Senior Cybersecurity Analyst – GRC & Network Security

The Senior Cybersecurity Analyst is focused on Governance, Risk, and Compliance (GRC), Operational Technology (OT) network security, and vulnerability management, ensuring organizational systems and data remain secure and compliant.

·         Governance, Risk, and Compliance (GRC):

o    Develop, maintain, and refine comprehensive compliance frameworks including System Security Plans (SSP), Technology Control Plans (TCP), and Plans of Action and Milestones (POAM).

o    Ensure adherence to federal and industry regulations such as NIST 800-171, CMMC, DFARS, and other relevant standards.

o    Lead regular audits, assessments, and risk evaluations to map cybersecurity risks and develop actionable remediation strategies.

·         Operational Technology (OT) Network Security and Vulnerability Management:

o    Lead OT vulnerability management activities, including asset discovery, risk-based vulnerability identification, prioritization, and remediation planning tailored to operational constraints and safety requirements.

o    Establish and enforce OT-specific network segmentation, access control, and monitoring strategies aligned with Purdue Model and zero-trust principles where operationally feasible.

o    Develop and maintain OT security standards, procedures, and documentation aligned with IEC 62443, NIST, and industry best practices.

·         Collaboration & Reporting:

o    Collaborate with IT and business partners to assess risk exposures, define security requirements, and align cybersecurity strategies with organizational goals.

o    Prepare detailed reports and dashboards for senior management, providing insights into risk posture, compliance status, and recommendations for enhancement.

o    Facilitate the development, adoption, and enforcement of cybersecurity policies and procedures, ensuring company-wide adherence and awareness.

·         Third-Party Risk Management for OT Environments:

o    Develop, maintain, and govern a new OT-focused third-party risk register that captures vendor access, system dependencies, and operational impact across industrial and control system environments.

o    Partner with procurement, legal, engineering, and operations teams to ensure OT vendor contracts, onboarding, and renewals include appropriate cybersecurity and access control requirements.

o    Support ongoing monitoring and periodic reassessment of OT third-party risks, incorporating changes in vendor access, system architecture, threat intelligence, and regulatory expectations.

ASRC’s Core competencies include Leading Self, Leading People, and Leading the Organization. In addition to our core competency model, our framework includes competencies specific to the various levels of positions within our company. For more information on our core competencies, please contact the HR Department and reference the ASRC Leadership Framework.

Customer Focus

1.   Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.

Drive for Results

2.   Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results.  

Problem Solving

3.   Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers.

Time Management

4.    Uses time effectively and efficiently, concentrating his/her efforts on the more important priorities.

·         Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or another related field.

   o    Additional experience may substitute on a year-for-year basis.

·         Five (5) years of professional experience in cybersecurity with a strong focus on GRC and network security operations.

• Solid understanding of industry standards and regulatory requirements including NIST, CMMC, DFARS, among others.
• Demonstrated expertise in developing and managing cybersecurity compliance frameworks and conducting thorough risk assessments.
• Proficiency in the overall Microsoft 365 suite of products
• Professional certifications such as CISSP, CEH, CCTIP, GCIH, CTIA, CISA, PCI, CISM, CCNA or equivalent are highly preferred.
• Experience working with and in, and providing logistics for, remote Alaskan industrial environments preferred.

This role is based in a dynamic, in-person office environment located in Alaska or Arizona. Occasional travel may be required to support incident response, audits, and cross-team collaborations.

If you are an experienced cybersecurity expert with a passion for fortifying network infrastructures and driving compliance through robust GRC frameworks, we encourage you to join our team. Your contribution will be pivotal in maintaining our industry leadership and safeguarding our organizational assets against evolving cyber threats.

NOTE:  This document does not create an employment contract, implied or otherwise. The statements contained herein are intended to describe the principal functions of this position, the level of knowledge and skill typically required, and the scope of responsibilities, but should not be considered an all-inclusive listing of work requirements.