Sr. Compliance Analyst
Steel Root is a cybersecurity services company that specializes in compliance for the U.S. Defense Industrial Base. We’re a startup in high demand, looking for a driven individual to join our team as a Sr. Compliance Analyst. We’re passionate about contributing daily to our positive culture, with a commitment to professional development and social responsibility. Steel Root serves a national client base from its headquarters in Salem, MA.
You’re a strong communicator interested in a fast-paced career in security consulting and professional services. You’re a strategic thinker, and passionate about the details. Your background includes hands-on experience managing information systems and you have a proven history of delivering excellent work and exceeding expectations.
A background in IT/IS, compliance and risk management, or management consulting is desirable, as is in-depth experience with one or more security frameworks (e.g., NIST, CIS, PCI, SOC2). Hands-on experience with NIST SP 800-171 or SP 800-53 is strongly preferred.
Industry certifications (e.g., CISSP, CISM, CISA) are not required but will be considered as part of the selection process.
Candidates located in or near Boston, MA or Washington, DC are preferred, though we will also consider remote candidates. For compliance with our customers’ export control requirements, you must be a U.S. Person as defined by ITAR.
Steel Root works with federal and defense contractors, many of whom are small businesses in high tech, R&D, or manufacturing, to build cybersecurity maturity and implement CMMC security practices.
Your primary role is to consult with clients on data security compliance, build a project roadmap for achieving compliance, and act as project manager on implementation projects executed by our internal team or third parties. You will work consultatively and collaboratively with client stakeholders including business leaders and IT.
Client engagements typically include the following elements:
- Determine a system scope (technology, people, business processes) for compliance
- Assess the current implementation of applicable security requirements (CMMC, NIST SP 800-171)
- Develop a project roadmap for implementation
- Manage customer expectations, our internal resources, and relevant third parties to ensure projects are successful
- Draft and manage System Security Plan(s)
- Ongoing advisory on issues of security and compliance
Travel requirements: 20-30%
- 2-5 years experience implementing federal security requirements (DFARS 252.204-7012, NIST SP 800-171, NIST SP 800-53, RMF)
- 5-10 years experience implementing CMMC practices (jk, but ideal candidates are closely tracking the CMMC rollout)
- Awareness of the cybersecurity product/vendor landscape and current security best practices
- Very strong written and verbal communication skills
- Strategic thinker and creative problem solver
- Highly-motivated and detail-oriented
- Public speaking
- Competitive benefits package, including health, 401(k), and cell phone stipend
- Hone your skills in the hot cybersecurity market
- Opportunity for flexible schedule (part-time or full-time)
- Play with cool tech, work with customers that love us, and get in on the ground floor of a startup in growth mode
How to Apply
- Get to know us by reading about our services and the industries we serve, and follow us on social media (links in website footer, below).
- Then send your resume with cover letter to firstname.lastname@example.org. Every application is reviewed by a real human being.