We are seeking a seasoned cybersecurity professional with 5 to 7 years of progressive experience, specializing in deep Governance, Risk, and Compliance (GRC) and robust network security operations. In this role, you will lead initiatives to enhance our cybersecurity framework, drive compliance with industry regulations, and fortify our network defenses against emerging threats. Your expertise will be crucial in aligning security strategies with business objectives and ensuring that our operations meet the highest standards of regulatory and industry best practices.

The Cybersecurity Practitioner is a key player in ensuring the compliance and security of our organizational systems and data, with a specialized focus on Governance, Risk, and Compliance (GRC) as well as network security. In this role, you will collaborate closely with both operational and technology teams to design, implement, and refine compliance frameworks—including those required for government contractors—and to establish robust network security protocols.

Your responsibilities include detecting and swiftly responding to security incidents, leveraging cross-team collaboration to implement effective remediation measures. You will proactively monitor emerging threats, utilizing deep technical expertise to provide actionable intelligence that mitigates risks before they impact the organization. In addition, you will assess, prioritize, and address vulnerabilities, ensuring that security initiatives align with both business objectives and regulatory requirements.A significant part of your role involves conducting thorough audits and assessments to enforce compliance and to map cyber risk processes. You will work with partners to develop mitigation strategies, conduct vendor risk assessments, and ensure that all cybersecurity practices adhere to industry standards. Your efforts in creating detailed reports, guiding policy development, and fostering a culture of cybersecurity awareness are vital to maintaining a proactive stance on risk management.

As a self-motivated and detail-oriented cybersecurity expert, you will be a collaborative member of our team, driving design and build-out requirements that deliver best-in-class threat and vulnerability protection across all company assets, employees, and intellectual property.

The person in this position must have a keen attention to detail and be able to comprehend leadership objectives and have the direction to drive requirements for design and build out.

This position is primarily an in-person role based out of one of the corporate offices located in Alaska or Arizona. 

ESSENTIAL DUTIES AND RESPONSIBILITIES (and other duties as assigned)

• Governance, Risk, and Compliance (GRC):
  • Develop, maintain, and refine comprehensive compliance frameworks including System Security Plans (SSP), Technology Control Plans (TCP), and Plans of Action and Milestones (POAM).
  • Ensure adherence to federal and industry regulations such as NIST 800-171, CMMC, DFARS, and other relevant standards.
  • Lead regular audits, assessments, and risk evaluations to map cybersecurity risks and develop actionable remediation strategies.
• Network Security:
  • Oversee network security operations including proactive monitoring, log analysis, and threat detection to identify and mitigate vulnerabilities.
  • Manage incident response efforts, conduct detailed investigations into security breaches, and implement effective remediation measures to prevent recurrence.
  • Stay ahead of emerging cyber threats by continuously evaluating network security tools and technologies, and recommending improvements to existing systems.
• Collaboration & Reporting:
  • Collaborate with IT and business partners to assess risk exposures, define security requirements, and align cybersecurity strategies with organizational goals.
  • Prepare detailed reports and dashboards for senior management, providing insights into risk posture, compliance status, and recommendations for enhancement.
  • Facilitate the development, adoption, and enforcement of cybersecurity policies and procedures, ensuring company-wide adherence and awareness.
• Vendor & Third-Party Risk Management:
  • Conduct comprehensive vendor risk assessments to evaluate the security practices of third-party partners and ensure their alignment with our cybersecurity standards.

LEADERSHIP COMPETENCY REQUIREMENTS FOR INDIVIDUAL CONTRIBUTOR LEVEL

ASRC’s Core competencies include Leading Self, Leading People, and Leading the Organization. In addition to our core competency model, our framework includes competencies specific to the various levels of positions within our company. For more information on our core competencies, please contact the HR Department and reference the ASRC Leadership Framework.

Customer Focus

• Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.

Drive for Results

• Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results.  

Problem Solving

• Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers.

Time Management

• Uses time effectively and efficiently, concentrating his/her efforts on the more important priorities.

EXPERIENCE, SKILLS and/or EDUCATION

• Experience:
  • 5 to 7 years of professional experience in cybersecurity with a strong focus on GRC and network security operations.
•  Technical Skills:
  • Demonstrated expertise in developing and managing cybersecurity compliance frameworks and conducting thorough risk assessments.
  • Proficient in network security monitoring, threat intelligence, incident response, and vulnerability management.Proficiency in monitoring security logs, alerts, events, and data to detect potential security incidents or anomalies.
  • Solid understanding of industry standards and regulatory requirements including NIST, CMMC, DFARS, among others.
  • Strong analytical and problem-solving skills to use data analytics to drive decisions and discussions with management.
  • Ability to conduct investigations into security breaches, identify root causes, and implement effective remediation actions.
  • Knowledge of emerging cyber threats and vulnerabilities, and the ability to provide proactive threat intelligence to mitigate risks.
  • Understanding of cybersecurity policies, standards, and regulatory requirements, and the ability to ensure organizational compliance through audits and assessments.
  • Proficiency in conducting comprehensive risk assessments, including exception risk assessments and vendor risk assessments.
  • Exposure to different Information security functions, governance, policies, applications, security threat intelligence, security awareness/training, vulnerability management, risk management.
  • Proficiency in the overall Microsoft 365 suite of products
•  Certifications:
  • Professional certifications such as CISSP, CEH, CCTIP, GCIH, CTIA, CISA, PCI, CISM, CCNA or equivalent are highly preferred.
• Soft Skills:
  • Excellent analytical, problem-solving, and communication skills with the ability to present complex security concepts to diverse audiences.
  • Proven ability to work collaboratively across teams and manage multiple projects in a fast-paced environment.
• Education:
  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience). 

WORK ENVIRONMENT

This role is based in a dynamic, in-person office environment located in Alaska or Arizona. Occasional travel may be required to support incident response, audits, and cross-team collaborations.

 If you are an experienced cybersecurity expert with a passion for fortifying network infrastructures and driving compliance through robust GRC frameworks, we encourage you to join our team. Your contribution will be pivotal in maintaining our industry leadership and safeguarding our organizational assets against evolving cyber threats.

NOTE:  This document does not create an employment contract, implied or otherwise. The statements contained herein are intended to describe the principal functions of this position, the level of knowledge and skill typically required, and the scope of responsibilities, but should not be considered an all-inclusive listing of work requirements.

ASRC is a drug free workplace and pre-employment drug testing is part of the hiring process.

ASRC and its family of companies are Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, national origin, religion, disability, protected veteran status or any other legal protected status. EOE: M|F|D|V Know Your Rights: Workplace Discrimination is Illegal

Arctic Slope Regional Corporation, an Inupiat-owned corporation created as a result of the Alaska Native Claims Settlement Act.

ASRC's family of companies apply a shareholder preference in employment, to the maximum extent feasible, as authorized by law.