ARMADA
Cybersecurity Engineer Risk & Compliance
As part of our continued growth and our commitment to fostering an exceptional, collaborative work environment, we’re thrilled to announce that our office will be relocating to a brand-new building at 2000 Innovation Drive, Wexford PA 15090 at the beginning of this year. In the meantime, hybrid employees will continue working from our current location at RIDC – O’Hara until the transition is complete. We’re excited about this next chapter and look forward to welcoming new team members to our growing organization! This role will be instrumental in enhancing our security posture by managing SOC2 controls, interpreting audit findings, and aligning our cybersecurity strategy with industry standards such as NIST Cybersecurity Framework (CSF) and CIS Controls. The ideal candidate will also have deep experience in protecting sensitive customer data and ensuring compliance with partner and client security requirements. Key Responsibilities: Lead the design, implementation, and maintenance of cybersecurity risk management programs. Manage and assess third-party/vendor risk, including due diligence, risk assessments, and ongoing monitoring. Oversee and maintain SOC2 control environments, including evidence collection, control testing, and remediation of findings. Ensure robust controls are in place to protect sensitive customer data, including data classification, encryption, access controls, and secure data handling practices. Collaborate with internal teams and external partners to meet partner security requirements, including responding to security questionnaires, audits, and assessments. Map and align security controls to NIST CSF and CIS Controls, ensuring continuous improvement and maturity of the cybersecurity program. Develop and maintain risk registers, control matrices, and compliance documentation. Provide expert guidance on risk mitigation strategies and security best practices. Monitor and report on cybersecurity metrics, risk indicators, and compliance status to leadership. Support incident response and business continuity planning from a risk and compliance perspective. Assist with other Cybersecurity tasks as needed. Required Qualifications: Bachelor’s degree in Cybersecurity, Information Technology, or a related field. 2+ years of experience in cybersecurity engineering with a focus on risk management and compliance. Deep understanding of the SOC2 framework, including control design, implementation, and audit processes. Proven experience with NIST CSF and CIS Controls. Demonstrated experience managing controls around sensitive customer data and ensuring compliance with partner/client security requirements. Strong knowledge of third-party risk management practices and tools. Excellent analytical, communication, and documentation skills. Preferred Skills: Familiarity with GRC platforms (e.g., Hyperproof, OneTrust, AuditBoard, Archer, ServiceNow GRC). Relevant certifications such as CRISC, CGRC, CISA, or CISSP are highly desirable. Experience working in regulated industries (e.g., logistics, transportation, software). Knowledge of cloud security frameworks (e.g., AWS Well-Architected, Azure Security Benchmark). Ability to translate technical risks into business impacts for non-technical stakeholders. Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr
As part of our continued growth and our commitment to fostering an exceptional, collaborative work environment, we’re thrilled to announce that our office will be relocating to a brand-new building at 2000 Innovation Drive, Wexford PA 15090 at the beginning of this year. In the meantime, hybrid employees will continue working from our current location at RIDC – O’Hara until the transition is complete. We’re excited about this next chapter and look forward to welcoming new team members to our growing organization! This role will be instrumental in enhancing our security posture by managing SOC2 controls, interpreting audit findings, and aligning our cybersecurity strategy with industry standards such as NIST Cybersecurity Framework (CSF) and CIS Controls. The ideal candidate will also have deep experience in protecting sensitive customer data and ensuring compliance with partner and client security requirements. Key Responsibilities: Lead the design, implementation, and maintenance of cybersecurity risk management programs. Manage and assess third-party/vendor risk, including due diligence, risk assessments, and ongoing monitoring. Oversee and maintain SOC2 control environments, including evidence collection, control testing, and remediation of findings. Ensure robust controls are in place to protect sensitive customer data, including data classification, encryption, access controls, and secure data handling practices. Collaborate with internal teams and external partners to meet partner security requirements, including responding to security questionnaires, audits, and assessments. Map and align security controls to NIST CSF and CIS Controls, ensuring continuous improvement and maturity of the cybersecurity program. Develop and maintain risk registers, control matrices, and compliance documentation. Provide expert guidance on risk mitigation strategies and security best practices. Monitor and report on cybersecurity metrics, risk indicators, and compliance status to leadership. Support incident response and business continuity planning from a risk and compliance perspective. Assist with other Cybersecurity tasks as needed. Required Qualifications: Bachelor’s degree in Cybersecurity, Information Technology, or a related field. 2+ years of experience in cybersecurity engineering with a focus on risk management and compliance. Deep understanding of the SOC2 framework, including control design, implementation, and audit processes. Proven experience with NIST CSF and CIS Controls. Demonstrated experience managing controls around sensitive customer data and ensuring compliance with partner/client security requirements. Strong knowledge of third-party risk management practices and tools. Excellent analytical, communication, and documentation skills. Preferred Skills: Familiarity with GRC platforms (e.g., Hyperproof, OneTrust, AuditBoard, Archer, ServiceNow GRC). Relevant certifications such as CRISC, CGRC, CISA, or CISSP are highly desirable. Experience working in regulated industries (e.g., logistics, transportation, software). Knowledge of cloud security frameworks (e.g., AWS Well-Architected, Azure Security Benchmark). Ability to translate technical risks into business impacts for non-technical stakeholders. Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr