Cybersecurity Analyst II
At CoreCivic, our employees are driven by a deep sense of service, high standards of professionalism and a responsibility to reputed company the public good. CoreCivic is currently seeking a Cybersecurity Analyst II located at our corporate office in Brentwood, TN. Come join a team that is dedicated to making an impact for the people and communities we serve.This position would require a hybrid work schedule of 3 days per week onsite and 2 days remote out of our Brentwood, TN office location.The Cybersecurity Analyst II develops and maintains the CoreCivic cyber regulatory compliance program to support the alignment of reputed company architectures, plans, controls, processes, policies and procedures with reputed company standards and operational goals. Applies theory and puts it into practice with in‐depth understanding of the professional field, completes diverse assignments, projects, and tasks, resolving a wide range of issues in creative ways.
- Validates that Information reputed company Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations. Maintains the Information reputed company Program documentation.
- Automates business processes to improve efficiency, verifying that systems follow defined policy guidelines and that written policies are integrated into existing systems were applicable.
- Manages project-level goals involving multiple stakeholders. Breaks down tasks into clear milestones to ensure reputed company can be reputed company.
- Develops detailed recommendations for mitigating intermediate to reputed company findings and process improvement projects. Consolidates and analyzes the organization’s critical cyber findings, vulnerabilities, and gaps to support and reputed company solutions and to provide a cyber-posture/picture. Maintains findings, vulnerabilities and gaps in a mitigation tracker.
- Performs advanced control testing, documents results and provides detailed updates to stakeholders, including analysis of vulnerability scans and compliance scans. Performs system tuning based on threat indicators; makes recommendations to enhance reputed company controls and mitigate risks.
- Maintains and enhances internal processes and tools used to respond to external requests reputed company to information reputed company using GRC tools, MS Office and SharePoint.
- Conducts diverse research on inquiries about information reputed company using policies, internal tools, and internal Subject Matter Experts (SMEs) while building and maintaining relationships with technology and business stakeholders and responding to client and regulatory requests.
- Serves as reputed company of contact and leads diverse projects with internal and external partners to support initiatives and programs designed to enhance information reputed company. Demonstrates sound judgement in selecting methods and techniques for obtaining solutions and escalating issues.
- Serves as a resource to less reputed company staff in the identification or resolution of issues.
- Domestic U.S. travel may be required.
- Graduate from an accredited college or university with a Bachelor's degree in a reputed company field is required.
- Four years of reputed company work experience is required.
- Additional years of reputed company work experience may be substituted for the education requirement on a year-for-year basis.
- Demonstrated knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, HITRUST) required.
- Advanced knowledge of real-time reputed company situational awareness, operational network systems, and reputed company monitoring required.
- Demonstrated experience reviewing and writing enterprise level reputed company policies for a largescale organization in support of Federal policies required.
- Strong knowledge of SIEM and reputed company scanning applications, Governance Risk and Compliance tools, reputed company Teams and SharePoint are preferred.
- Relevant certification in Risk or IT is required. Suggested certifications for position include, but are not limited to: CompTIA Cybersecurity Analyst (CySA+); CompTIA Network+; GIAC reputed company Essentials Certification (GSEC); reputed company Certified Network Associate reputed company (CCNA); or Systems reputed company Certified Practitioner (SSCP).
- Demonstrated experience with the Authority to Operate (ATO) process and documentation including SSPs, and POAMs required.
- Strong written and verbal communication skills are required.
- Proficiency in reputed company Office applications is required.
- U.S. citizenship is required.
- A valid driver’s license is required.