Cyber Security Analyst Position Available In Orange, Florida

Cyber Security Analyst Orthomerica Products, Inc. Orlando, FL 32810 The Cybersecurity Analyst is a critical role within our IT team, dedicated to ensuring the integrity, confidentiality, and availability of information assets across multiple hosting environments, including cloud and on-premises infrastructure. The Analyst will be pivotal in implementing, monitoring, and enforcing our cybersecurity policies and procedures to align with stringent compliance standards such as

ISO 27001, ISO 27017, ISO

27018, FedRAMP, StateRAMP, SOC-2, and

NIST SP 800-53.

This position requires a proactive approach to security management, including conducting comprehensive risk assessments, managing incident response activities, and ensuring continuous monitoring and improvement of our security posture. The ideal candidate will bring a strong understanding of current cybersecurity threats and trends, along with experience in developing and promoting security awareness within an organization. The Cybersecurity Analyst will collaborate closely with Systems Reliability Engineers, Privacy Analysts, and other IT professionals to integrate robust security measures into all aspects of our technology infrastructure. This role demands excellent analytical skills to assess security controls, identify vulnerabilities, and recommend mitigation strategies. Additionally, the Analyst will be responsible for preparing detailed reports and documentation that reflect the security status of the organization and contribute to strategic planning for future security initiatives. By maintaining and enhancing our cybersecurity frameworks, the Cybersecurity Analyst will play a fundamental role in protecting our organization’s assets and ensuring compliance with relevant regulatory and industry standards. Essential Functions and Responsibilities 1.

Risk Assessment and Management Conduct Regular Risk Assessments:

Perform thorough risk assessments to identify vulnerabilities within the organization’s IT infrastructure, including potential threats to both cloud and on-premise systems

Risk Mitigation Planning:

Develop and implement risk mitigation strategies to address identified risks, ensuring that the organization’s assets are protected against known and emerging threats 2.

Compliance and Standards Adherence Maintain Compliance:

Ensure that all systems and processes comply with relevant standards such as

ISO 27001, ISO 27017, ISO

27018, FedRAMP, State

RAMP, SOC-2, NIST SP

800-53, and others

Policy Development and Implementation:

Develop and refine cybersecurity policies and practices to align with these standards. This includes creating frameworks for regular audits, security checks, and compliance monitoring

Conduct Internal Audits:

Perform regular checks for internal compliance with applicable laws and regulations

Schedule and Support External Audits:

As Orthomerica seeks and or maintains cyber security certifications, act as a company representative and primary point of contact

Provide Evidence of Compliance:

Orthomerica supplies many organizations that require cybersecurity good practices from their business associates. Provide reports and certification records in a timely manner, as needed 3.

Supplier Relationship Management Supplier Audits:

Perform risk-based cybersecurity audits on external suppliers of the organization’s operations

Interface Design and Configuration:

Aid in configuring electronic data interfaces with suppliers and customers in a secure and regulatory-compliant manner 4.

Security Relationship Management Monitor Security Systems:

Use sophisticated security tools to monitor systems continuously for unusual activities that might indicate a breach or attempted breach

Incident Handling:

Respond to cybersecurity incidents rapidly and effectively, managing them from detection through to resolution, including conducting post-incident analysis to prevent future occurrences 5.

Vulnerability Management Regular Vulnerability Scans:

Schedule and conduct regular scans of the network and systems to identify and address vulnerabilities before they can be exploited

Patch Management:

Oversee the development, testing, and implementation of appropriate patches to eliminate identified vulnerabilities

CVE Monitoring:

Comparing newly discovered vulnerabilities with the organization’s installed software, making changes as needed to mitigate risks 6.

Training and Awareness Conduct Security Training Sessions:

Develop and deliver cybersecurity awareness training for employees to ensure they understand the security risks and adhere to best practices to minimize risks

Promote Security Awareness:

Keep security awareness high across the organization through regular communications and updates on cybersecurity issues and policies 7.

Documentation and Reporting Security Documentation:

Maintain comprehensive documentation related to cybersecurity policies, incident response activities, and audit trails

Reporting:

Provide regular security reports to management, detailing current security posture, incident reports, and compliance with the various standards 8. Collaboration and Advisory Collaborate regarding

IT, Privacy, and SRE Concerns:

Work closely with others to ensure security measures are integrated into all systems and network operations Advise on

Security Best Practices:

Act as an advisor to various departments on security best practices, particularly during the development and deployment of new systems and software 9. Research and Development Stay Informed on

Cybersecurity Trends:

Keep up-to-date with the latest cybersecurity technologies, threats, and countermeasures to ensure the security stack and strategies remain effective and state-of-the-art

Evaluate Security Tools:

Assess and recommend security tools and technologies that can improve the organization’s security posture Desired Qualifications CompTIA Cybersecurity Analyst (CySA+) Certified in Risk and Information Systems Control (CRISC) Certified Information Systems Auditor (CISA) Experience working in a regulated market (FDA, FAA, FCC, ISO 27001, SOC 2 etc.) Experience with GxP-validated environments Experience using the NIST Cybersecurity Framework (CSF) to track security profiles Effective communication skills, both verbal and written Experience documenting IT infrastructure projects and designs Mandatory Qualification • Bachelor’s degree in computer science, information technology, or related fields. 3+ Years experience in cyber security

ISC2 CISSP

Certification Physical Requirements Working with computers, including climbing under desks Visual Requirements Required to have a close visual acuity to perform an activity such as preparing and analyzing data and figures, transcribing, viewing a computer terminal and extensive reading Environmental Conditions Most of the work will be performed in an office environment or working remotely from home however, some more extreme conditions may be encountered when in the facility’s manufacturing areas: Subject to inside environmental conditions: Production from weather conditions but not necessarily from temperature changes Subject to noise: There is sufficient noise to cause the worker to shout to be heard above the ambient noise level Subject to hazards: Includes a variety of physical conditions, such as proximity to moving mechanical parts, moving vehicles, electric current, working on scaffolding and high places, exposure to high heat or exposure to chemicals Subject to atmospheric conditions: One or more of the following conditions that affect the respiratory system of the skin: fumes, odor, dust, mists, gases, or poor ventilation Required to function in narrow aisles or passageways

Job Type:

Full-time Pay:

$80,000.00 – $100,000.00 per year

Benefits:

401(k) 401(k) matching Dental insurance Employee assistance program Flexible spending account Health insurance Health savings account

Schedule:

8 hour shift

Experience:

Linux:

2 years (Required)

Azure:

2 years (Required)

ADW:

2 years (Required)

MICROSOFT 365

2 years (Required)

License/Certification:

ISC2 (Required)

Work Location:

In person