BOWLING GREEN, New York, United States
AccreteWe automate analytical tasks to scale tacit knowledge and make accurate predictions about the real world. Compounding knowledge for global enterprises.
Office Headquarters: Lower Manhattan, NY (in-office three days a week)
- The U.S. Government agencies we work with have contracts that require all personnel working on their corresponding contracts to have U.S. citizenship – do you meet this requirement?
Accrete is looking for a Compliance Analyst that will be responsible for supporting compliance for SOC 2 type I and type II, NIST 800-53 and FedRAMP Moderate audit compliance as well as risk management support.
The role reports into the CISO and will have a heavy emphasis on compliance and security enforcement.
Accrete is an AI prime defense contractor with the U.S. government that creates AI software, enabling its customers to make better decisions, faster. Accrete is on a mission to create AI so powerful it amplifies human reasoning and enables enterprises to grow in previously unimaginable ways. Prior to launching Accrete in 2017, Prashant Bhuyan, Accrete’s Founder and CEO, spent over a decade in high-frequency trading where he and a core team experimented with and developed AI technology that ultimately became the early underpinnings of Accrete.
Accrete’s solutions enable the Department of Defense to predict covert behavior from foreign adversaries seeking to influence the supply chain; the U.S. Air Force to identify vulnerabilities in microprocessor firmware; major music labels to identify superstars before competitors; auto dealers to automatically generate marketing content from vehicle feature lists; employee benefits brokers to identify the shortest path to the hottest leads; and more.
To learn more about Accrete, please visit our website: Accrete.ai
Success for the Compliance Analyst for the first 3-6 months:
- Learn Accrete products, and technological capabilities and work across internal stakeholders and product engineering teams to drive continuous monitoring requirements, and drive continuous improvements within the Cybersecurity team for SOC II and FedRAMP program.
- Coordinate with internal stakeholder engineering teams and external MSSP to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements
- Submit audit evidence to 3PAO within a one-week period from the assignment
- Learn GRC tools for supporting audit management and gathering evidence for audits
- Perform vulnerability and compliance scanning, analyze results, and provide assessments and reviews
- Audit security control to ensure compliance with cloud requirements and governance models
- Support the development of technical material, operational processes, security policies, and other core documents
- Develop and manage compliance metrics against NIST 800-53 framework
- Manage program for Plans of Action and Milestones (POA&Ms)
- Manage onsite assessments and coordinate with external stakeholders
- Establish Risk Management documentation and monitor the remediation status of risks.
- Prepare reports for customers
- Prepare reports for CISO, Accrete management, and board of directors
- Success for the Compliance Analyst for the first 6 - 12 months:
- Automate workflows using GRC tools
- Prepare and collect evidence for upcoming audits for SOC 2 and FedRAMP.
- Update operating procedures for Accrete.
- Recommend improvements to compliance operations to CISO and management
- Conduct quarterly risk management updates
- Facilitate annual security and compliance operations improvement summit.
At least 2 years of experience or training in some of these areas:
- Experienced in writing Technical documentation and knowledge of Cloud and Security concepts
- Experience on SOC 2, NIST SP 800 Series, and FedRAMP
- Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as NIST 800-53
- Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
- Experience with the production and/or editing of technical drawings using Lucid Chart or similar design tools.
- Experience with technical documentation related to SOC 2 type II, FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, and continuous monitoring, and POA&M management.
- Understanding of Third-party Assessment Organizations (3PAO) Experience, training or some knowledge of:
- SOC 2 type II controls
- National Institute of Standards and Technology (NIST) standards
- Strong governance, risk and compliance experience
- Cloud Computing Security Requirements Guide (SRG)
- Experience and familiarity with cloud data security (FedRAMP compliance) and working with public cloud solutions (AWS, etc)
- Experience writing proposals and understanding basic contract language
- Deep experience NIST SP 800 Series, FedRAMP and FISMA
- ISO27001 - specifications for a framework of policies and procedures that include all legal, physical, and technical controls involved in an organization's risk management
General skills include:
- Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities
- Excellent English language, grammar, and spelling skills for writing, editing, and proofreading
- Ability to work independently or as a member of a team on various tasks.
- Skilled at organizing and translating information into clear written documentation; articulating complex concepts and processes in writing
- Proven ability to effectively research subject matter
- Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel
- Strong experience with Microsoft product suite, particularly Microsoft Word, PowerPoint, and SharePoint
- Strong writing skills - must submit samples
- Knowledge, experience, and subject matter expertise in the following:
- FedRAMP (Federal Risk Authorization Management Program)
- NIST SP 800-53 Rev 4
- NIST SP 800-37
- ISO 27001/2 Risk Management Framework
- Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies
- NIST FIPS 199, Data Classification
- Privacy Impact Assessment (PIA)
- Bachelor's degree in a relevant field (e.g., English, Business Writing, Business Administration, Information Technology, Information Security, etc.)
- Write and maintain operating procedures supporting SOC 2 type I and type II
- Work with 3PAO for audits for FedRAMP and SOC 2.
- Write deliverables to support audits
- Gather evidence and submit to auditors
- Administer GRC system and tools for audit
- Follow up with cross-functional team members to get evidence for audits
- Manage risk management content for enterprise and systems
- Conduct business impact analysis
Benefits & Perks
- Fortune 500-level core benefits package: health, dental, vision, Rx, long-term disability, short-term disability, life insurance, 401(k)
- 15 days of vacation, five days of sick leave, and all U.S. federal holidays off
- Company events include happy hours, team bonding with bowling, tennis, and more
- Our office is stocked with snacks – healthy, delicious, beverages, vitamins & more
- Performance bonuses awarded on twelve-month calendar anniversary dates (cash/equity)
- Work in a beautiful office in downtown Manhattan
More jobs like this
Annapolis Junction, Maryland, United … Annapolis Junction, Maryland, United States Full TimeMid Mid-levelUSD 45K - 84K * USD 45K+ *
Computer Network Defense Analyst-MidComputer Science Firewalls Forensics Intrusion detection Network security Pentesting PhD +3
Career development Team events
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Staff Product Security Engineer jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open Senior Security Operations Engineer jobs
- Open Senior SOC Analyst jobs
- Open Security Consultant jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Lead Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open IT Security Analyst jobs
- Open Offensive Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Clearance-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open SaaS-related jobs
- Open Forensics-related jobs
- Open ISO 27001-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Cryptography-related jobs
- Open Threat intelligence-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open Kubernetes-related jobs
- Open APIs-related jobs
- Open TCP/IP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open IPS-related jobs
- Open DevSecOps-related jobs