Cybersecurity Analyst
Role summary
Armis is seeking a Cybersecurity Analyst to join its Governance, Risk, and Compliance (GRC) team. This role is crucial for supporting commercial compliance efforts and strengthening the company's overall security posture. The analyst will focus on evidence gathering, documenting control implementations, and ensuring the efficient operation of security processes. Key responsibilities include supporting external and internal audits for various frameworks (e.g., SOC 2, ISO 27001), managing evidence collection and monitoring, updating security policies, assisting with vendor risk management, and completing security questionnaires for RFPs. The position requires a foundational understanding of IT, OT/ICS, cloud platforms (AWS/GCP), and core security concepts, with a minimum of 5 years of relevant experience.
### Who you are
- 5+ years of experience in a security, IT audit, GRC or related technical field
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent professional experience will be considered in lieu of a degree
- Maintain industry certifications such as CompTIA Security+ and work toward advanced certifications such as (ISC)² CISSP
- Foundational understanding of diverse regulatory environments and major security frameworks and compliance standards (e.g., ISO, SOC, HIPAA, SOX, NIST, FedRAMP, GovRAMP, DoD IL 5/6 PCI DSS)
- Foundational understanding of enterprise IT and OT/ICS environments, including network protocols, operating systems, cloud platforms and security technologies
- Foundational understanding of core cloud technologies, particularly security concepts and services within AWS and GCP
- Strong organizational skills, exceptional attention to detail, and the ability to manage documentation effectively
- Excellent written communication skills, with experience reviewing and editing formal technical documents and policies
- Prior experience in directly supporting security audits for the frameworks noted above
- Familiarity with the FedRAMP authorization process and compliance requirements
- Detailed understanding of core security concepts, including data encryption, logical access controls, and boundary security mechanisms
- Working experience with Linux operating systems
- Experience supporting security or compliance efforts in AWS and GCP cloud environments
- Experience working with a global team where the majority of team members are remote
- Experience working with task planning tools like JIRA and Asana
- Experience managing content throughout its lifecycle in the Microsoft Office 365 and Google Workspace ecosystems
- Experience using GRC automation and evidence management platforms such as Anecdotes, Drata, or similar tools to streamline compliance processes and maintain continuous monitoring
### What the job involves
- As Armis rapidly scales its operations, we are seeking a motivated Cybersecurity Analyst to join our Governance, Risk and Compliance team and directly support our commercial compliance efforts
- This role will be an integral part of maintaining and strengthening our overall security posture
- You will focus on the foundational work of security, assisting our team in gathering essential evidence, documenting control implementation across our platforms, and ensuring the smooth operation of our key security processes
- You will collaborate closely with various departments and end-users across the company, primarily supporting the vital functions of the Office of the Chief Information Security Officer (OCISO) team
- Audit and Assessment Support: Provide direct support for external and internal audit efforts, specifically focusing on frameworks such as SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, and ISO 42001
- Evidence Management & Monitoring: Execute and document procedures for continuous monitoring and evidence gathering. You will also implement automated solutions, including utilizing AI, to effectively reduce manual efforts associated with repetitive evidence collection tasks, ensuring security artifacts are accurately captured and readily available
- Policy and Documentation: Review, edit and update internal security policies, standards and procedures to ensure they accurately reflect current operational controls and compliance requirements
- Vendor and Supply Chain Risk Management (SCRM): Assist in the supply chain risk management program by tracking vendor compliance documentation, reviewing vendor security posture, and maintaining the vendor risk register
- Risk and Sales Support: Participate in internal security audits and support the business development team by completing security questionnaires for Requests for Proposal (RFP), ensuring accurate and compliant representation of our controls
### Benefits
- Medical, dental, insurance
- Pension, 401k match
- “ME Day” each month (Global 1st Friday)
- WeWork subscriptions, remote work
- Commuter benefits, legal services, pet, auto, home & renters insurance, and more
- Career development resources, access to Reaction Club wellness app, and virtual bonding events
Similar roles
Cybersecurity AnalystProgress Rail, A Caterpillar Company · Albertville, Alabama, United States · Onsite- Cybersecurity AnalystIntelliDyne · Washington, District of Columbia, United States · Hybrid
Sr Cybersecurity AnalystREPKON USA · Tampa, Florida, United States · Onsite
Cybersecurity AnalystFetchJobs.co · United States · Onsite- Sr. Cybersecurity AnalystCyber Focus AI · United States · Remote
