Sr. Cybersecurity Audit Analyst

Overview

The Senior Cybersecurity Audit Analyst is responsible for coordinating and supporting external cybersecurity audits and continuous compliance assessment programs across hybrid enterprise on-premises and cloud environments. This role includes providing assurance with SOC 2 ISO/IEC 27001 FedRAMP and CMMC compliance combining traditional audit coordination with ongoing control monitoring and compliance program execution. The role requires strong program management and organizational skills to manage multiple concurrent audits remediation tracking continuous monitoring and improvement activities and internal and external stakeholder communications

Responsibilities

External Audit Coordination

• Coordinate end-to-end external third-party cybersecurity audits including scoping readiness planning timelines and evidence coordination
• Serve as the primary point of contact between external auditors assessors and internal stakeholders
• Manage evidence requests walkthroughs interviews and follow-up inquiries
• Ensure audit evidence is complete accurate well-organized and delivered on schedule
• Coordinate audit close-out activities and remediation planning
• Improve and consolidate audit activities to reduce duplication and improve efficiencies
• Educate and communicate the importance of external third-party audits to key internal and external stakeholders including executive management

Continuous Assessment & Ongoing Compliance

• Establish and maintain continuous compliance and recurring assessment programs between formal audits
• Track control effectiveness evidence currency and remediation activities
• Support continuous monitoring and evidence automation initiatives

Program Management & Organizational Leadership

• Manage multiple concurrent compliance initiatives with competing deadlines
• Ensure documentation and evidence repositories are inspection-ready at all times
• Work with internal key stakeholders to ensure they are meeting their compliance and continuous monitoring objectives
• Work with business and technical stakeholders to assess the scope of compliance frameworks associated with systems in scope and adapt to changing cybersecurity framework baselines

Requirements

• 5 years of experience or an equivalent combination of education and work experience in business program management cybersecurity regulatory compliance or related field
• A keen interest in learning and developing skills and understanding in IT cybersecurity and compliance is necessary to foster the communications and relationships central to this role
• Strong interpersonal and communication skills to work effectively with IT and business units including senior leadership; ability to bridge communications between technical IT team members external stakeholders and compliance team members
• Strong attention to detail organization and structure communication and presentation skills including the ability to list and quickly translate business needs into solutions and build effective working relationships
• Strong self-motivated and productive team player with ability to thrive in a dynamic fast-paced environment
• U.S. citizenship with ability and willingness to obtain a security clearance
• Bachelors degree in Cybersecurity business administration project management

Recommended Qualifications

• Cybersecurity certifications such as Security CISSP CRISC and CISA
• ISO Lead Auditor Lead Implementor Cybersecurity Maturity Model Certification (CMMC) Certified Professional or (Lead) Assessor
• PMP certification
• Masters degree in Cybersecurity business administration project management

#LI-TM1

#LI-onsite