Own The Role:
SP6 is looking for a Senior Information Security & Compliance Analyst (CMMC/NIST 800-171, SOC2, subject matter expert (SME)) wanting to take the next step in their career! In this role, you will spearhead SP6’s internal security and compliance initiatives. This is an opportunity for anyone truly passionate about Information Security & Compliance. You will be tasked with building out an internal function from the ground up to help SP6 achieve and maintain CMMC level 2 and SOC2 compliance using a risk driven approach!
In this role, you will be working cross-functionally with leadership assessing and managing risk, identifying security and compliance needs, and leading both internal and external teams to achieve these strategic goals. You will also be advising and following-up with internal teams compliance education to ensure the organization is implementing best practices as we continue to grow.
After initial department build-out, this role will also encompass up to 25% client-facing consulting. In this setting, you will be working in conjunction with our compliance SMEs to provide pre-audit readiness assessments and post-assessment plans of action and milestones (POAM) around the CMMC framework.
How You’ll Drive Success:
- Approximately 75% of this role is focused on the development, implementation, and continuous maturation of SP6’s internal IT and InfoSec infrastructure to ensure compliance is maintained within cyber frameworks (CMMC/NIST 800-171, SOC2, and other compliance frameworks as needed).
- Up to 25% supporting the day-to-day activities of engagements for external clients, as a contributing member if SP6’s customer-facing Cyber Risk & Compliance practice. In this role, you will assist external customers in their DFARS, CMMC, and NIST 800-171 compliance initiatives.
- Staying current with new and emerging security threats and industry trends to identify potential risks and recommend appropriate controls and countermeasures.
- Working closely with internal and external stakeholders to ensure that security and compliance requirements are met and that the company maintains its reputation as a trusted partner.
- Taking ownership of security policies and coordinating with 3rd party managed services to validate policies.
- Identifying, evaluating, and implementing new tools and vendors as needed to accomplish strategic Compliance and Security goals.
- Overseeing the preparation, schedule, cost analysis/budget, vendor management, and final approval of Compliance and Security projects.
- Incorporating and implementing strong security controls, identifying any vulnerabilities in our current network, applications, and infrastructure.
- Reviewing and answering security compliance questionnaires submitted by potential clients.
- In-depth knowledge of relevant security regulatory compliance requirements and translating those into business processes and security controls to enhance and support SP6’s compliance capabilities.
- Establishing and maintaining effective working relationships with colleagues, existing clients, and prospective client organizations.
To Be Successful:
- 8 years of experience in IT infrastructure and security.
- 3 years of experience working with compliance frameworks (SOC2, FEDRAMP, NIST CSF)
- 1 year of experience leading external and internal auditors (CMMC)
- Experience working with ISO 27001 and ISO 9001
- Extensive knowledge of IT/security engineering principles and procedures.
- Working knowledge of security tools such as SIEM, MFA, XDR, etc.
- CISSP, CISM, CRISC, or other related certifications
- CMMC-RP, CMMC-PA, or CCP
- Recognized as one of North America’s top professional service partners.
- The chance to be part of a winning team and a premier Splunk partner.
- Competitive salary and OTE.
- 100% employer-paid health insurance (Gold-rated plan).
- 401(k) with company match.
- 30 days of annual paid time off (4 weeks Paid Time Off + Holidays)
- Significant Training and Development and Certification attainment.
- Opportunity for long-term career advancement.
- Your contributions are felt and recognized by our growing company.
- Grown over 100% in the last 2 years.
SP6 is a niche technology firm advising organizations on how to best leverage the combination of big data analytics and automation across distinct (3) practice areas:
- Cybersecurity Operations and Cyber Risk Management (including automated security compliance and security maturity assessments).
- Fraud detection and prevention
- IT and DevOps Observability and Site Reliability
Each of these distinct domains is supported by SP6 team members with subject matter expertise in their respective disciplines.
SP6 provides Professional Services as well as ongoing Co-Managed Services in each of these solution areas. We also assist organizations in their evaluation and acquisition of appropriate technology tools and solutions. SP6 operates across North America and Europe.