Cybersecurity Analyst

Information security is an integral part of the ASRC culture. It is essential to maintain our position as an industry leader in the various industries we operate in and it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Information security has a significant effect on privacy, consumer confidence, external reputation, and the bottom line, and it is a priority on everyone's agenda.

The Cybersecurity Analyst ensures the compliance and security of organizational systems and data. This position works with Operational teams and technology teams to develop and maintain compliance plans and processes, including those applicable to various government contractors. The Cybersecurity Analyst detects and responds to security incidents swiftly, collaborating across teams for effective remediation. Proactively monitoring emerging threats, this position provides actionable intelligence to mitigate risks. The person in this role assesses and prioritizes vulnerabilities, ensuring alignment with business goals and regulatory requirements. Through audits and assessments, the Cybersecurity Analyst enforces compliance and maps cyber risk processes. Collaborating with partners, this position develops mitigation strategies and assesses vendor risks. The Cybersecurity Analyst creates reports, facilitate policy development, and fosters a culture of cybersecurity awareness. Additionally, the person in this role promotes best practices, ensuring adherence to industry standards and proactive risk management.

The Cybersecurity Analysis is highly self-motivated and directed but also a member of a highly collaborative delivery team that is responsible for providing best-in-class threat and vulnerability protection, management and response across the entirety of Subsidiary Company assets, employees, intellectual property and suppliers. The person in this position must have a keen attention to detail and be able to comprehend leadership objectives and have the direction to drive requirements for design and build out.

This position is primary an in-person role based out of one of the corporate offices located in Arizona (Tempe) or Anchorage, AK.

ESSENTIAL DUTIES AND RESPONSIBILITIES (and other duties as assigned)

• Understand federal contract requirements and ensuring compliance with applicable regulations such as NIST 800-171, CMMC, or DFARS.
• Develop and maintain compliance plans such as a System Security Plan (SSP), Technology Control Plan (TCP), or Plan of Action and Milestones (POAM).
• Conduct security monitoring to analyze logs, alerts, events, and data, ensuring early detection of potential security incidents or anomalies and respond to incidents, ensuring rapid containment and resolution.
• Conduct investigations into security breaches, identifying root causes and working with cross-functional teams on implementing effective remediation actions to minimize impact and prevent recurrence.
• Monitor emerging cyber threats and vulnerabilities, providing proactive threat intelligence to anticipate and mitigate risks to organizational systems and data.
• Ensure organizational compliance with cybersecurity policies, standards, and regulatory requirements through regular audits, assessments, and evaluation of security controls and mapping of cyber risk processes to capabilities in a privacy, security, and governance platform.
• Collaborate with technology and business partners to assess information security risks, develop effective mitigation strategies, and ensure alignment with organizational goals.
• Conduct vendor risk assessments to evaluate the security posture of third-party vendors, assessing their adherence to cybersecurity policies, standards, and regulatory requirements, and identifying potential risks to organizational systems and data.
• Conduct software / system risk assessments.
• Create reports and materials to prioritize activities related to risk identification and mitigation.
• Facilitate the development, adoption, dissemination and adherence of the company's cybersecurity policies, procedures, programs and standards and the dissemination of industry-relevant information and statistics.
• Foster a culture of cybersecurity awareness and education and ensure compliance by developing and maintaining cybersecurity training content, administrating training compliance and delivering engaging training sessions.

LEADERSHIP COMPETENCY REQUIREMENTS FOR INDIVIDUAL CONTRIBUTOR LEVEL

ASRC's Core competencies include Leading Self, Leading People and Leading the Organization. In addition to our core competency model, our framework includes competencies specific to the various levels of positions within our company. For more information on our core competencies please contact the HR Department and reference the ASRC Leadership Framework.

Customer Focus

Drive for Results

Problem Solving

Time Management

EDUCATION, EXPERIENCE and / or SKILLS

LANGUAGE SKILLS

Ability to read and interpret documents such as regulations, cybersecurity reports and analytical studies, operating and maintenance instructions, and procedure manuals. Excellent written and oral communication skills for non-IT and IT professionals. Ability to speak effectively before groups of employees or customers with varying levels of IT knowledge.

MATHEMATICAL SKILLS

Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.

REASONING ABILITY

Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

PHYSICAL DEMANDS

The physical demands described herein are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to talk or hear. The employee is frequently required to sit; reach with hands and arms; and to use hands to finger, handle, or feel. The employee is occasionally required to stand, walk, climb or balance. The employee must frequently lift and / or move up to 10 pounds and occasionally lift and / or move up to 25 pounds. Specific vision abilities required by this job includes the ability to adjust focus.

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The work environment is in a busy office setting. The noise level in the work environment is usually moderate. While performing the duties of this job, the employee may be occasionally exposed to outside weather conditions and may be required to travel by motor vehicle in small and large commercial aircraft for several hours or overnight / multiday trips.

NOTE : This document does not create an employment contract, implied or otherwise. The statements contained herein are intended to describe the principal functions of this position, the level of knowledge and skill typically required, and the scope of responsibilities, but should not be considered an all-inclusive listing of work requirements.

ASRC is a drug-free workplace and pre-employment drug testing is part of the hiring process.

ASRC and its family of companies is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, national origin, religion, disability, protected veteran status or any other legal protected status. EOE : M|F|D|V EEO Poster

Arctic Slope Regional Corporation, an Inupiat-owned corporation created as a result of the Alaska Native Claims Settlement Act.

ASRC's family of companies apply a shareholder preference in employment, to the maximum extent feasible, as authorized by law.