Cybersecurity Analyst

Information security is an integral part of the ASRC culture. It is essential to maintain our position as an industry leader in the various industries we operate in and it is the responsibility of each and every employee to safeguard information, protect it from unauthorized access, and ensure regulatory compliance. Information security has a significant effect on privacy, consumer confidence, external reputation, and the bottom line, and it is a priority on everyone's agenda.

The Cybersecurity Analyst ensures the compliance and security of organizational systems and data. This position  works with Operational teams and technology teams to develop and maintain compliance plans and processes, including those applicable to various government contractors.  The Cybersecurity Analyst  detects and responds to security incidents swiftly, collaborating across teams for effective remediation. Proactively monitoring emerging threats, this position  provides actionable intelligence to mitigate risks. The person in this role assesses and prioritizes vulnerabilities, ensuring alignment with business goals and regulatory requirements. Through audits and assessments, the Cybersecurity Analyst  enforces compliance and maps cyber risk processes. Collaborating with partners, this position  develops mitigation strategies and assesses vendor risks. The Cybersecurity Analyst  creates reports, facilitate policy development, and fosters a culture of cybersecurity awareness. Additionally, the person in this role  promotes best practices, ensuring adherence to industry standards and proactive risk management.

The Cybersecurity Analysis is highly self-motivated and directed but also a member of a highly collaborative delivery team that is responsible for providing best-in-class threat and vulnerability protection, management and response across the entirety of Subsidiary Company assets, employees, intellectual property and suppliers.  The person in this position must have a keen attention to detail and be able to comprehend leadership objectives and have the direction to drive requirements for design and build out.

This position is primary an in-person role based out of one of the corporate offices located in Arizona (Tempe) or Anchorage, AK. 

1. Understand federal contract requirements and ensuring compliance with applicable regulations such as NIST 800-171, CMMC, or DFARS.
2. Develop and maintain compliance plans such as a System Security Plan (SSP), Technology Control Plan (TCP), or Plan of Action and Milestones (POAM).
3. Conduct security monitoring to analyze logs, alerts, events, and data, ensuring early detection of potential security incidents or anomalies and respond to incidents, ensuring rapid containment and resolution.
4. Conduct investigations into security breaches, identifying root causes and working with cross-functional teams on implementing effective remediation actions to minimize impact and prevent recurrence.
5. Monitor emerging cyber threats and vulnerabilities, providing proactive threat intelligence to anticipate and mitigate risks to organizational systems and data.
6. Ensure organizational compliance with cybersecurity policies, standards, and regulatory requirements through regular audits, assessments, and evaluation of security controls and mapping of cyber risk processes to capabilities in a privacy, security, and governance platform.
7. Collaborate with technology and business partners to assess information security risks, develop effective mitigation strategies, and ensure alignment with organizational goals.
8. Conduct vendor risk assessments to evaluate the security posture of third-party vendors, assessing their adherence to cybersecurity policies, standards, and regulatory requirements, and identifying potential risks to organizational systems and data.
9. Conduct software/system risk assessments.
10. Create reports and materials to prioritize activities related to risk identification and mitigation.
11. Facilitate the development, adoption, dissemination and adherence of the company’s cybersecurity policies, procedures, programs and standards and the dissemination of industry-relevant information and statistics.
12. Foster a culture of cybersecurity awareness and education and ensure compliance by developing and maintaining cybersecurity training content, administrating training compliance and delivering engaging training sessions.

ASRC’s Core competencies include Leading Self, Leading People and Leading the Organization. In addition to our core competency model, our framework includes competencies specific to the various levels of positions within our company. For more information on our core competencies please contact the HR Department and reference the ASRC Leadership Framework.

Customer Focus

• Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.

Drive for Results

• Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results.  

Problem Solving

• Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers.

Time Management

• Uses time effectively and efficiently, concentrating his/her efforts on the more important priorities.

1. Knowledge of NIST 800-171, Cybersecurity Maturity Model Certification (CMMC), DFARS 252.204.7012 and other compliance standards and requirements, as applicable.
2. Professional certifications a plus (CISSP, CEH, CCTIP, GCIH, CTIA, CISA, PCI, CISM or equivalent)
3. One to three (1-3) years information technology experience (ideally at the enterprise level), or equivalent combination of education, experience, and/or certifications.
4. Proficiency in monitoring security logs, alerts, events, and data to detect potential security incidents or anomalies.
5. Strong analytical and problem solving skills to use data analytics to drive decisions and discussions with management.
6. Ability to conduct investigations into security breaches, identify root causes, and implement effective remediation actions.
7. Knowledge of emerging cyber threats and vulnerabilities, and the ability to provide proactive threat intelligence to mitigate risks.
8. Understanding of cybersecurity policies, standards, and regulatory requirements, and the ability to ensure organizational compliance through audits and assessments.
9. Proficiency in conducting comprehensive risk assessments, including exceptions risk assessments and vendor risk assessments.
10. Exposure to different Information security functions, governance, policies, applications, security threat intelligence, security awareness/training, vulnerability management, risk management.
11. Proficiency in overall Microsoft 365 suite of products.

Ability to read and interpret documents such as regulations, cybersecurity reports and analytical studies, operating and maintenance instructions, and procedure manuals. Excellent written and oral communication skills for non-IT and IT professionals.  Ability to speak effectively before groups of employees or customers with varying levels of IT knowledge. 

Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.

Ability to define problems, collect data, establish facts, and draw valid conclusions.  Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

The physical demands described herein are representative of those that must be met by an employee to successfully perform the essential functions of this position.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to talk or hear.  The employee is frequently required to sit; reach with hands and arms; and to use hands to finger, handle, or feel.  The employee is occasionally required to stand, walk, climb or balance.  The employee must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds.   Specific vision abilities required by this job includes the ability to adjust focus.

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The work environment is in a busy office setting.  The noise level in the work environment is usually moderate. While performing the duties of this job, the employee may be occasionally exposed to outside weather conditions and may be required to travel by motor vehicle in small and large commercial aircraft for several hours or overnight/multiday trips.

NOTE:  This document does not create an employment contract, implied or otherwise. The statements contained herein are intended to describe the principal functions of this position, the level of knowledge and skill typically required, and the scope of responsibilities, but should not be considered an all-inclusive listing of work requirements.

ASRC is a drug-free workplace and pre-employment drug testing is part of the hiring process.

ASRC and its family of companies is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, national origin, religion, disability, protected veteran status or any other legal protected status.  EOE:  M|F|D|V EEO Poster

Arctic Slope Regional Corporation, an Inupiat-owned corporation created as a result of the Alaska Native Claims Settlement Act.

ASRC's family of companies apply a shareholder preference in employment, to the maximum extent feasible, as authorized by law.