At Jacobs, we're challenging today to reinvent tomorrow by solving the world's most critical problems for thriving cities, resilient environments, mission-critical outcomes, operational advancement, scientific discovery and cutting-edge manufacturing, turning abstract ideas into realities that transform the world for good.
Your impact
As the US Federal Compliance Analyst, you’ll support operational security activities including assessment and recommendations of security controls within the corporate technology environments supporting our US Federal operations. A primary focus of the Federal Compliance Analyst is auditing and enforcing industry standards and regulations to ensure the organization safeguard assets, ensure accuracy of data, and promote operational efficiency.
The US Federal Compliance analyst will manage IT risks by ensuring IT functions which support business operations are performed in compliance with state and federal laws. The US Federal Cyber Security Compliance tasks include, but not limited to, developing company policies, creating metrics to help track compliance and performing compliance audits.
The current focus for the US Federal Compliance team is supporting the cyber security efforts around the Federal Enclave. Support the System Security Plan (SSP) that provides an overview of the security requirements for the Jacobs Federal Enclave information systems and has the responsibility for management of the Plan of Action and Milestones (POA&M). This includes the controls in place or planned for implementation to provide a level of security appropriate for Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) to be transmitted, processed, or stored (maintained) by the system.
LOCATION Remote in the United States
Technical/Functional Responsibilities
- Mastermind compliance policies and protocols on behalf of the organization
- Develop and implement a US Federal compliance program to ensure the organization operates in accordance with state and federal laws
- Determine compliance metrics and establish a system for tracking them
- Remain up to date on federal and state laws related to the organization and update policies accordingly
- Perform compliance audits to determine whether establish protocols are being followed and where they can be improved
- Maintain up to date written documentation and policies related to the organization's business activities
- Create compliance resource library for staff members to reference when they have questions
- Perform business and technical analysis, consulting, audit, and security assessments focused on cyber security solutions and various information systems (e.g., Database, Applications and Middleware)
- Work with IT Infrastructure and other Cyber Teams to provide solution recommendations based on identified control gaps or deficiencies
- Analyzes data to evaluate effectiveness of controls and determine accuracy of reports, and efficiency and security of operations
- Writes audit reports to document findings and recommendations
Here's what you'll need
- US Citizenship is required
- 5+ years prior experience in risk management or compliance roles
- Must have, or be willing to obtain, a compliance certification
- Must be a strong communicator and capable of expressing oneself clearly both speaking and in writing
- Excellent analytical skills and ability to accurately interpret complex documents and policies
- Understanding of System Security Plan (SSP), Plan of Action and Milestones (POA&M), Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).
- Understanding of IT Controls frameworks/compliance including Sarbanes-Oxley; ISO 2700x; SANS/CIS/CMMC/NIST, etc
- Experience with US Federal information technology and cyber security standards including NIST 800-171
