Security Compliance Analyst (Hybrid Remote/Cary, NC)

Cary, NC

Cprime

Enterprise IT, and Agile solutions. Partner of choice for Fortune 100 companies looking to achieve value and agility. Atlassian Platinum Solution Partner.

View company page

Cprime (Goldman Sachs | Everstone Company) is a global consulting firm helping transforming businesses get in sync.  Cprime is the partner of choice for Fortune 100 companies looking to achieve value and agility.  We help visionary business leaders compose solutions, execute implementations, and exceed against business goals.  With our key partnership recognitions, including Atlassian Platinum, AWS Advanced, and SAFe Gold partner, our industry-leading software and services work in synergy to deliver transformations. Cprime is headquartered in Cary, North Carolina with offices in Chicago, Philadelphia, and Leeds, UK. We are growing our global footprint in Canada, the United Kingdom, Ukraine, EMEA, and India.
COVID-19 UPDATE: Employment or contracting with Cprime is conditioned on proof of full vaccination against the COVID-19 virus. Cprime will consider requests for medical or religious accommodation to this vaccination requirement during the recruiting process.
Cprime US has adopted a remote-first/full-remote work environment from most US-based locations. Occasionally, our teams have the option to meet in-person for team meetings, collaboration, or social events.
Notice of E-Verify Participation:
This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9. E-Verify Works for Everyone For more information on E-Verify, or if you believe that your employer has violated its E-Verify responsibilities, please contact DHS.
Right to Work Notice:
If you have the skills, experience, and legal right to work, your citizenship or immigration status shouldn’t get in the way. Neither should the place you were born or another aspect of your national origin. A part of U.S. immigration laws protects legally-authorized workers from discrimination based on their citizenship status and national origin. You can read this law at 8 U.S.C. § 1324b. The Immigrant and Employee Rights Section (IER) may be able to help if an employer treats you unfairly in violation of this law. The law that IER enforces is 8 U.S.C. § 1324b. The regulations for this law are at 28 C.F.R. Part 44. Call IER if an employer: Does not hire you or fires you because of your national origin or citizenship status (this may violate a part of the law at 8 U.S.C. § 1324b(a)(1)) Treats you unfairly while checking your right to work in the U.S., including while completing the Form I-9 or using E-Verify (this may violate the law at 8 U.S.C. § 1324b(a)(1) or (a)(6)) Retaliates against you because you are speaking up for your right to work as protected by this law (the law prohibits retaliation at 8 U.S.C. § 1324b(a)(5)) 
As a Security Compliance Analyst, you will be an important member of our internal IT Operations team that works closely with our internal groups and external clients to assess, design and deploy solutions to security risks in an agile fashion. You will build out our compliance strategy and work cross-functionally across our company to deploy the security program, including running change management and training. You will lead the security work to analyze attack methods and tactics leveraged against the firm's information and IT portfolio and review/produce IT security specifications for any changes or improvements to existing processes, procedures, and technology. You may also propose entirely new solutions as necessary.

What you will do:

  • Implement security procedures across Cprime systems and platforms
  • Develop and enforce corporate security policies
  • Align Cprime with currently accepted industry security and privacy standards
  • Complete security risk assessments as it pertains to our clients and vendors
  • Setup and oversee software tools, configuration, permissions, etc.
  • Manage internal security training and compliance programs (i.e., Phishing Tests, Security Onboarding Training)
  • Variety of other tasks and initiatives related to Cprime’s overall security practice

Qualifications and Skills:

  • Experience building compliance policies programs and rolling them out
  • Experience authoring corporate security policies (such as privacy, data and records retention) and enterprise security programs
  • Understanding of a broad range of IT and information security risks
  • Experience with HTTP protocols, response codes, modern usage, and web scripting/automation tools
  • Working knowledge of IT Security; Cyber engineering or analyst experience highly desired (government, military or private industry)
  • Experience with security certification programs, such as NIST, CMMC and ISO
  • Strong deductive reasoning, critical thinking, and problem solving skills
  • Strong verbal/written communication skills

Education and Certifications:

  • BS/BA Degree or equivalent experience

What will give you a step up:

  • Experience with Elastic (ELK) Stack Security
  • Familiarity with writing business impact analysis documents, example: policy for handling different systems for different teams. 
  • Familiarity with SOC2 compliance 
  • Recognized security certifications
  • Experience with privacy laws, including GDPR

What We Believe InAt Cprime we believe in facilitating social justice action internally, in industry, and within our communities.  We believe part of our mission is to expand the minds, hearts, and opportunities of our Cprime teammates and within the broader community to include those who have been historically marginalized.
Equal Employment Opportunity Statement    Cprime is an equal opportunity employer that is committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veterans status, or any other characteristic protected by federal, state, or local laws. 
#LI-HB1

* Salary range is an estimate based on our salary survey 💰

Tags: Agile Automation AWS C CMMC Compliance ELK GDPR NIST Privacy Risk assessment Scripting SOC 2 Strategy

Perks/benefits: Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  7  3  0
  • Share this job via
  • or

More jobs like this

Explore more InfoSec/Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.