Cyber Security Analyst

Title: Security Analyst (5+ years of experience)
Location: 1 day a week onsite in Los Angeles, CA (so they must live within an hour (you guys have sent candidates 5+ hours a way, no one will drive that far each way every week so ONLY send candidates who live within 2 hours. Specific location is Beaudry Avenue HQ and Soto Street, Los Angeles, CA 90017

Duration: 12+ months

Interview: Video

• Must send copies of their certifications (they said they will not accept without copies)
• Must share 3 references but need (name, title, company, phone, email, how long they've known them (dates), type of project and size

REQUIRED SKILLS FROM THE JOB BELOW MUST BE ON THE RESUME SO:

• NIST CSF (NIST Cybersecurity Framework)
• Experience with Framework integration with ERM (Enterprise Risk Management), IAM and Cloud Security Controls)
• Ensuring compliance (can be anything like these (HIPAA, COPPA, FERPA, CIIPA, GDPR - not all these they just mean like these)_

Job Description:
REQUIRED QUALIFICATION:

Proposers shall meet each of the minimum qualification requirements at the time of proposal submittal:
Five years of experience performing assessments, alignments, and policy development with the NIST Cybersecurity Framework (CSF) across all departments, systems, and third-party interfaces.
Five years of experience with conducting state assessment, target profile development, Gap analysis and Implementation roadmap with control mappings to various processes. Demonstrated expertise with Framework integration with Enterprise Risk Management (ERM), Identity and Access Management (IAM) and Cloud security controls. Ensure interoperability with compliance (HIPAA, COPPA, FERPA, CIIPA, GDPR, etc.)
Experience in establishing the Metrics and Continuous Monitoring providing dashboard for dashboards for executive visibility (CISO, CIO, board), planning regular maturity assessment and establishing metrics for each CSF function and subcategory.
These requirements may be satisfied with both public sector and commercial experience.
Experience in governance and program design
Experience in NIST CSF framework integration
Experience in technology alignment with NIST CSF
Experience in establishing metrics and executive dashboard creation.
Experience with compliance and audit requirements
Experience with understanding larger systems and their dependencies.
Experience with developing governance framework documents, SOPs and policies.
These requirements apply to the proposer.



Information Required for Submission:
Complete Resume
Copy of Cybersecurity Certifications
Provide a minimum of three (3) references of current and/or past project experiences of the proposed resource as listed in the statement of work (both public sector and commercial references are acceptable). The reference information must include the following information:
1) Project Size
2) Project Scope, including specific services provided
3) Period of Performance
4) Contact information, including name of the organization, contact person, phone number, and email

OTHERS
For the duration of the engagement period, the proposed firm and/or resource are expected to bring their own laptop computer equipped with appropriate tools such as Microsoft Word, Excel, SharePoint, etc.


SCOPE OF SERVICES:
Policy Development
Review existing client cybersecurity policies, procedures, standards, risk assessments, and other related compliance documents.
Identify current IT Security policy gaps against NIST CSF 2.0 and assist in developing policies, procedures, standards, and other compliance documents
to address those gaps

NIST Alignment
Meet with key stakeholders.
Define scope, priorities, and resource needs.
Review the 2024 NIST Gap Assessment results.
Revalidate gaps to confirm current state and material changes.
Map all gaps to the appropriate NIST CSF categories and/or NIST 800-53 controls.
Prioritize gaps based on risk, regulatory impact, and operational dependency.
Develop remediation plans, including resource needs, timelines, and responsible parties.

NIST Assessment
Interview key personnel from IT, security, compliance, and business units.
Validate documentation with observed processes and supporting evidence.
Rate each NIST CSF Category/Subcategory using a maturity model (e.g., 1 5 scale: Partial to Adaptive).
Compare 2025 maturity levels to previous years to identify progress or regression.

Maturity Assessment against NIST CSF 2.0
Create and deliver a comprehensive assessment report including:
o Executive summary
o Maturity scorecard
o Identified gaps and risks
o Remediation recommendations and risk prioritization
Present findings in an executive-level briefing.