Request a Demo

Cybersecurity Compliance Analyst – In Office (Houston, TX)

Click Here to Apply

Summary |

The Cybersecurity Compliance Analyst is responsible for maintaining and enhancing the organization’s StateRAMP Continuous Compliance Program. This person has day-to-day responsibility for executing and maintaining all CCP, change management, patching, and incident response processes, including ensuring that all documentation, meeting minutes, and other compliance deliverables are kept accurate, up to date, and current.

The ideal candidate must be excellent at documentation, organization, and follow-through, ensuring that compliance activities are executed with precision and consistency. The analyst will play a central role in gathering and maintaining compliance documentation, monitoring vulnerabilities, and driving accountability across IT and engineering teams to meet defined Service Level Agreements (SLAs) for security remediation.

This position requires a proactive “Champion of Change” who thrives on collaboration, precision, and continuous improvement in compliance posture.

Key Responsibilities |

  • Continuous Compliance Operations
    • Manage daily and monthly compliance activities to ensure continuous alignment with StateRAMP and NIST 800-53 frameworks.
    • Collect, validate, and maintain all evidence and documentation required for audits and assessments.
    • Coordinate with internal and external auditors during annual and continuous monitoring reviews.
  • Governance, Risk, & Compliance (GRC) Management
    • Operate within the organization’s GRC platform to maintain real-time visibility of compliance controls and risks.
    • Aggregate and analyze vulnerability data (CVEs) from various scanning tools (e.g., Nessus, Qualys, Azure Defender) into a unified monthly report.
  • Change, Patch & Incident Management 
    • Administer and continuously improve the Change Management, Patch Management, and Incident Management programs.
    • Track and enforce patching, CVE remediation, and configuration changes in accordance with defined SLAs.
    • Escalate SLA violations directly to the CISO, with the full backing of the CIO and CTO for enforcement actions.
    • Partner with engineering, network, and application teams to ensure timely resolution of findings and ongoing compliance.
  • Cybersecurity Awareness & Training
    • Support and help enforce the Cybersecurity Awareness Program.
    • Provide input into awareness campaigns, training metrics, and compliance participation tracking.
    • Act as a culture advocate to promote security-first behaviors across the organization.
  • Continuous Improvement 
    • Identify process gaps and propose improvements to strengthen the compliance lifecycle.
    • Support automation of evidence collection, patch validation, and compliance reporting through GRC integrations and scripts.
    • Contribute to the maturity roadmap for continuous monitoring and compliance automation.

Required Qualifications |

  • ITIL Certification (v3 or v4) — required.
  • Bachelor’s degree in Information Technology, Cybersecurity, or related field, or equivalent experience.
  • 3+ years of experience in cybersecurity governance, compliance, or risk management.
  • Working knowledge of StateRAMPFedRAMP, or NIST SP 800-53 control frameworks.
  • Strong understanding of changepatch, and incident management best practices.
  • Experience using GRC tools (e.g., Archer, ServiceNow, Microsoft Compliance Manager, or similar).
  • Demonstrated ability to analyze CVEs, manage vulnerability data, and track remediation activities.

Preferred Qualifications | 

  • Certifications such as Security+, CAP, CISA, or CISSP.
  • Experience with Azure, Microsoft Purview, or other cloud compliance solutions.
  • Familiarity with automated compliance reporting and dashboarding tools.
  • Excellent communication, collaboration, and influence skills to drive accountability.
data base administrator

Attributes |

  • Champion of Change: Motivates others to adopt and maintain a compliance-first mindset.
  • Detail-Oriented: Diligent in documentation, reporting, and control evidence accuracy.
  • Accountability-Driven: Holds cross-functional teams responsible for SLA adherence.
  • Collaborative: Works effectively with software, network, and infrastructure teams.
  • Analytical: Able to synthesize vulnerability and compliance data into actionable insights.
  • Organized & Reliable: Demonstrates exceptional follow-through on deliverables and commitments.

Reporting & Structure | 

  • Reports to: CISO
  • Supports: CIO and CTO on escalations and compliance initiatives.
  • Authority: Empowered to hold engineering, network, and infrastructure teams accountable to patching, CVE remediation, and compliance SLAs.

Ready to Join the Team?

Be part of a team that is passionate about making a positive impact on the construction industry. If you are a highly motivated and results-oriented, we encourage you to apply!

Click Here to Apply