Senior GRC Analyst

Intelligent. Dynamic. Resilient. 

Everfox, formerly Forcepoint Federal, has been defending the world’s most critical data and networks against the most complex cyber threats imaginable for more than 25 years. As trailblazers in defense-grade, high assurance cyber security, we have been leading the way in developing and delivering innovative cyber security technology. We protect data wherever it resides. Our unwavering dedication and commitment to our customers and the critical missions they serve are what set us apart. We are dynamic, vigilant, and proactive in everything we do. Our suite of cross domain, threat protection and insider risk solutions empower governments and enterprise organizations to use data safely - where and however their people need it. At Everfox, we innovate, we invest, we achieve. We protect what matters most to our customers. And we offer protection like no other. We do all of this so our customers can focus on what matters most… their mission.

Job Title:  Senior Governance, Risk, and Compliance Analyst 

Job Location: Remote

Description: 

The Senior Governance, Risk, and Compliance Analyst is responsible for understanding security requirements to meet industry best practices with a focus on certification and regulatory requirements.  As part of this role, this role is responsible for mapping these requirements to security controls and actionable practices across various functions within the company. In some instance this individual will be responsible for designing security controls that best fit our environment while maintaining security compliance. Finally applying automation to as many controls as practicable to ensure on-going compliance (e.g., evidence collection) and managing compliance programs from a centralized governance management system.  

This role is technical and analytical in nature and demands a fast learner with a history of technical knowledge and cloud security experience combined with business experience working in both on-premises and cloud product vendor environment (ideally Azure). 

The ideal candidate will be highly skilled in translating security governance and compliance requirements to a wide range of company functional units, helping these functional units understand the need for, and approach to comply with information security policies, required security controls and how to appropriately capture evidence of compliance on an on-going basis.  This role requires extensive experience in successfully completing security audits for certification programs.  The role should have experience working in a cloud product environment for several years.  

Duties and Responsibilities: 

Governance and Compliance: 

• Working with external security auditors for various certification programs including NIST 800-171, NIST 800-53A, GDPR, PCI-DSS, and various others to facilitate successful internal and external security audits that lead to industry certifications.  

• Ensure all security controls required for several security certification programs including NIST 800-171/CMMC, NIST 800-53A/FedRAMP, among others, are designed, operational, and properly mapped.  This includes annual review and updating of existing IS Policies, Standards, and Procedures, as well as development of new documents as necessary to support GRC requirements. 

• Work with cross-functional teams to ensure all security controls are fully operational and compliant with evidence being captured on an on-going basis as part of compliance monitoring program. 

• Build awareness and accountability around IT governance, risk, and compliance control functions Contribute to developing and enhancing a mature security culture.  

• Report on status of security audits for various security programs, ensuring auditors are managed, and evidence is provided in a timely manner.  

• Deliver strong communication enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff.   

Risk Management:  

• Contribute to Cybersecurity Risk Management activities including risk assessments, reporting, and remediation planning.  

• Analyze and lead enterprise security program overview discussions and coordinate gap remediation efforts with business functions.   

• Analyze key business processes in order to produce comprehensive risk scenarios that will be implemented by working by with and through business leaders and information security risk architecture. Understanding of NIST 800-30 and 37. 

• Provide support with business continuity (BC) and disaster recovery (DR) program, assist with coordination and compliance for required BCDR processes. 

Privacy Program Support: 

• Maintain awareness of GDPR to support the implementation and monitor privacy compliance programs to include Privacy Impact Analysis (PIA)  

• Understand the flow of information and how the information is utilized and use that knowledge to support the integrity of the Privacy compliance program. 

People Management 

• This role does not have direct reports. 

Qualifications and Experience: 

• Bachelor’s degree preferred or equivalent combination of education, training, and experience  

• 7+ years of work experience related to the Information Security disciplines, with a minimum of 5 years working in on-premises and cloud product vendor environment (ideally Azure).  

• Strong communication skills for various communicating at various levels in the organization.  

• Familiarity with common technical security controls and control frameworks such as NIST 800-171/CMMC, NIST 800-53A/FedRAMP, among others.  

• Industry recognized certifications are a plus, e.g., CISSP, CISM, GIAC, etc. 

• Team-oriented and will promote execution and change through influence and partnership.  

• Experience clearly articulating cybersecurity risk into business terms and presenting to company management. 

• Must be based in US to support Federal customers. 

A reasonable estimate of the base salary range for this role is:

The actual salary offered may vary within the range based on a candidates' unique experience, locale, and business needs. In addition to a base salary and bonus plans, Everfox offers a generous benefits package including flexible PTO, a 401k match, and contribution to healthcare coverages. Our talent acquisition team will provide specific information regarding bonus eligibility and benefits offerings.

________________________________________________________________

Don’t meet every single qualification? Studies show people are hesitant to apply if they don’t meet all requirements listed in a job posting. If there is something slightly different about your previous experience, but it otherwise aligns and you’re excited about this role, we encourage you to apply. You could be a great candidate for this or other roles on our team.

Everfox is an equal employment opportunity employer and complies with all applicable federal, state, and local laws prohibiting discrimination. Everfox does not discriminate against any employee or applicant based on race, color, religion, sex, age, national origin, disability, veteran status, marital status, medical condition, or any other category protected by applicable law. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability. You may request reasonable accommodations by sending an email to HR@everfox.com 

Everfox is a Federal Contractor. Certain positions with Everfox require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.

Applicants must have the right to work in the location to which you have applied.