Compliance Analyst
BOWLING GREEN, New York, United States
Applications have closed
Accrete
Accrete delivers universally configurable, reliable, and accurate Analytical AI Agents to both government and commercial customers.Office Headquarters: Lower Manhattan, NY (in-office three days a week)
- The U.S. Government agencies we work with have contracts that require all personnel working on their corresponding contracts to have U.S. citizenship – do you meet this requirement?
Accrete is looking for a Compliance Analyst that will be responsible for supporting compliance for SOC 2 type I and type II, NIST 800-53 and FedRAMP Moderate audit compliance as well as risk management support.
The role reports into the CISO and will have a heavy emphasis on compliance and security enforcement.
Accrete is an AI prime defense contractor with the U.S. government that creates AI software, enabling its customers to make better decisions, faster. Accrete is on a mission to create AI so powerful it amplifies human reasoning and enables enterprises to grow in previously unimaginable ways. Prior to launching Accrete in 2017, Prashant Bhuyan, Accrete’s Founder and CEO, spent over a decade in high-frequency trading where he and a core team experimented with and developed AI technology that ultimately became the early underpinnings of Accrete.
Accrete’s solutions enable the Department of Defense to predict covert behavior from foreign adversaries seeking to influence the supply chain; the U.S. Air Force to identify vulnerabilities in microprocessor firmware; major music labels to identify superstars before competitors; auto dealers to automatically generate marketing content from vehicle feature lists; employee benefits brokers to identify the shortest path to the hottest leads; and more.
To learn more about Accrete, please visit our website: Accrete.ai
Success for the Compliance Analyst for the first 3-6 months:
- Learn Accrete products, and technological capabilities and work across internal stakeholders and product engineering teams to drive continuous monitoring requirements, and drive continuous improvements within the Cybersecurity team for SOC II and FedRAMP program.
- Coordinate with internal stakeholder engineering teams and external MSSP to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements
- Submit audit evidence to 3PAO within a one-week period from the assignment
- Learn GRC tools for supporting audit management and gathering evidence for audits
- Perform vulnerability and compliance scanning, analyze results, and provide assessments and reviews
- Audit security control to ensure compliance with cloud requirements and governance models
- Support the development of technical material, operational processes, security policies, and other core documents
- Develop and manage compliance metrics against NIST 800-53 framework
- Manage program for Plans of Action and Milestones (POA&Ms)
- Manage onsite assessments and coordinate with external stakeholders
- Establish Risk Management documentation and monitor the remediation status of risks.
- Prepare reports for customers
- Prepare reports for CISO, Accrete management, and board of directors
- Success for the Compliance Analyst for the first 6 - 12 months:
- Automate workflows using GRC tools
- Prepare and collect evidence for upcoming audits for SOC 2 and FedRAMP.
- Update operating procedures for Accrete.
- Recommend improvements to compliance operations to CISO and management
- Conduct quarterly risk management updates
- Facilitate annual security and compliance operations improvement summit.
Requirements
Qualifications:
At least 2 years of experience or training in some of these areas:
- Experienced in writing Technical documentation and knowledge of Cloud and Security concepts
- Experience on SOC 2, NIST SP 800 Series, and FedRAMP
- Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as NIST 800-53
- Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
- Experience with the production and/or editing of technical drawings using Lucid Chart or similar design tools.
- Experience with technical documentation related to SOC 2 type II, FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, and continuous monitoring, and POA&M management.
- Understanding of Third-party Assessment Organizations (3PAO) Experience, training or some knowledge of:
- SOC 2 type II controls
- National Institute of Standards and Technology (NIST) standards
- Strong governance, risk and compliance experience
- Cloud Computing Security Requirements Guide (SRG)
- Experience and familiarity with cloud data security (FedRAMP compliance) and working with public cloud solutions (AWS, etc)
- Experience writing proposals and understanding basic contract language
- Deep experience NIST SP 800 Series, FedRAMP and FISMA
- ISO27001 - specifications for a framework of policies and procedures that include all legal, physical, and technical controls involved in an organization's risk management
General skills include:
- Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities
- Excellent English language, grammar, and spelling skills for writing, editing, and proofreading
- Ability to work independently or as a member of a team on various tasks.
- Skilled at organizing and translating information into clear written documentation; articulating complex concepts and processes in writing
- Proven ability to effectively research subject matter
- Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel
- Strong experience with Microsoft product suite, particularly Microsoft Word, PowerPoint, and SharePoint
- Strong writing skills - must submit samples
Industry-specific requirements
- Knowledge, experience, and subject matter expertise in the following:
- FedRAMP (Federal Risk Authorization Management Program)
- NIST SP 800-53 Rev 4
- NIST SP 800-37
- ISO 27001/2 Risk Management Framework
- Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies
- NIST FIPS 199, Data Classification
- Privacy Impact Assessment (PIA)
Education
- Bachelor's degree in a relevant field (e.g., English, Business Writing, Business Administration, Information Technology, Information Security, etc.)
Responsibilities:
- Write and maintain operating procedures supporting SOC 2 type I and type II
- Work with 3PAO for audits for FedRAMP and SOC 2.
- Write deliverables to support audits
- Gather evidence and submit to auditors
- Administer GRC system and tools for audit
- Follow up with cross-functional team members to get evidence for audits
- Manage risk management content for enterprise and systems
- Conduct business impact analysis
Benefits
Benefits & Perks
- Fortune 500-level core benefits package: health, dental, vision, Rx, long-term disability, short-term disability, life insurance, 401(k)
- 15 days of vacation, five days of sick leave, and all U.S. federal holidays off
- Company events include happy hours, team bonding with bowling, tennis, and more
- Our office is stocked with snacks – healthy, delicious, beverages, vitamins & more
- Performance bonuses awarded on twelve-month calendar anniversary dates (cash/equity)
- Work in a beautiful office in downtown Manhattan
Tags: Audits AWS Cloud Compliance FedRAMP FISMA Governance ISO 27001 Monitoring NIST Privacy Risk management Security assessment SharePoint SOC SOC 2 System Security Plan Vulnerabilities
Perks/benefits: Equity Health care Insurance Snacks / Drinks Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Senior Cyber Security Specialist jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs