The CMMC Information Security Analyst supports a key compliance program within the Office of Information Security to ensure Northeastern University's compliance with established safeguards for the handling of Controlled unclassified information (CUI), in addition to certification of compliance with security standards established by the United States Department of Defense under the Cybersecurity Maturity Model (CMMC).
Compliance to security standards regarding the handling of CUI, and Cybersecurity Maturity Model certification (CMMC) demonstrates the University's dedication to secure practices which protect information and data as well as maintaining continuity of Governmental-funded research opportunities.
The CMMC Information Security Analyst role bridges the gap between high-level security policies/requirements, and with direct collaboration across various units of the University, such as Human Resources, the (OGC) Office of General Counsel, and Northeastern University Research Enterprise Services (NU-RES), provides guidance regarding the implementation of technical, operational and procedural controls which support compliance to CUI Policies, and assurance of obtaining and maintaining Cybersecurity Maturity Model (CMMC) Certification.
This position will report to the CMMC Program Manager, and the right individual for this role will have the ability to build the required business partnerships and has had experience with a variety of compliance frameworks, proficiency in technical concepts, and a solid understanding of Information/Cyber Security principals as well as the ability to manage complex projects.
Assist business units assess, design, and implement new cybersecurity controls, sustainable solutions (including applying knowledge of governance, risk and compliance tools), operating processes, and people models to address key and evolving risks and regulatory or policy requirements.
Work with business partners to understand and analyze known IT control weaknesses, identify root causes, and assist with the development and tracking of detailed, robust remediation plans.
Keep apprised on published changes to NIST standards, Risk Management Framework (RMF), or (CMMC) Cybersecurity Maturity Model requirements which would have direct impact to the University's compliance and certification posture. Including the ability to assess, translate and communicate those impacts to Senior leadership and technical or business partners.
Summarizing and communicating IT controls requirements and compliance assessment results to a variety of stakeholders, including senior leadership.
identify gaps in design and execution, and communicate issues and recommendations to engagement leads and senior management
Track and report on key compliance metrics.
Work with senior leadership on various other cybersecurity or risk compliance
At Team ITS, your success matters as much as the mission. Learn more about our flexible, highly dynamic, and values-first culture at careers.its.northeastern.edu.
This position is eligible for remote work.
Candidates should have in-depth understanding (SME) of the cybersecurity policies and procedures for information systems involved with handling Controlled Unclassified Information (CUI) along with sufficient technical knowledge/experience to implement them. This is a multi-tasking environment that demands customer service, communication, and organizational skills. A successful candidate will be motivated, results-oriented, and have a willingness to learn. The Information Security Analyst will maintain the operational security posture to ensure information systems (IS) security policies, standards, and procedures are established and followed.
Bachelor's degree in Computer Science or Information Systems
Cybersecurity related certification (e.g., CISSP, CISM, CISA)
4+ years of experience in in the field of Cyber Security and Information Risk Management
Strong familiarity with NIST and Risk Management Framework (RMF), including NIST SP800-53 and NIST 800-17, NIST CSF, FISMA, and the (CMMC) Cybersecurity Maturity Model.
Experience with security monitoring, metrics, and logging solutions/strategies across applications, systems, and services where available.
Strong understanding of vulnerability management and remediation processes, and fundamentals of continuous monitoring.
Understanding of the concepts for Cloud Computing environments and Information Security controls within those Cloud environments inclusive of AWS, and Azure (Government).
The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations. Must be able to communicate technical and programmatic concepts effectively to a wide variety of audiences.
NICE TO HAVES
Former Military or DoD Civilian roles in the Supply or Cybersecurity spaces are highly encouraged to apply
Previous experience in Information Security, Audit & Risk Assurance, or Information Assurance roles
AWS, Azure, Google, or other industry-standard certifications
Professionally documenting the results of IT controls test work in a consistent and high-quality manner that would allow a reviewer to repeat the test and reach the same conclusion.
Working with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed, robust remediation plans.
Summarizing and communicating IT controls assessment results to a variety of client stakeholders, including senior leadership personnel.
Work with research and other university stakeholders to perform incident response; raise awareness on security initiatives; and track and report on key metrics.
Northeastern University is an equal opportunity employer, seeking to recruit and support a broadly diverse community of faculty and staff. Northeastern values and celebrates diversity in all its forms and strives to foster an inclusive culture built on respect that affirms inter-group relations and builds cohesion.
All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.
Founded in 1898, Northeastern University is a private research university located in the heart of Boston. Northeastern is a leader in worldwide experiential learning, urban engagement, and interdisciplinary research that meets global and societal needs. Our broad mix of experience-based education programs?our signature cooperative education program, as well as student research, service learning, and global learning?build the connections that enable students to transform their lives. The University offers a comprehensive range of undergraduate and graduate programs leading to degrees through the doctorate in nine colleges and schools.