Security Analyst

Job Title: IT Business Analyst III/IV (Compliance & Controls Analyst)

Location: Frisco, TX or Overland Park, KS (Hybrid – onsite 3 days per week)

Duration: 1-year contract with potential for extension or conversion

Start Date: December

Key Responsibilities

• Perform IT General Controls (ITGC) testing across applications, databases, and servers (PCI, USGCI, CMMC, NIST 800-171).
• Lead walkthroughs with control owners, assess evidence, and identify control gaps.
• Manage and track control inventory and dependencies using ServiceNow CMDB.
• Support internal and external audits across multiple regulatory frameworks (USGCI, PCI, HIPAA, NSA, GBLA, COPA).
• Oversee controls across 10–12 applications per analyst and contribute to readiness testing for 180+ applications.
• Document compliance findings and communicate results effectively with technical and non-technical stakeholders.

Required Qualifications

• 5–7+ years of experience in IT audit, risk, or compliance, with strong knowledge of NIST 800-171.
• Hands-on understanding of IT environments (applications, databases, servers) from a controls perspective.
• Practical experience with CMMC compliance and/or readiness assessments.
• Exposure to ServiceNow CMDB or similar GRC tools.
• Excellent written and verbal communication skills; strong stakeholder management abilities.
• Highly organized, self-motivated, and capable of handling multiple concurrent projects.

Preferred Qualifications

• Active certifications: CISA, CCA, or CCP.
• Experience supporting USGCI, PCI, or other government compliance initiatives.
• Familiarity with Steven Covey’s “Speed of Trust” principles or similar leadership frameworks.
• Prior experience in telecommunications, government contracting, or regulated enterprise environments.