At CoreCivic, our employees are driven by a deep sense of service, high standards of professionalism and a responsibility to better the public good. CoreCivic is currently seeking a
Cybersecurity Compliance Engineer II located at our corporate office in Brentwood, TN. Come join a team that is dedicated to making an impact for the people and communities we serve.
This position would require a hybrid work schedule of 3 days per week onsite and 2 days remote out of our Brentwood, TN office location.
Summary
The Cybersecurity Compliance Engineer II leads and manages the implementation and maintenance of cyber compliance policies and standards, such as NIST SP 800-53, SOX and/or HIPAA. Performs regular audits and assessments of the organization's IT systems and processes to ensure compliance with internal and external requirements.
Essential Functions
The incumbent should be able to perform all of the following functions at a pace and level of performance consistent with the job performance requirements.
- Leads and manages the implementation and maintenance of cyber compliance policies and standards, such as NIST SP 800-53, SOX and/or HIPAA.
- Investigates incident, provides resolutions or makes recommendations for corrective action of enhancement to security systems and controls as needed. Supports incident response, providing 24/7 on-call support rotation.
- Identifies and reports any gaps, risks or issues related to cyber compliance and recommend remediation actions.
- Coordinates and communicates with other IT teams and stakeholders to facilitate cyber compliance initiatives and projects to support business strategies and needs.
- Monitors and reports on the performance and effectiveness of cyber compliance activities and controls.
- Stays updated on the latest cyber compliance trends, regulations, and best practices.
- Researches information security standards, conducts system security reviews, vulnerability analyses and risk assessments.
- Assists in the configuration and maintenance of vulnerability assessment tools for the organization.
- Demonstrates advanced knowledge and skills in cyber compliance tools and frameworks, such as Governance Risk and Compliance (GRC), Security Information and Event Management (SIEM), Identity and Access Management (IAM), Security Awareness etc. Provides training and mentoring to junior staff.
- Recommends moderately complex new capabilities and efforts to improve the effectiveness of a continuous monitoring program and assists with developing and maintaining plans of action and milestones (POA&M).
- Communicates moderately complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
- Conducts training sessions with various audiences and educates users on security policies and consult on security initiatives and issues.
- Follows and adheres to defined processes, policies and change-management procedures.
- Domestic U.S. travel may be required.
Qualifications
Graduate from an accredited college or university with a Bachelor's degree in cybersecurity or another related field is required.
Five years of cybersecurity or cybersecurity compliance experience working with scanning tools, various system logs and security tools to detect and resolve security threats is required.
Additional years of related work experience may be substituted for the required education requirement on a year-for-year basis.
Demonstrated knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, HITRUST) is required.
Advanced knowledge of real-time security situational awareness, operational network systems, and security monitoring required.
Relevant certification in Risk or IT is required. Suggested certifications for the position include, but are not limited to: CompTIA Cybersecurity Analyst (CySA+); CompTIA A+; CompTIA Security +; CompTIA Network +; GIAC Security Essentials Certification (GSEC); Cisco Certified Network Associate Security (CCNA); or Systems Security Certified Practitioner (SSCP).
Demonstrated experience with the Authority to Operate (ATO) process and documentation including SSPs and POAMs is required.
Strong Written And Verbal Communication Skills Are Required.
U.S. citizenship or permanent residency is required.
Proficiency in Microsoft Office applications is required.