Job Title: IT compliance Analyst ( W2 position. Citizen or GC can apply)

Location: Boston, MA

Duration: 9 Months

Job Type: Contract

Client: Direct

Work Type: Hybrid (in office 1-3 times a week)

Job Description: Purpose

• Client is building out a cybersecurity capability in the greater Boston, MA area. Client is seeking a dedicated and experienced Cybersecurity Engineer to strengthen our defense systems and safeguard our information infrastructure. You will report directly to the Head of Cybersecurity. This role involves a blend of technical acumen, cybersecurity knowledge, and problem-solving skills to protect our organization against cyber threats, data breaches, and other security vulnerabilities.

Responsibilities

• Design, implement, and maintain robust cybersecurity measures for protecting systems, networks, and data.
• Administration of firewalls, intrusion detection systems, endpoint detection and response (EDR) software, privileged access management (PAM) software, cloud security posture management (CSPM) software and the broader security infrastructure.
• Conduct regular security audits to identify potential vulnerabilities and implement timely remediations.
• Monitor systems for unusual activities and potential threats, analyzing risks and impacts.
• Act as a key player in the incident response team to handle security breaches effectively.
• Develop and execute plans for emergency responses and system recovery.
• Assist in the development and enforcement of cybersecurity policies and procedures.
• Ensure compliance with relevant legal and regulatory cybersecurity standards.
• Work collaboratively with IT and other departments to integrate security practices.
• Partner closely with the Security Operations team on emerging ransomware, phishing threats, and zero day vulnerabilities, and implement migrations in response to those threats as needed.
• Provide regular reports on security posture and incidents to management.
• Stay updated on the latest cybersecurity trends, tools, and best practices.
• Recommend enhancements to the cybersecurity infrastructure based on current threats and technological advancements.
• Other activities as assigned.

Basic Qualifications

• 3 years of experience in a cybersecurity role with a strong understanding of network infrastructure and database security.
• Proficiency in various security technologies, including firewalls, VPNs, IDS/IPS, and encryption.
• Experience working in cloud, hybrid-cloud, multi-cloud, and on-prem technology stacks.
• Knowledge of cybersecurity frameworks (like NIST, ISO 27001) and regulatory compliance (like GDPR, HIPAA).
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Excellent English speaking and writing ability.
• Relevant certifications (such as CISSP, CISM, CEH, CompTIA Security ) are preferred.
• Potential Travel 10%

Preferred Experience

• Bachelor’s or Masters degree in Computer Science, Information Security, or a related field.
• Operational Technology (OT) security experience at a global manufacturing company.
• Defending against nation state threat actors.
• Past United States Security Clearance.
• Experience preferred in applying relevant technical knowledge in the following audits/regulations: SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, ISO 27701, FISMA, FedRAMP, SOX 404, HITRUST CSF, HIPAA, ISO 9001, GxP, 21 CFR Part 11, GAMP 5, EU Annex 11, NIST Requirements.
• Ability to script in languages such as – python, shell, ruby, perl.
• Corporate IT / help desk experience.

Technology Expertise Preferred

• Amazon Web Services (AWS) and Microsoft Azure (AZURE)
• Operating Systems: Windows & Linux
• Zero Trust Network: Zscaler, Palo Alto
• IDP, SSO, MFA – Microsoft, Okta
• IGA – SailPoint, Saviynt
• PAM – Beyond Trust, Saviynt, CyberArk
• MDM – Intune, JAMF, Workspace One
• EDR – SentinelOne, Crowdstrike, Microsoft Defender
• MDR - SentinelOne, Crowdstrike, Microsoft Defender, Expel, Reliaquest
• SIEM – Splunk, Exabeam, LogRhythm
• Log Management – ELK, Data lake as a Service
• Containers – Kubernetes, Docker
• Vulnerability Management – Wiz, Nessus, Qualys, Veracode, Orca
• Secrets Management – Hashicorp, CyberArk, BeyondTrust, Bitwarden
• Service Now
• Atlassian Suite - JIRA & Confluence

Job Types: Full-time, Contract

Pay: $60.24 - $62.00 per hour

Benefits:

• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

Schedule:

• 8 hour shift

Education:

• Bachelor's (Preferred)

Experience:

• IT Compliance analyst: 3 years (Preferred)
• NIST, ISO 27001: 3 years (Preferred)
• GDPR, HIPAA: 3 years (Preferred)
• SOC 1, SOC 2, SOC 3, ISO 27001: 3 years (Preferred)
• CEH, CompTIA Security : 3 years (Preferred)
• FISMA, FedRAMP, SOX 404: 3 years (Preferred)
• GxP, 21 CFR Part 11, GAMP 5,: 5 years (Preferred)
• privileged access management (PAM): 3 years (Preferred)
• EU Annex 11, NIST Requirements: 3 years (Preferred)
• cloud, hybrid-cloud: 1 year (Preferred)
• multi-cloud, and on-prem technology stacks: 1 year (Preferred)

Work Location: In person