CrawlJobs Logo

Senior Analyst, Cybersecurity Compliance

United States, Austin, Texas · Job Posted April 16, 2026
Apply Position
Job Link Share

Job Description

The Cybersecurity Compliance – Information Lifecycle Management (ILM), Export & Business Continuity Planning (BCP) Senior Analyst supports the Governance, Risk & Compliance (GRC) organization by providing enterprise oversight of ILM, Export Controls, and BCP across IT and Cybersecurity. This role is accountable for designing, operating, and sustaining ILM, Export, and BCP control frameworks, translating corporate policy and regulatory requirements into clear, actionable controls, processes, and metrics. The position monitors compliance dashboards, attestations, and formal reporting; proactively identifies control gaps and emerging risks; and drives remediation in partnership with Legal, ILM Coordinators, Export Compliance Officer (ECO)/Sub‑ECOs, application owners, BCP teams, and Cybersecurity functions. The role also integrates ILM, Export, and BCP control posture, risk, and trends across the NIST Cybersecurity Framework (NIST CSF) for broad cyber and regulatory risk reporting to leadership, supporting risk‑informed, compliance‑focused decisions.

Job Responsibility

  • Implement and maintain a comprehensive cybersecurity compliance program for ILM, Export, and BCP that is aligned to the NIST Cybersecurity Framework (NIST CSF)
  • Conduct regular compliance assessments of ILM, Export, and BCP controls, evaluating inherent and residual risk across these domains
  • Analyze and prioritize identified issues based on compliance impact and likelihood
  • recommend risk treatment strategies and control enhancements
  • Monitor and track mitigation activities to closure, assessing impacts to residual compliance risk and recommending adjustments to the unified control set
  • Design, operate, and continuously improve the ILM control framework, ensuring alignment with corporate ILM policy, data classification standards, retention schedules, and privacy requirements
  • Define and document control requirements for data creation, classification, retention, archival, and destruction across key systems and repositories
  • Establish and manage ILM attestation processes with ILM Coordinators, application owners, and business stakeholders to confirm control design and operating effectiveness
  • Partner with Legal, Privacy, and Records Management to ensure ILM controls support litigation hold, regulatory, and privacy obligations
  • Translate Export Control policy and regulatory obligations into practical, testable controls across IT and Cyber environments
  • Partner with the ECO/Sub‑ECO network to define, document, and operationalize Export controls (e.g., access restrictions, system configuration, logging/monitoring)
  • Monitor compliance with Export requirements through dashboards, attestations, exception reviews, and periodic control testing
  • Support investigations, issues management, and remediation for Export‑related control deficiencies and incidents
  • Integrate BCP and resilience requirements into cybersecurity controls and standards, ensuring critical cyber and IT services can withstand and recover from disruptive events
  • Collaborate with enterprise BCP and Crisis Management teams to align BCP plans, recovery strategies, and technical controls (e.g., backup, recovery, failover)
  • Support exercises, simulations, and post‑event reviews to validate the effectiveness of BCP‑related cyber controls and drive continuous improvement
  • Develop clear, concise compliance and risk reports on ILM, Export, and BCP for senior leadership, risk committees, and other stakeholders
  • Build and maintain dashboards and metrics (e.g., control coverage, testing results, exceptions, attestations, remediation progress) to demonstrate posture and trends
  • Translate technical compliance and control findings into plain‑language, decision‑ready insights for non‑technical stakeholders, emphasizing business and regulatory impact
  • Manage Cybersecurity’s GRC platform (e.g., ServiceNow IRM) for ILM, Export, and BCP use cases, including issues, controls, tests, and attestations
  • Support configuration and enhancement of modules to enable standardized workflows, evidence collection, and reporting for ILM, Export, and BCP
  • Collaborate with Cybersecurity and IT teams to populate and maintain high‑quality risk and compliance data for these domains
  • Design and implement data integration strategies to consolidate control, issue, and risk information from multiple sources into unified dashboards and reports

Requirements

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Information Technology, Risk Management, or a related field
  • Minimum 7 years of experience in cybersecurity, GRC, risk management, audit, or related compliance roles, preferably in a large, global organization
  • Demonstrated experience with cybersecurity risk and compliance frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001, CIS) and enterprise risk/compliance frameworks (e.g., FAIR, ERM, COSO)
  • Familiarity with legal and regulatory requirements impacting cybersecurity, data, and export controls (e.g., SOX, PCI‑DSS, GDPR, CCPA, export regulations, records/retention requirements)
  • Understanding of incident response, vulnerability management, and business continuity processes and how they intersect with compliance obligations
  • Experience managing or supporting GRC software tools and platforms (preferably ServiceNow IRM), including workflows, control libraries, and reporting
  • Excellent communication, presentation, and interpersonal skills
  • able to translate technical compliance topics into concise, executive‑ready messages
  • Proven ability to manage multiple complex initiatives, prioritize effectively, and work both independently and collaboratively in a matrixed environment

Nice to have

  • Advanced degree in Cybersecurity, Information Systems, Risk Management, or a related field
  • Knowledge of enterprise ILM frameworks and practices, including familiarity with models such as the SNIA ILM Maturity Model and tools such as ServiceNow Lifecycle Management
  • Knowledge of BCP models and best practices, including familiarity with frameworks such as ISO 22301, NIST SP 800‑34, and COBIT DSS04
  • Understanding of EAR, ITAR, the U.S. Consolidated Screening List (CSL), and other export control regulations, including requirements for managing controlled technologies, safeguarding sensitive data, and supporting export control compliance activities
  • Demonstrated experience in IT control auditing and assurance, including testing internal controls and supporting audits aligned with NIST, ISO 27001, SOX, or similar standards
  • Professional certifications such as CGRC, CRISC, CISA, CISM, CISSP, or PMP
  • Experience implementing or maturing ILM, Export Controls, or BCP programs within a regulated, global enterprise
  • Experience working with globally distributed teams and cross‑functional stakeholders (e.g., Legal, Privacy, Records, BCP, IT, and Cybersecurity)

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Analyst, Cybersecurity Compliance

8 matching positions

Senior Cybersecurity Analyst – CMMC & DoD Compliance

The Cybersecurity Analyst will help lead the CMMC compliance efforts to enable p...
Location
Location
United States , Austin, Texas; Warren, Michigan
Salary
Salary:
Not provided
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent practical experience
  • 5+ years of cybersecurity experience in regulated or government‑contract environments
  • Experience supporting federally regulated cybersecurity requirements
  • Experience preparing for third‑party or government assessments
  • Ability to translate and communicate DoD cybersecurity requirements for application teams
  • Knowledge in the following areas: Identity & Access Management (IAM): RBAC, least privilege, privileged access workflows, MFA, service accounts, access reviews, joiner/mover/leaver processes
  • Windows & Linux security: GPO/Intune or equivalent, local admin controls, secure baselines (e.g., CIS-aligned), logging configuration, patch management, hardening validation
  • Network security: segmentation concepts, firewall rulesets, VPN/ZTNA, secure remote administration, network device logging, NAC fundamentals, DNS security basics
  • Endpoint security: EDR capabilities, alert triage/validation, policy enforcement, device encryption, removable media controls
  • Vulnerability management: scan coverage, risk-based prioritization, remediation workflows, exception handling, validation reporting
Job Responsibility
Job Responsibility
  • Drive the overall governance for government programs
  • Execute annual self-assessments (Continuous Monitoring) on CMMC/NIST controls and document findings
  • Coordinate internal teams (IAM, cloud, infrastructure, SOC, endpoint, vulnerability management, application owners) to validate control implementation and operational effectiveness
  • Identify compliance gaps, manage security exceptions (POA&Ms), and drive remediation prior to audit or customer assessments
  • Lead CMMC readiness and sustainment activities for GM Defense programs, aligned to NIST SP 800‑171 and DoD expectations for CUI protection
  • Build and maintain assessment‑ready evidence packages (policies, procedures, configurations, logs, tickets, reports) aligned to CMMC and DFARS requirements
What we offer
What we offer
  • This job may be eligible for relocation benefits
  • Fulltime
Read More
Arrow Right

Senior Cybersecurity Analyst (Information System Security Manager - ISSM)

OTS is seeking a Senior Cybersecurity Analyst (Information System Security Manag...
Location
Location
United States , San Antonio
Salary
Salary:
Not provided
optechs-inc.com Logo
Optimized Technical Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Cybersecurity, Information Technology (IT), or a related field OR equivalent experience
  • Information Assurance Manager (IAM) Level III Certification (CISSP, CISM, GSLC, or equivalent)
  • 15+ years of experience in DoD cybersecurity operations
  • Proficiency with SonarQube, Dependency-Track, ACAS, and STIG compliance
  • Experience with eMASS, RMF, and cybersecurity compliance in DoD or federal agencies
Job Responsibility
Job Responsibility
  • Security Documentation
  • Code Scans
  • Open-Source Library Scans
  • Cybersecurity and Authorization to Operate (ATO)
  • Assured Compliance Assessment Solution (ACAS) Scans
  • C5ISR Interrogator Reporter
  • Enterprise Mission Assurance Support Service (eMASS) and Plan of Action and Milestones (POA&M)
  • STIG Checks
  • JIRA Workflow Support
  • Continuous Monitoring
What we offer
What we offer
  • Medical
  • Dental
  • Vision
  • Life Insurance
  • PTO including 11 Federal Holidays
  • 401K
  • Fulltime
Read More
Arrow Right

Senior Cybersecurity Analyst

Location
Location
United States , Washington
Salary
Salary:
130000.00 USD / Year
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A master’s degree in a relevant field and ten (10) years of relevant experience in cyber security, information system management, software development, design or authorization
  • or A Bachelor’s degree in a relevant field and fifteen (15) years of relevant experience in cyber security, information system management, software development, design or authorization
  • or A high school degree, or a GED, and more than twenty (20) years of relevant experience in cyber security, information system management, software development, design or authorization
  • In depth knowledge of all steps in the RMF Process
  • Ideal candidate has Risk Management Framework (RMF) package development knowledge and can lead efforts to bring platform technology systems through the full lifecycle of the RMF process to achieve/renew an Authorization to Operate (ATO)
  • Knowledge of DoD and DON cyber policies and procedures and/or NIST 800-53, DoDI 8500.01, and DoDI 8510.01
  • Must be flexible in adapting to deadlines, changing schedules, competing priorities, and unpredictable events
  • Ideal candidate has demonstrated ability to assign work and manage personnel and tasks
  • Familiar with and able to present data and recommendations to Government and Military leadership
  • Thorough, detail oriented, and organized, with excellent time management skills and ability to prioritize and handle multiple projects at once
Job Responsibility
Job Responsibility
  • Provide cybersecurity expertise to surface combat system program offices
  • Lead efforts to bring Platform Information Technology systems and other systems through the full life cycle of the Risk Management Framework (RMF) process to achieve/renew Authority to Operate (ATO)
  • Review RMF package submission to ensure alignment with the NAVSEA Standard Operating Procedures (SOP)
  • Develops, coordinates, and reviews detailed Assessment & Authorization documentation in accordance with DoD Instruction 8510.01 – DoD Information Assurance Assessment and Authorization (A&A) Process (RMF)
  • Review systems scans/tests using the Security Content Automation Protocol (SCAP) Compliance Checker (SCC), and the Assured Content Assessment Solution (ACAS)
  • Work with the NAVSEA, PEO IWS, combat system program offices to ensure DOD/DON cybersecurity regulations and best practices are followed in the design, development, and sustainment of the integrated combat systems and weapon systems
  • Assist in RMF package development activities as an ISSE
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
  • Fulltime
Read More
Arrow Right

Senior Cybersecurity Analyst

Astrion has an exciting opportunity for a Senior Cybersecurity Analyst located a...
Location
Location
United States , Washington D.C.
Salary
Salary:
115000.00 - 130000.00 USD / Year
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A master’s degree in a relevant field and ten (10) years of relevant experience in cyber security, information system management, software development, design or authorization
  • A Bachelor’s degree in a relevant field and fifteen (15) years of relevant experience in cyber security, information system management, software development, design or authorization
  • A high school degree, or a GED, and more than twenty (20) years of relevant experience in cyber security, information system management, software development, design or authorization
  • In depth knowledge of all steps in the RMF Process
  • Knowledge of DoD and DON cyber policies and procedures and/or NIST 800-53, DoDI 8500.01, and DoDI 8510.01
  • Must be flexible in adapting to deadlines, changing schedules, competing priorities, and unpredictable events
  • Ideal candidate has demonstrated ability to assign work and manage personnel and tasks
  • Familiar with and able to present data and recommendations to Government and Military leadership
  • Thorough, detail oriented, and organized, with excellent time management skills and ability to prioritize and handle multiple projects at once
  • Superb verbal and written communication skills
Job Responsibility
Job Responsibility
  • Provide cybersecurity expertise to surface combat system program offices
  • Lead efforts to bring Platform Information Technology systems and other systems through the full life cycle of the Risk Management Framework (RMF) process to achieve/renew Authority to Operate (ATO)
  • Review RMF package submission to ensure alignment with the NAVSEA Standard Operating Procedures (SOP)
  • Develops, coordinates, and reviews detailed Assessment & Authorization documentation in accordance with DoD Instruction 8510.01 – DoD Information Assurance Assessment and Authorization (A&A) Process (RMF)
  • Review systems scans/tests using the Security Content Automation Protocol (SCAP) Compliance Checker (SCC), and the Assured Content Assessment Solution (ACAS)
  • Work with the NAVSEA, PEO IWS, combat system program offices to ensure DOD/DON cybersecurity regulations and best practices are followed in the design, development, and sustainment of the integrated combat systems and weapon systems
  • Assist in RMF package development activities as an ISSE or Validator
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
Read More
Arrow Right

Senior Cybersecurity Analyst Engineer

Senior Cybersecurity Analyst/Engineer to join our prime contract supporting Gold...
Location
Location
United States , Huntsville
Salary
Salary:
Not provided
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of cybersecurity experience supporting USSF, DoD, or related federal organizations
  • BA or BS degree
  • Active DoD TS/SCI clearance (with current investigation)
  • CompTIA Security+ or equivalent DoD 8570/8140 IAT/IAM certification
  • Hands-on experience with eMASS
  • Familiarity with Risk Management Framework (RMF) protocols
  • Knowledge of USSF A&A procedures
Job Responsibility
Job Responsibility
  • Support A&A activities and provide cybersecurity engineering expertise for enterprise mission systems
  • Develop, update, and manage Enterprise Mission Assurance Support Service (eMASS) entries and coordinate A&A packages in accordance with DoDI 8510.01 (RMF)
  • Maintain and report on C&A schedules, package status, and system registrations in ITIPS (formerly EITDR) in compliance with FISMA
  • Review and refine certification policies, procedures, and reports for new and evolving cyber system requirements
  • Conduct research and analysis to assess the impact of new DoD, USSF, DIA, and DISA cybersecurity directives
  • Support Vulnerability Management System (VMS) processes by documenting, tracking, and closing compliance findings
  • Contribute to Security Test & Evaluation (ST&E) efforts, penetration testing, and validation of cybersecurity controls
  • Revalidate cyber and IA controls for accredited systems and recommend improvements to strengthen mission assurance
  • Assess policy changes from higher headquarters and determine impact on current mission system security posture
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
Read More
Arrow Right

Senior Cybersecurity Analyst

Astrion has an exciting opportunity for a Senior Cybersecurity Analyst located a...
Location
Location
United States , Washington D.C.
Salary
Salary:
130000.00 - 150000.00 USD / Year
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A master’s degree in a relevant field and ten (10) years of relevant experience in cyber security, information system management, software development, design or authorization
  • A Bachelor’s degree in a relevant field and fifteen (15) years of relevant experience in cyber security, information system management, software development, design or authorization
  • A high school degree, or a GED, and more than twenty (20) years of relevant experience in cyber security, information system management, software development, design or authorization
  • In depth knowledge of all steps in the RMF Process
  • Risk Management Framework (RMF) package development knowledge and can lead efforts to bring platform technology systems through the full lifecycle of the RMF process to achieve/renew an Authorization to Operate (ATO)
  • Knowledge of DoD and DON cyber policies and procedures and/or NIST 800-53, DoDI 8500.01, and DoDI 8510.01
  • Must be flexible in adapting to deadlines, changing schedules, competing priorities, and unpredictable events
  • Demonstrated ability to assign work and manage personnel and tasks
  • Familiar with and able to present data and recommendations to Government and Military leadership
  • Thorough, detail oriented, and organized, with excellent time management skills and ability to prioritize and handle multiple projects at once
Job Responsibility
Job Responsibility
  • Provide cybersecurity expertise to surface combat system program offices
  • Lead efforts to bring Platform Information Technology systems and other systems through the full life cycle of the Risk Management Framework (RMF) process to achieve/renew Authority to Operate (ATO)
  • Review RMF package submission to ensure alignment with the NAVSEA Standard Operating Procedures (SOP)
  • Develops, coordinates, and reviews detailed Assessment & Authorization documentation in accordance with DoD Instruction 8510.01 – DoD Information Assurance Assessment and Authorization (A&A) Process (RMF)
  • Review systems scans/tests using the Security Content Automation Protocol (SCAP) Compliance Checker (SCC), and the Assured Content Assessment Solution (ACAS)
  • Work with the NAVSEA, PEO IWS, combat system program offices to ensure DOD/DON cybersecurity regulations and best practices are followed in the design, development, and sustainment of the integrated combat systems and weapon systems
  • Assist in RMF package development activities as an ISSE or Validator
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
Read More
Arrow Right

Senior Analyst, IT Security & Data Protection

We are looking for a Senior Analyst, IT Security & Data Protection to support ou...
Location
Location
Poland , Poznan
Salary
Salary:
Not provided
kennametal.com Logo
Kennametal
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Information Security, Information Systems, Computer Science, or a related field
  • 5+ years of experience in data privacy, cybersecurity compliance, GRC, risk management, or a related area
  • Strong knowledge of GDPR and data protection requirements
  • Experience with audits, risk assessments, and compliance programs
  • Excellent communication and stakeholder management skills
  • Professional proficiency in English
Job Responsibility
Job Responsibility
  • Own and coordinate Privacy Impact Assessments (PIAs / DPIAs) for new systems, vendors, tools, and processing activities, ensuring risks are identified, documented, and addressed prior to implementation
  • Support the review, maintenance, and operational application of Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) in partnership with Legal, Procurement, and IT
  • Maintain and oversee Records of Processing Activities (ROPA), supporting process owners and driving periodic review cycles to ensure accuracy and completeness
  • Evaluate systems and business processes for GDPR compliance, including lawful basis, purpose limitation, data minimization, retention, data subject rights, and access controls
  • Maintain and update privacy policies, standards, and procedures to reflect regulatory requirements and internal operating practices
  • Embed privacy‑by‑design and privacy‑by‑default principles into IT solutions and digital initiatives through proactive engagement with project teams
  • Support data protection incident and breach triage, fact‑finding, documentation, risk assessment support, and coordination with Information Security and Legal stakeholders
  • Manage the Data Privacy SharePoint and evidence repositories, ensuring documentation is current, well‑structured, and audit‑ready
  • Maintain GDPR training content and support awareness tracking and reporting
  • Support internal and external privacy audits, regulatory inquiries, and supervisory authority assessments
What we offer
What we offer
  • Work on global privacy and cybersecurity initiatives
  • Collaborate with international teams and stakeholders
  • Grow your expertise in a dynamic and evolving compliance environment
  • Competitive compensation, benefits, and flexible working arrangements
  • Fulltime
Read More
Arrow Right

SOC Analyst Senior Cyber Security Engineer

Experience: 4 to 6 yrs. Location: Chennai. Engineering Graduate - preferably B.E...
Location
Location
India , Chennai
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 3 years experience working in security operations environment or 3 years’ experience in IT operations Data Centre, SOC/NOC
  • Very good English verbal & written communication skills
  • Good understanding of networking concepts and operating systems
  • Good understanding of key customer infrastructure components - Proxy, Firewall, Antivirus
  • Technical capability and maturity to assist and guide the team of Analysts
  • Should have worked and have good understanding of the following security tools: MITRE, NIST framework, SIEM tools (SENTINEL, SPLUNK, QRADAR)
  • Ability to learn new skills and adopting new technologies and work collaboratively in an international context
  • Ability to understand and work in a complex environment and concern for quality and detail
  • Ability to synthesize and analyze a variety of contexts and manage customer confidentiality
  • Knowledge on ITIL basic practice
Job Responsibility
Job Responsibility
  • Ensure all threats at customer environment are detected and notified in timely manner
  • Continuous review of Incidents to ensure compliance with standard operating procedures
  • Provide training and feedback to Security Analysts to ensure quality deliverables
  • Identify and execute continuous improvements in monitoring, including threat scenarios and operating procedures
  • Interact with customers on queries and improvements related to service deliverables
  • Should know and able to contribute to MSSP services (Managed Security Services Provider)
  • Perform root cause analysis for any errors /deficiencies pointed out in the monitoring service
  • Review the alert to determine relevancy and urgency, create new trouble tickets for incident
  • Fulltime
Read More
Arrow Right