Principal Information Systems Security Analyst

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We're independent and vendor-neutral, so we have our clients' best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

As a principal information systems security analyst in the Corporate Information Security practice area, you will collaborate with team members to advance and operationalize NYSTEC's enterprise information security program. This role assists the deputy chief in formation security officer (CISO) by providing leadership and oversight in designing, implementing, and continuously improving security controls across corporate and federal enclave environments.

Serving as a principal information systems security analyst, your day-to-day role as a NYSTEC consultant will involve driving cross-functional initiatives, coordinating compliance and risk management activities across teams, and influencing NYSTEC's security strategy, governance, and organizational risk posture.

• Own and manage the life cycle of security controls across frameworks (National Institute of Standards and Technology [NIST], System and Organization Controls [SOC] 2, CMMC), ensuring effectiveness, alignment, and audit readiness.
• Lead in developing and continuously improving enterprise security policies, standards, and compliance programs.
• Serve as subject matter expert for compliance initiatives (SOC 2, Cybersecurity Maturity Model Certification [CMMC]), including audit readiness, execution, and remediation.
• Drive enterprise risk management and third-party risk programs, including assessments, prioritization, and reporting.
• Lead internal and external audits, coordinating the collecting of evidence, engaging with the auditor, and remediating any found issues.
• Advise senior leadership on cybersecurity risks, compliance posture, and strategic direction.
• Partner with IT, engineering, and business teams to integrate security into architecture and operations, including secure environments and system hardening.
• Mentor team members, manage governance, risk, and compliance activities (e.g., Hyperproof), and contribute to security strategy, tooling, and incident response support.
• Provide on-call support for end users for all in-place security solutions.
• Perform other duties as assigned.

• Deep expertise in security frameworks and regulatory requirements - including NIST SP 800-53, NIST 800-171, CMMC, and SOC 2 - with experience owning or leading compliance efforts.
• Excellent understanding of secure system architecture, including experience supporting or designing segmented or enclave environments.
• Ability to lead cross-functional security initiatives, manage audits and assessments, and communicate risk, control effectiveness, and compliance posture to technical and nontechnical stakeholders.
• Experience with enterprise security operations, including managing vulnerabilities, responding to incidents, and conducting security tooling within Microsoft-centric and networked environments.

• Certified information systems security professional (CISSP), certified information security manager (CISM), or similar certification in information security.

• A bachelor's degree (preferably in cybersecurity or a related field) and eight years of experience in information security, including experience supporting or leading compliance programs aligned with frameworks such as NIST 800-171, NIST SP 800-53, or CMMC.
• An equivalent combination of advanced education, training, and experience will be considered.

The target base salary for this position is $109,639.00 to $145,271.00 per year. When determining compensation, we analyze and carefully consider several factors, including skill set, experience, location, and job-related qualifications.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact recruitment@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn more about NYSTEC by visiting www.nystec.com.