Cybersecurity Analyst - ICD
About the role
We are seeking a versatile Governance, Risk, and Compliance (GRC) Cybersecurity Analyst to lead the assessment and oversight of business policies, procedures, and operations. This role is responsible for ensuring the organization meets internal requirements and government regulations for the protection of information.
Responsibilities
- Independently assess risk, deviation requests, compensating controls, and business impacts.
- Serve as a primary point of contact for complex cybersecurity and compliance inquiries.
- Lead the development, review, and maintenance of enterprise-wide security policies, standards, and procedures.
- Conduct information technology risk assessments for systems, software, and architectures.
- Validate security control implementation to ensure compliance with frameworks such as NIST, DFARS, and CMMC.
- Lead or coordinate activities related to audits, assessments, and regulatory reviews.
- Mentor junior and mid-level GRC analysts, providing guidance on best practices and professional development.
- Interpret and apply laws, regulations, standards, and industry best practices.
Requirements
- Education: Bachelor’s degree in cybersecurity, information security, or a related field is preferred. An Associate's degree with 7+ years of relevant hands-on experience is also acceptable.
- Experience: 5+ years of progressive GRC experience, including leading or owning GRC initiatives. Broad exposure across governance, risk management, and compliance functions is required.
- Technical Skills: Strong understanding of Windows, Linux, MacOS, VMs, containers, infrastructure, and security concepts. Demonstrated experience with vulnerability management processes and tools. Advanced experience with data analysis and reporting in Excel. Proven ability to write policies, documentation, and communicate technical concepts to non-technical audiences. Experience with compliance frameworks such as NIST 800-171, PCI, ISO 27001, HIPAA, or SOC. One or more intermediate or advanced cybersecurity/GRC certifications (e.g., CISSP, CISM, CISA).
Preferred Qualifications
- Master’s degree in a related field.
- Deep understanding of cybersecurity frameworks like NIST 800-53/171, CMMC, and MITRE ATT&CK.
- Demonstrated experience leading audit, assessment, or certification efforts.
- Proficiency with Atlassian Confluence and Jira.
Benefits
Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet’ as well, which an Everforth Apex team member can provide.