Cybersecurity Analyst I

At CoreCivic, our employees are driven by a deep sense of service, high standards of professionalism and a responsibility to better the public good. CoreCivic is currently seeking a Cybersecurity Analyst I located at our corporate office in Brentwood, TN. Come join a team that is dedicated to making an impact for the people and communities we serve.

Thisposition requires 4 days (Mon- Thurs) onsite in Brentwood, TN.

The Cybersecurity Analyst I supports the development and maintenance of the CoreCivic cyber regulatory compliance program to support the alignment of security architectures, plans, controls, processes, policies and procedures with security standards and operational goals. Applies acquired job skills, policies, and procedures to complete assignments, projects, and tasks of moderate scope and complexity.

1. Assists with validating that Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations.

2. Maintains the Information Security Program documentation.

3. Facilitates sessions with technology stakeholders to review requirements, determine applicable security controls, and analyze gaps between requirements and current capabilities.

4. Assists in the creation and documentation of compensating and mitigating controls.

5. Assists with automating business processes to improve efficiency, verifying that systems follow defined policy guidelines and that written policies are integrated into existing systems were applicable.

6. Makes recommendations for mitigating findings and process improvement projects.

7. Consolidates and analyzes the organization's critical cyber findings, vulnerabilities, and gaps to support and develop solutions and to provide a cyber-posture/picture.

8. Maintains findings, vulnerabilities and gaps in a mitigation tracker.

9. Performs control testing, documents results and provides detailed updates to stakeholders, including analysis of vulnerability scans and compliance scans.

10. Performs level appropriate system tuning based on threat indicators; makes basic to intermediate recommendations to enhance security controls and mitigate risks.

11. Assists in the maintenance and enhancement of internal processes and tools used to respond to external requests related to information security using GRC tools, MS Office and SharePoint.

12. Conducts research on inquiries about information security using policies, internal tools, and internal Subject Matter Experts (SMEs) while building and maintaining relationships with technology and business stakeholders and responding to client and regulatory requests.

13. Leads small to intermediate projects with internal partners to support initiatives and programs designed to enhance information security.

14. Exercises judgment within defined guidelines and practices to determine appropriate action.

15. Domestic U.S. travel may be required.

Qualifications:

• Graduate from an accreditedcollege or university with a Bachelor's degree in a related field is required.

• Two years of related work experience is required.

• Additional years of related work experiencemay be substituted for the education requirement on a year-for-year basis.

• Demonstrated knowledge of industry standard regulations and risk managementframeworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, HITRUST)required.

• General knowledge of real-time security situationalawareness, operational network systems, and security monitoring required.

• Experience reviewing andwriting enterprise level security policies for a largescale organization insupport of Federal policies preferred.

• Knowledge of SIEM and security scanning applications, Governance Risk andCompliance tools, Microsoft Teams and SharePoint are preferred.

• Relevant certification in Risk or IT is requiredor must obtain certification within twelve months of start date in thisposition, such as ISACACSX Cybersecurity Fundamentals Certificate; CompTIA A+; CompTIA Security +;GIAC Information Security Fundamentals (GISF); CSX Technical FoundationsCertificate; or Microsoft Technology Associate Security Fundamentals.

• Demonstrated familiarity with the Authorityto Operate (ATO) process and documentation including SSPs, and POAMs is required.

• Strong written and verbal communicationskills are required.

• Proficiency in Microsoft Office applications is required.

• U.S. citizenship is required.

• A valid driver's license is required.

CoreCivic is a Drug Free Workplace & EOE - Vets/Disabled.