IT Compliance Analyst

Our IT Compliance Analyst will be responsible for monitoring and recording the compliance of our corporate IT security program (CMMC Level 2). This role requires a sharp eye for detail and a deep understanding of regulatory requirements. You will be a contributor in the development and maintenance of corporate policies and procedures, ensuring they remain in full compliance with federal regulation. Key responsibilities include: researching and anticipating new regulations, conducting periodic reviews of existing protocols, investigating potential breaches, and ensuring all documentation is meticulously maintained for audits. This is a vital position for a professional dedicated to upholding the highest standards of security and compliance. The IT Compliance Analyst position will support and participate in the day-to-day operations of the company but is not expected to perform IT tasks, nor are they required to be an IT professional.

Applicant must be a US citizen. Access to DoD facilities is required. Company is not able to sponsor work visa for this position.

This is an entry-level position that is done at our location and cannot be performed remotely.

Sign On Bonus

Collins Machine Works offers a sign on bonus in the amount of $2,000 to be paid after six months of satisfactory employment performance. Collins Machine Works also offers employee referral bonuses in the amount of $1,000 per referral to be paid after the referred employee completed six months of satisfactory employment performance.

Major Responsibilities & Essential Functions

The IT Compliance Analyst is responsible for ensuring personnel and programs adhere to the corporate IT security program (CMMC Level 2). Additionally, this person assists in the development and maintenance of corporate policy and procedures in order to comply with federal regulation. This involves researching upcoming changes to regulation, periodically reviewing existing procedures, reviewing suspicious activities, reporting breaches of protocol, and maintaining records for auditing.

• Monitor auditing software used in environment.
• Review reports and escalate to IT personnel for resolution as necessary.
• Periodically audit business functions for compliance.
• Participate in incident response and make reports detailing actions taken.
• Solicit feedback from personnel and work with IT to address employee concerns.
• Review IT tickets to provide guidance on corporate policy to IT technicians as needed. Report on conflicts arising within the IT environment and work alongside system owners and techs to find compliant complaint solutions.
• Participate in risk management reviews and produce reports of actions taken.
• Work with IT personnel, consultants, and internal stakeholders to develop and revise information security procedures and policies.
• Assist with reviewing and remediating items found during audits, both internal and external.
• Monitor and manage hardware and software baselines, including managing inventory of existing assets.
• Comply with company policies and procedures, as well as applicable laws, regulations, and statutes issued by federal agencies such as DoD, DOS, and DOJ, including, but not limited to, CMMC and ITAR. Employees have legal and regulatory obligations to respect and protect the privacy of information and its integrity and confidentiality.
• All other duties as assigned.

Benefits

• Medical, Dental and Vision Insurance
• 401K with company match
• Paid Time Off
• Short Term Disability and basic Life Insurance provided by company
• Supplementary Insurance: Accident, Critical Illness, Voluntary Life/AD&D, and Long Term Disability available
• Employee Assistance Programs
• Opportunity for yearly bonus, profit sharing, overtime, and night shift differential

Qualifications

The IT Compliance Analyst must have the ability to analyze, research, and resolve questions and possess the ability to learn quickly and adjust to technological changes. The ideal candidate must have the following skills & qualifications:

• Excellent communication, documentation skills, and the ability to understand and explain technical details to technical and non-technical audiences is required to be successful.
• Ability to effectively communicate on complex issues with a high level of effectiveness.
• The ability to work in a team, present a trustworthy image, and deal effectively with others is required.
• Strong reading comprehension, research, analytical, and testing skills.
• Experience with ISO 27001 ISMS, HITRUST, or CMMC compliance programs is strongly preferred.
• Able to work independently without significant supervision.
• Four (4) years of directly relevant experience or a bachelor's degree in a related field is required.
• ISACA Cybersecurity Fundamentals certification is required within 18 months.

Due to the critical nature of data security, each employee has the responsibility to protect company and government data. Employees have legal and regulatory obligations to respect and protect the privacy of information and its integrity and confidentiality. Guidance is contained in the company information security policies. Violations of policy may result in disciplinary action, up to and including termination.

PHYSICAL DEMANDS

• The analyst will be expected to spend long periods of time using a computer
• Ability to walk, reach, climb stairs, and stand in order to attend meetings and troubleshoot in a machine shop environment.
• Ability to lift and move up to 25 lbs. at a time when necessary

WORK ENVIRONMENT

• The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job
• The noise level in the work environment is usually moderate to high