Cybersecurity Analyst III

At CoreCivic, our employees are driven by a deep sense of service, high standards of professionalism and a responsibility to better the public good. CoreCivic is currently seeking a Cybersecurity Analyst III located at our corporate office in Brentwood, TN. Come join a team that is dedicated to making an impact for the people and communities we serve.

This will be a hybrid work position with weekly in-office expectations. The position will be based in Nashville, TN.

The Cybersecurity Analyst III leads the development and maintenance of the CoreCivic cyber regulatory compliance program to support the alignment of security architectures, plans, controls, processes, policies and procedures with security standards and operational goals. Serves as the technical leader with a high degree of knowledge in the field and demonstrated expertise in specific areas. Problem-solves, analyzes unique issues and problems without precedent or structure. Completes assignments, projects, and tasks of complex to highly complex scope and complexity.

• Leads the validation process to ensure that Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer/client expectations. Maintains the Information Security Program documentation.

• Leads initiatives to automate business processes to improve efficiency, ensuring that systems follow defined policy guidelines and written policies are integrated into existing systems were applicable.

• Collaborates beyond organizational boundaries and proactively identifies the best strategies to drive business value.Works in close partnership with senior leadership to influence the overall direction of information security compliance.

• Develops detailed recommendations for mitigating complex to highly complex findings and process improvement projects. Consolidates and analyzes the organization's critical cyber findings, vulnerabilities, and gaps to support and develop solutions and to provide a cyber-posture/picture.Maintains findings, vulnerabilities and gaps in a mitigation tracker.

• Performs broad in-depth control testing, documents results and provides detailed updates to stakeholders, including analysis of vulnerability scans, compliance scans, and performs broad in depth system tuning based on threat indicators. Makes complex to highly complex recommendations to enhance security controls and mitigate risks.

• Leads the maintenance and enhancement of internal processes and tools used to respond to external requests related to information security using GRC tools, MS Office and SharePoint.

• Conducts in-depth research on inquiries about information security using policies, internal tools, and internal Subject Matter Experts (SMEs) while building and maintaining relationships with technology and business stakeholders and responding to client and regulatory requests.

• Serves as point of contact and leads complex to highly complex projects with internal and external partners to support initiatives and program designed to enhance information security.Manages programs that include formulating strategies and administering policies, processes, and resources.

• Serves as a resource to less experienced staff in the identification or resolution of complex issues.

• Domestic U.S. travel may be required.

Qualifications:

• Graduate from an accredited college or university with a Bachelor's degree in a related field is required.Six years of related work experience is required. Additional years of related work experience may be substituted for the education requirement on a year-for-year basis.

• In-depth knowledge of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, HITRUST) required.

• In-depthknowledge of real-time security situational awareness, operational network systems, and security monitoring required.

• In-depth experience reviewing and writing enterprise level security policies for a largescale organization in support of Federal policies required.

• In-depth knowledge of SIEM and security scanning applications, Governance Risk and Compliance tools, Microsoft Teams and SharePoint are preferred.

• Relevant certification in Risk or IT is required.Suggested certifications for position include, but are not limited to:Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); Certified Information Systems Auditor (CISA); Certified Cloud Security Professional (CCSP); or Offensive Security Certified Professional (OSCP).

• In-depth experience with the Authority to Operate (ATO) process and documentation including SSPs, and POAMs is required.

• Strong written and verbal communication skills are required.

• Proficiency in Microsoft Office applications is required.

• U.S. citizenship is required.

• A valid driver's license is required.

CoreCivic is a Drug-Free Workplace and EOE - including Disability/Veteran.