Rhymetec is a company focused on compliance, cyber security, and data privacy. They are seeking a Cyber Security Analyst who will architect, develop, and implement solutions to help clients achieve and manage security metrics and compliance requirements, while also enhancing internal cloud security posture.
Responsibilities:
- Prepare agendas and reference documents for meetings with clients
- Assist in building and managing cyber security programs for Rhymetec’s customers based on industry standard cyber security compliance frameworks
- Conduct meetings with clients regularly
- Configure performance monitoring alarms in AWS, Azure, GCP, Datadog and other cloud infrastructures
- Configure Security alarms and Intrusion Detection Systems in AWS, GCP, Azure
- Set up supporting security applications
- Set up mobile device management applications such as Jamf, Jumpcloud, Microsoft Endpoint manager, Hexnode, etc
- Configure and maintain compliance monitoring platforms
- Conduct internal audits, risk assessments, and generate reports
- Conduct Incident Response Tabletop exercises with clients
- Conduct Business Continuity and Disaster recovery tabletop exercises with clients
- Document and lead incident response process should an incident arise
- Translate SOC 2 Type 2, ISO 27001, GDPR, and HIPAA controls into actionable items for clients
- Conduct employee access reviews, SaaS vendor security assessments, and Gap assessments
- Triage bug/vulnerability reports from security researchers
- Complete security questionnaires on behalf of clients
- Draft supporting documents for clients’ information security management systems and information security policies
- Gather and maintain evidence of compliance for various frameworks
- Lead engagements with auditors on behalf of clients
- Communicate tasks to clients’ employees and educate clients on security best practices
- Troubleshoot issues that may arise within our scope of work
- Duties listed here are not exhaustive and may change or grow as does the business need for its employees
- Quarterly travel may be required
Requirements:
- Bachelor's Degree from an accredited university in a Technology or Cybersecurity field OR 4+ years of direct experience in listed areas
- 3+ years of work experience working with technology, cybersecurity, and regulatory compliance
- Experience in customer service and ability to develop professional relationships with customers
- Extensive knowledge of compliance and regulatory frameworks (PCI, ISO/IEC, SOC 2, HIPAA, GDPR)
- Strong logical security skills, with experience in cloud security
- Understanding of cloud environments (AWS, GCP, Azure) and integrating security controls through DevOps and Infrastructure as a Service (IaaS) techniques
- Preferred experience in translating and implementing HIPAA, HITRUST, GDPR, CCPA, NIST 800-53 and other compliance frameworks
- Preferred Certification(s): Cloud+, CySA+, CISSP, CISM