Senior Analyst, Cybersecurity Compliance

Description

The Role:
The Cybersecurity Compliance - Information Lifecycle Management (ILM), Export & Business Continuity Planning (BCP) Senior Analyst supports the Governance, Risk & Compliance (GRC) organization by providing enterprise oversight of ILM, Export Controls, and BCP across IT and Cybersecurity. This role is accountable for designing, operating, and sustaining ILM, Export, and BCP control frameworks, translating corporate policy and regulatory requirements into clear, actionable controls, processes, and metrics.

The position monitors compliance dashboards, attestations, and formal reporting; proactively identifies control gaps and emerging risks; and drives remediation in partnership with Legal, ILM Coordinators, Export Compliance Officer (ECO)/Sub-ECOs, application owners, BCP teams, and Cybersecurity functions. The role also integrates ILM, Export, and BCP control posture, risk, and trends across the NIST Cybersecurity Framework (NIST CSF) for broad cyber and regulatory risk reporting to leadership, supporting risk-informed, compliance-focused decisions.

What You'll Do:

Compliance Oversight & Risk Management

• Implement and maintain a comprehensive cybersecurity compliance program for ILM, Export, and BCP that is aligned to the NIST Cybersecurity Framework (NIST CSF), using its Functions, Categories, and Subcategories to structure policies, controls, assessments, and reporting, while also meeting applicable regulatory and industry standards.
• Conduct regular compliance assessments of ILM, Export, and BCP controls, evaluating inherent and residual risk across these domains.
• Analyze and prioritize identified issues based on compliance impact and likelihood; recommend risk treatment strategies and control enhancements.
• Monitor and track mitigation activities to closure, assessing impacts to residual compliance risk and recommending adjustments to the unified control set.

• Design, operate, and continuously improve the ILM control framework, ensuring alignment with corporate ILM policy, data classification standards, retention schedules, and privacy requirements.
• Define and document control requirements for data creation, classification, retention, archival, and destruction across key systems and repositories.
• Establish and manage ILM attestation processes with ILM Coordinators, application owners, and business stakeholders to confirm control design and operating effectiveness.
• Partner with Legal, Privacy, and Records Management to ensure ILM controls support litigation hold, regulatory, and privacy obligations.

• Translate Export Control policy and regulatory obligations into practical, testable controls across IT and Cyber environments.
• Partner with the ECO/Sub-ECO network to define, document, and operationalize Export controls (e.g., access restrictions, system configuration, logging/monitoring).
• Monitor compliance with Export requirements through dashboards, attestations, exception reviews, and periodic control testing.
• Support investigations, issues management, and remediation for Export-related control deficiencies and incidents.

• Integrate BCP and resilience requirements into cybersecurity controls and standards, ensuring critical cyber and IT services can withstand and recover from disruptive events.
• Collaborate with enterprise BCP and Crisis Management teams to align BCP plans, recovery strategies, and technical controls (e.g., backup, recovery, failover).
• Support exercises, simulations, and post-event reviews to validate the effectiveness of BCP-related cyber controls and drive continuous improvement.

• Develop clear, concise compliance and risk reports on ILM, Export, and BCP for senior leadership, risk committees, and other stakeholders.
• Build and maintain dashboards and metrics (e.g., control coverage, testing results, exceptions, attestations, remediation progress) to demonstrate posture and trends.
• Translate technical compliance and control findings into plain-language, decision-ready insights for non-technical stakeholders, emphasizing business and regulatory impact.

• Manage Cybersecurity's GRC platform (e.g., ServiceNow IRM) for ILM, Export, and BCP use cases, including issues, controls, tests, and attestations.
• Support configuration and enhancement of modules to enable standardized workflows, evidence collection, and reporting for ILM, Export, and BCP.
• Collaborate with Cybersecurity and IT teams to populate and maintain high-quality risk and compliance data for these domains.
• Design and implement data integration strategies to consolidate control, issue, and risk information from multiple sources into unified dashboards and reports.

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Information Technology, Risk Management, or a related field.
• Minimum 7 years of experience in cybersecurity, GRC, risk management, audit, or related compliance roles, preferably in a large, global organization.
• Demonstrated experience with cybersecurity risk and compliance frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, CIS) and enterprise risk/compliance frameworks (e.g., FAIR, ERM, COSO).
• Familiarity with legal and regulatory requirements impacting cybersecurity, data, and export controls (e.g., SOX, PCI-DSS, GDPR, CCPA, export regulations, records/retention requirements).
• Understanding of incident response, vulnerability management, and business continuity processes and how they intersect with compliance obligations.
• Experience managing or supporting GRC software tools and platforms (preferably ServiceNow IRM), including workflows, control libraries, and reporting.
• Excellent communication, presentation, and interpersonal skills; able to translate technical compliance topics into concise, executive-ready messages.
• Proven ability to manage multiple complex initiatives, prioritize effectively, and work both independently and collaboratively in a matrixed environment.

• Advanced degree in Cybersecurity, Information Systems, Risk Management, or a related field.
• Knowledge of enterprise ILM frameworks and practices, including familiarity with models such as the SNIA ILM Maturity Model and tools such as ServiceNow Lifecycle Management.
• Knowledge of BCP models and best practices, including familiarity with frameworks such as ISO 22301, NIST SP 800-34, and COBIT DSS04.
• Understanding of EAR, ITAR, the U.S. Consolidated Screening List (CSL), and other export control regulations, including requirements for managing controlled technologies, safeguarding sensitive data, and supporting export control compliance activities.
• Demonstrated experience in IT control auditing and assurance, including testing internal controls and supporting audits aligned with NIST, ISO 27001, SOX, or similar standards.
• Professional certifications such as CGRC, CRISC, CISA, CISM, CISSP, or PMP.
• Experience implementing or maturing ILM, Export Controls, or BCP programs within a regulated, global enterprise.
• Experience working with globally distributed teams and cross-functional stakeholders (e.g., Legal, Privacy, Records, BCP, IT, and Cybersecurity).