Cybersecurity Analyst I Position Available In Williamson, Tennessee

Cybersecurity Analyst I Core Civic – 2.8 Brentwood, TN Job Details Full-time 1 day ago Qualifications

COBIT PCI

Writing skills

HIPAA HITRUST

Microsoft Office Information security Driver’s License GISF Information Security Bachelor’s degree NIST standards MTA Risk management Organizational skills SharePoint GIAC Certification SIEM CompTIA Security+ 2 years Communication skills CompTIA A+ Entry level Full Job Description At CoreCivic, our employees are driven by a deep sense of service, high standards of professionalism and a responsibility to better the public good. CoreCivic is currently seeking a Cybersecurity Analyst I located at our corporate office in Brentwood, TN. Come join a team that is dedicated to making an impact for the people and communities we serve. This will be a hybrid work position with weekly in-office expectations. The position will be based in Nashville, TN. The Cybersecurity Analyst I supports the development and maintenance of the CoreCivic cyber regulatory compliance program to support the alignment of security architectures, plans, controls, processes, policies and procedures with security standards and operational goals. Applies acquired job skills, policies, and procedures to complete assignments, projects, and tasks of moderate scope and complexity. A ssists with validating that Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations. Maintains the Information Security Program documentation. Facilitates sessions with technology stakeholders to review requirements, determine applicable security controls, and analyze gaps between requirements and current capabilities. Assists in the creation and documentation of compensating and mitigating controls. Assists with automating business processes to improve efficiency, verifying that systems follow defined policy guidelines and that written policies are integrated into existing systems were applicable. Makes recommendations for mitigating findings and process improvement projects. Consolidates and analyzes the organization’s critical cyber findings, vulnerabilities, and gaps to support and develop solutions and to provide a cyber-posture/picture. Maintains findings, vulnerabilities and gaps in a mitigation tracker. Performs control testing, documents results and provides detailed updates to stakeholders, including analysis of vulnerability scans and compliance scans. Performs level appropriate system tuning based on threat indicators; makes basic to intermediate recommendations to enhance security controls and mitigate risks. Assists in the maintenance and enhancement of internal processes and tools used to respond to external requests related to information security using GRC tools, MS Office and SharePoint. Conducts research on inquiries about information security using policies, internal tools, and internal Subject Matter Experts (SMEs) while building and maintaining relationships with technology and business stakeholders and responding to client and regulatory requests. Leads small to intermediate projects with internal partners to support initiatives and programs designed to enhance information security. Exercises judgment within defined guidelines and practices to determine appropriate action. Domestic U.S. travel may be required.

Qualifications:

Graduate from an accredited college or university with a Bachelor’s degree in a related field is required. Two years of related work experience is required. Additional years of related work experience may be substituted for the education requirement on a year-for-year basis. Demonstrated knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, HITRUST) required. General knowledge of real-time security situational awareness, operational network systems, and security monitoring required. Experience reviewing and writing enterprise level security policies for a largescale organization in support of Federal policies preferred. Knowledge of SIEM and security scanning applications, Governance Risk and Compliance tools, Microsoft Teams and SharePoint are preferred. Relevant certification in Risk or IT is required or must obtain certification within twelve months of start date in this position, such as

ISACA CSX

Cybersecurity Fundamentals Certificate; CompTIA A+; CompTIA Security +; GIAC Information Security Fundamentals (GISF); CSX Technical Foundations Certificate; or Microsoft Technology Associate Security Fundamentals. Demonstrated familiarity with the Authority to Operate (ATO) process and documentation including SSPs, and POAMs is required. Strong written and verbal communication skills are required. Proficiency in Microsoft Office applications is required. U.S. citizenship is required. A valid driver’s license is required. CoreCivic is a Drug-Free Workplace and EOE – including Disability/Veteran.