Cybersecurity Analyst I

At CoreCivic, our employees are driven by a deep sense of

service, high standards of professionalism and a responsibility to better the

public good. CoreCivic is currently seeking a Cybersecurity Analyst I located

at our corporate office in Brentwood, TN. Come join a team that is

dedicated to making an impact for the people and communities we serve.

This

position requires 4 days (Mon- Thurs) onsite in Brentwood, TN.

The Cybersecurity Analyst I supports the development and

maintenance of the CoreCivic cyber regulatory compliance program to support the

alignment of security architectures, plans, controls, processes, policies and

procedures with security standards and operational goals. Applies

acquired job skills, policies, and procedures to complete assignments,

projects, and tasks of moderate scope and complexity.

1. Assists with validating that Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations.
2. Maintains the Information Security Program documentation.
3. Facilitates sessions with technology stakeholders to review requirements, determine applicable security controls, and analyze gaps between requirements and current capabilities.
4. Assists in the creation and documentation of compensating and mitigating controls.
5. Assists with automating business processes to improve efficiency, verifying that systems follow defined policy guidelines and that written policies are integrated into existing systems were applicable.
6. Makes recommendations for mitigating findings and process improvement projects.
7. Consolidates and analyzes the organizations critical cyber findings, vulnerabilities, and gaps to support and develop solutions and to provide a cyber-posture/picture.
8. Maintains findings, vulnerabilities and gaps in a mitigation tracker.
9. Performs control testing, documents results and provides detailed updates to stakeholders, including analysis of vulnerability scans and compliance scans.
10. Performs level appropriate system tuning based on threat indicators; makes basic to intermediate recommendations to enhance security controls and mitigate risks.
11. Assists in the maintenance and enhancement of internal processes and tools used to respond to external requests related to information security using GRC tools, MS Office and SharePoint.
12. Conducts research on inquiries about information security using policies, internal tools, and internal Subject Matter Experts (SMEs) while building and maintaining relationships with technology and business stakeholders and responding to client and regulatory requests.
13. Leads small to intermediate projects with internal partners to support initiatives and programs designed to enhance information security.
14. Exercises judgment within defined guidelines and practices to determine appropriate action.
15. Domestic U.S. travel may be required.

Qualifications:

• Graduate from an accredited
  
  college or university with a Bachelor's degree in a related field is required.
• Two years of related work experience is required.
• Additional years of related work experience
  
  may be substituted for the education requirement on a year-for-year basis.
• Demonstrated knowledge of industry standard regulations and risk management
  
  frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, HITRUST)
  
  required.
• General knowledge of real-time security situational
  
  awareness, operational network systems, and security monitoring required.
• Experience reviewing and
  
  writing enterprise level security policies for a largescale organization in
  
  support of Federal policies preferred.
• Knowledge of SIEM and security scanning applications, Governance Risk and
  
  Compliance tools, Microsoft Teams and SharePoint are preferred.
• Relevant certification in Risk or IT is required
  
  or must obtain certification within twelve months of start date in this
  
  position, such as ISACA
  
  CSX Cybersecurity Fundamentals Certificate; CompTIA A+; CompTIA Security +;
  
  GIAC Information Security Fundamentals (GISF); CSX Technical Foundations
  
  Certificate; or Microsoft Technology Associate Security Fundamentals.
• Demonstrated familiarity with the Authority
  
  to Operate (ATO) process and documentation including SSPs, and POAMs is required.
• Strong written and verbal communication
  
  skills are required.
• Proficiency in Microsoft Office applications is required.
• U.S. citizenship is required.
• A valid drivers license is required.
  
  

CoreCivic is a Drug Free Workplace & EOE Vets/Disabled.