The Senior Analyst - Cybersecurity Policy and Standards Management is responsible for developing and maintaining policies, standards, and procedures (documents) for cybersecurity controls and processes within the organization. This includes partnering with the business, IT, and security organizations to coordinate developing, reviewing, and approving new and existing documents.
Essential Functions
Review the existing documents to identify and prioritize the requirements for revisions.
Create new security policies, standards, and responsibility models to ensure the organization's security practices and responsibilities are clearly outlined.
Utilize and enhance the Enterprise Policy Management tool (One Trust) to automate the IT policy and standard management process.
Establish and monitor the policy/standards attestation process by all stakeholders.
Facilitate document development/revision through meetings and workshops with SMEs and obtain consensus from their leadership.
Develop questionnaires to assess the compliance of existing cybersecurity policies and standards and identify gaps in the organization’s Cybersecurity Risk Register
Establish and monitor policy/standards exception process
Requirements:
The ideal candidate will possess the following:
Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering, or related field(s).
5+ years of experience in Information Technology or Information Security.
3+ years of experience authoring security policies, standards, and procedures.
Security and Compliance certifications include CISSP, CISA, CISM, CGEIT, or CRISC. Candidates with some or all of these certifications will be preferred.
Technical Knowledge
The candidates MUST possess a solid working knowledge of:
GRC tools such as OneTrust.
Identity and Access Management & Governance concepts and technologies such as Microfocus NetIQ (including IGA), Active Directory, Centrify, Entra, etc.
IT asset management utilizing ServiceNow (or other) Configuration Management Databases (CMDB) and network asset discovery tools.
Control frameworks and control objectives (ex NIST CSF, NIST RMF, PCI-DSS, SOX, GDPR, CCPA, CIS Controls, ISO/IEC 27001, etc.)
Operating systems, databases, and middleware components.
Self-motivated and results-oriented, including the ability to prioritize conflicting demands.
Exceptional organizational skills to balance work and lead projects.
Exceptional verbal and written skills.
The candidate must be able to build consensus, collaborate, and build strong relationships with various internal and external stakeholders (business, development, security, etc.).
Ability to adapt and apply information to new scenarios and technologies.
About Us: Established in 2004, SPECTRAFORCE® is one of the largest and fastest-growing diversity-owned staffing firms in the US. The growth of our company is a direct result of our global client service delivery model that is powered by our state-of-the-art A.I. proprietary talent acquisition platform, robust ISO 9001:2015/ISO 27001 certified processes, and strong and passionate client engaged teams. We have built our business by providing talent and project-based solutions, including Contingent, Permanent, and Statement of Work (SOW) services to over 140 clients in the US, Canada, Puerto Rico, Costa Rica, and India. Key industries that we service include Technology, Financial Services, Life Sciences, Healthcare, Telecom, Retail, Utilities and Transportation. SPECTRAFORCE is built on a concept of “human connection,” defined by our branding attitude of NEWJOBPHORIA®, which is the excitement of bringing joy and freedom to the work lifestyle so our people and clients can reach their highest potential. Learn more at: http://www.spectraforce.com
Benefits: SPECTRAFORCE offers ACA compliant health benefits as well as dental, vision, accident, critical illness, voluntary life, and hospital indemnity insurances to eligible employees. Additional benefits offered to eligible employees include commuter benefits, 401K plan with matching, and a referral bonus program. SPECTRAFORCE provides unpaid leave as well as paid sick leave when required by law.
Equal Opportunity Employer: SPECTRAFORCE is an equal opportunity employer and does not discriminate against any employee or applicant for employment because of race, religion, color, sex, national origin, age, sexual orientation, gender identity, genetic information, disability or veteran status, or any other category protected by applicable federal, state, or local laws. Please contact Human Resources at LOA@spectraforce.com if you require reasonable accommodation.
California Applicant Notice: SPECTRAFORCE is committed to complying with the California Privacy Rights Act (“CPRA”) effective January 1, 2023; and all data privacy laws in the jurisdictions in which it recruits and hires employees. A Notice to California Job Applicants Regarding the Collection of Personal Information can be located on our website. Applicants with disabilities may access this notice in an alternative format by contacting NAHR@spectraforce.com.
LA County, CA Applicant Notice: If you are selected for this position with SPECTRAFORCE, your offer is contingent upon the satisfactory completion of several requirements, including but not limited to, a criminal background check. We consider qualified applicants with arrest or conviction records for employment in accordance with all local ordinances and state laws, including the Los Angeles County Fair Chance Ordinance for Employers (FCO) and the California Fair Chance Act (FCA). The background check assessment will consider whether a criminal history could reasonably have a direct, adverse impact on the job-related safety, security, trust, regulatory compliance, or suitability for this role. Such findings may result in withdrawal of a conditional job offer.
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $60.00/hr.