Cybersecurity Compliance Analyst

Cybersecurity Compliance Analyst – In Office (Houston, TX) TheCybersecurity Compliance Analystis responsible for maintaining and enhancing the organization’sStateRAMP Continuous Compliance Program. This person hasday-to-day responsibilityfor executing and maintaining allCCP, change management, patching, and incident response processes, including ensuring that alldocumentation, meeting minutes, and other compliance deliverablesare keptaccurate, up to date, and current. The ideal candidate must beexcellent at documentation, organization, and follow-through, ensuring that compliance activities are executed with precision and consistency. The analyst will play a central role in gathering and maintaining compliance documentation, monitoring vulnerabilities, and driving accountability across IT and engineering teams to meet definedService Level Agreements (SLAs)for security remediation. This position requires a proactive“Champion of Change”who thrives on collaboration, precision, and continuous improvement in compliance posture. Key Responsibilities Continuous Compliance Operations Manage daily and monthly compliance activities to ensure continuous alignment withStateRAMPandNIST 800-53frameworks. Collect, validate, and maintain all evidence and documentation required for audits and assessments. Coordinate with internal and external auditors during annual and continuous monitoring reviews. Governance, Risk, & Compliance (GRC) Management Operate within the organization’sGRC platformto maintain real-time visibility of compliance controls and risks. Aggregate and analyze vulnerability data (CVEs) from various scanning tools (e.g., Nessus, Qualys, Azure Defender) into a unified monthly report. Change, Patch & Incident Management Administer and continuously improve theChange Management,Patch Management, andIncident Managementprograms. Track and enforce patching, CVE remediation, and configuration changes in accordance with defined SLAs. Escalate SLA violations directly to theCISO, with the full backing of theCIOandCTOfor enforcement actions. Partner with engineering, network, and application teams to ensure timely resolution of findings and ongoing compliance. Cybersecurity Awareness & Training Support and help enforce theCybersecurity Awareness Program. Provide input into awareness campaigns, training metrics, and compliance participation tracking. Act as a culture advocate to promote security-first behaviors across the organization. Identify process gaps and propose improvements to strengthen the compliance lifecycle. Support automation of evidence collection, patch validation, and compliance reporting through GRC integrations and scripts. Contribute to the maturity roadmap for continuous monitoring and compliance automation. Required Qualifications ITIL Certification (v3 or v4) — required. Bachelor’s degree in Information Technology, Cybersecurity, or related field, or equivalent experience. 3+ years of experience in cybersecurity governance, compliance, or risk management. Working knowledge of StateRAMP , FedRAMP , or NIST SP 800-53 control frameworks. Strong understanding of change , patch , and incident management best practices. Experience using GRC tools (e.g., Archer, ServiceNow, Microsoft Compliance Manager, or similar). Demonstrated ability to analyze CVEs, manage vulnerability data, and track remediation activities. Preferred Qualifications Certifications such asSecurity+, CAP, CISA, or CISSP. Experience withAzure,Microsoft Purview, or other cloud compliance solutions. Familiarity with automated compliance reporting and dashboarding tools. Excellent communication, collaboration, and influence skills to drive accountability. Attributes Champion of Change: Motivates others to adopt and maintain a compliance-first mindset. Detail-Oriented: Diligent in documentation, reporting, and control evidence accuracy. Accountability-Driven: Holds cross-functional teams responsible for SLA adherence. Collaborative: Works effectively with software, network, and infrastructure teams. Analytical: Able to synthesize vulnerability and compliance data into actionable insights. Organized & Reliable: Demonstrates exceptional follow-through on deliverables and commitments. Reporting & Structure Reports to: CISO Supports: CIO and CTO on escalations and compliance initiatives. Authority: Empowered to hold engineering, network, and infrastructure teams accountable to patching, CVE remediation, and compliance SLAs. Ready to Join the Team? Be part of a team that is passionate about making a positive impact on the construction industry. If you are a highly motivated and results-oriented, we encourage you to apply! #J-18808-Ljbffr Atser, Lp