Cybersecurity Analyst II
At CoreCivic, our employees are driven by a deep sense of service, high standards of professionalism and a responsibility to better the public good. CoreCivic is currently seeking a Cybersecurity Analyst II located at our corporate office in Brentwood, TN. Come join a team that is dedicated to making an impact for the people and communities we serve.This position would require a hybrid work schedule of 3 days per week onsite and 2 days remote out of our Brentwood, TN office location.The Cybersecurity Analyst II develops and maintains the CoreCivic cyber regulatory compliance program to support the alignment of security architectures, plans, controls, processes, policies and procedures with security standards and operational goals. Applies theory and puts it into practice with in‐depth understanding of the professional field, completes diverse assignments, projects, and tasks, resolving a wide range of issues in creative ways.
- Validates that Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations. Maintains the Information Security Program documentation.
- Automates business processes to improve efficiency, verifying that systems follow defined policy guidelines and that written policies are integrated into existing systems were applicable.
- Manages project-level goals involving multiple stakeholders. Breaks down tasks into clear milestones to ensure progress can be measured.
- Develops detailed recommendations for mitigating intermediate to complex findings and process improvement projects. Consolidates and analyzes the organization’s critical cyber findings, vulnerabilities, and gaps to support and develop solutions and to provide a cyber-posture/picture. Maintains findings, vulnerabilities and gaps in a mitigation tracker.
- Performs advanced control testing, documents results and provides detailed updates to stakeholders, including analysis of vulnerability scans and compliance scans. Performs system tuning based on threat indicators; makes recommendations to enhance security controls and mitigate risks.
- Maintains and enhances internal processes and tools used to respond to external requests related to information security using GRC tools, MS Office and SharePoint.
- Conducts diverse research on inquiries about information security using policies, internal tools, and internal Subject Matter Experts (SMEs) while building and maintaining relationships with technology and business stakeholders and responding to client and regulatory requests.
- Serves as point of contact and leads diverse projects with internal and external partners to support initiatives and programs designed to enhance information security. Demonstrates sound judgement in selecting methods and techniques for obtaining solutions and escalating issues.
- Serves as a resource to less experienced staff in the identification or resolution of issues.
- Domestic U.S. travel may be required.
- Graduate from an accredited college or university with a Bachelor's degree in a related field is required.
- Four years of related work experience is required.
- Additional years of related work experience may be substituted for the education requirement on a year-for-year basis.
- Demonstrated knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, HITRUST) required.
- Advanced knowledge of real-time security situational awareness, operational network systems, and security monitoring required.
- Demonstrated experience reviewing and writing enterprise level security policies for a largescale organization in support of Federal policies required.
- Strong knowledge of SIEM and security scanning applications, Governance Risk and Compliance tools, Microsoft Teams and SharePoint are preferred.
- Relevant certification in Risk or IT is required. Suggested certifications for position include, but are not limited to: CompTIA Cybersecurity Analyst (CySA+); CompTIA Network+; GIAC Security Essentials Certification (GSEC); Cisco Certified Network Associate Security (CCNA); or Systems Security Certified Practitioner (SSCP).
- Demonstrated experience with the Authority to Operate (ATO) process and documentation including SSPs, and POAMs required.
- Strong written and verbal communication skills are required.
- Proficiency in Microsoft Office applications is required.
- U.S. citizenship is required.
- A valid driver’s license is required.