Full-Time IT Security and Compliance Analyst

We are seeking a highly motivated Security Compliance Analyst to oversee the development, implementation, and maintenance of security policies and procedures for compliance with industry standards and regulations.

This role involves:

• Conducting regular security assessments
• Responding to security incidents
• Monitoring security technologies
• Ensuring organizational compliance with frameworks such as NIST 800-53.

Key Responsibilities

• Incident Reporting: Immediately report any security incidents to the ISSO and ITSG leadership. Ensure timely and accurate documentation.
• Policy and Procedure Development: Develop, implement, and maintain information security policies, procedures, and standards for robust data protection and regulatory compliance.
• Security Assessments: Conduct regular assessments, vulnerability scans, and risk assessments to identify and mitigate security risks.
• Monitoring Security Technologies: Monitor and manage security technologies (firewalls, IDS/IPS, antivirus, encryption) to detect and respond to threats.
• Security Control Audits: Perform regular audits of security controls for access management, identity and authentication systems, and data protection mechanisms.
• Incident Response: Respond to and investigate security incidents, coordinating with incident response teams as needed.
• Compliance and Regulatory Adherence: Ensure compliance with regulations and standards (NIST 800-53, FISMA, HIPAA, etc.)
• Security Awareness Training: Provide security awareness training to end-users, including periodic drills.
• Emerging Threats and Technologies: Stay updated on emerging threats, vulnerabilities, technologies, and best practices; recommend and implement new measures.
• Documentation: Document security configurations, incident responses, risk assessments, and compliance status reports for audits.
• Vulnerability Scanning and Reporting: Regularly scan for vulnerabilities, report findings to NOAA Cybersecurity, and coordinate responses to issues.

Required Skills & Qualifications

• Relevant Certifications: CISSP, CISM, CompTIA Security+, or equivalent.
• Cybersecurity Knowledge: In-depth knowledge of cybersecurity principles, practices, and technologies.
• Security Technologies Expertise: Experience with firewalls, IDS, IPS, antivirus, and encryption.
• Access Control and Data Protection: Understanding of access control, identity management, and data protection.
• Security Risk Management: Ability to perform security assessments, vulnerability scans, and risk assessments.
• Compliance and Regulatory Adherence: Ensure compliance with relevant regulations, standards, and frameworks.
• Experience with Virtual Environments: Managing and securing virtual systems and ensuring compliance with secure configuration standards such as STIGs.

Preferred Qualifications

• Advanced Certifications: CEH, CySA+, or other advanced certifications.
• Experience with Security Tools: Familiarity with SIEM and security orchestration tools.
• Cloud Security Knowledge: Experience securing cloud environments (AWS, Azure).
• Experience with Virtual Environments: Configuring and securing VMs and ensuring compliance with security standards.
• In-depth knowledge of cybersecurity principles, practices, and technologies.
• Strong knowledge of IT compliance frameworks such as NIST 800-53, FISMA, etc.
• Experience conducting or supporting security assessments

What is the last date for applying to the job?

Which countries are accepted for this remote job?