense Consolidated Adjudications Facility (DoD CAF), a federal government agency, handles the adjudicative aspects of the security clearance eligibility process for industry applicants. Adjudicative factors which affect the outcome of the eligibility determination include, but are not limited to, allegiance to the U.S., foreign influence, foreign preference, criminal conduct, security violations and illegal drug use.

At Sierra Nevada Corporation (SNC), our mission is to dream, innovate, inspire and empower the next generation to transform humanity through technology and imagination. As an Equal Opportunity Employer, we welcome our employees to bring their whole selves to their work. SNC is committed to fostering an inclusive, accepting, and diverse environment free of discrimination. Employment decisions are made without regarding to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran or other characteristics protected by law. Contributions to SNC come in many shapes and styles, and we believe diversity in our workforce fosters new and greater ways to dream, innovate, and inspire.

Expected salary:

Location: Sparks, NV

Job date: Sun, 29 Oct 2023 07:03:31 GMT

Apply for the job now!

Leave A Comment