Job Specifications
Job Responsibilities:
We are seeking a Cybersecurity Analyst who will play a dual role in strengthening our organization’s cybersecurity posture. This position combines Governance, Risk, and Compliance (GRC) responsibilities with leadership in cybersecurity awareness and cultural change initiatives. You will collaborate across IT and business units to ensure regulatory compliance, mitigate risks, and foster a strong security culture through engaging awareness programs.
Key Responsibilities:
Implement governance and risk frameworks, manage IT controls, and support security audits and assessments.
Conduct IT and business risk assessments; maintain risk registers aligned with frameworks such as NIST and ISO 27001.
Manage corrective action plans identified in risk assessments through closure.
Ensure compliance with regulatory requirements (e.g., MTSA, GDPR) and maintain audit readiness.
Review cybersecurity clauses in contracts, exceptions requests, and mitigating controls.
Develop and monitor cybersecurity KRIs and KPIs; report risk and compliance metrics to leadership.
Support policy creation, updates, and governance initiatives to align IT security with business objectives.
Design and manage a comprehensive Cybersecurity Awareness Program, including phishing simulations and targeted training for high-risk roles..
Monitor Cyber Threat Intelligence sources (CISA, FBI, etc.) and propose innovative risk mitigation strategies.
Coordinate cybersecurity assessments (maturity, risk, penetration testing).
Maintain relationships with third-party risk assessment providers and ensure service levels.
Collaborate with system engineers to implement security controls and patches.
Qualifications:
Bachelor’s degree in Management Information Systems, Computer Science, Information Security, Risk Management, or related field.
4–5+ years in Information Security, Cybersecurity, or GRC roles.
Experience with frameworks like ISO 27001 and NIST 2.0
Proven experience in cybersecurity awareness program design and delivery.
Strong analytical and problem-solving abilities.
Excellent communication and stakeholder management skills.
Hands-on experience with GRC tools (e.g., RSA Archer, ServiceNow, AuditBoard).
Knowledge of adult learning principles and e-learning platforms.
Familiarity with OT network infrastructure, SCADA/DCS systems, and security integration into SDLC.
Knowledge of third-party risk management and vendor compliance.
Experience in IT auditing and identity/access management.
Preferred Certifications
CISSP, CISM, CISA, or equivalent.
GRC-related certifications (e.g., ISACA CRISC).
About the Company
Addison Group is a leading professional services firm specializing in talent solutions (staffing) and consulting services, offering a full suite of capabilities across multiple practice areas, including information technology, finance and accounting, non-clinical healthcare, human resources, administrative, and digital marketing.
We work in specialized markets and channel decades of expertise into real, honest conversations, not just software. We know that great teams start with great people. That means we focus on quality...
Know more