Cybersecurity Analyst - Commercial Compliance

About Armis

Armis, the cyber exposure management & security company, protects the entire attack surface and manages an organization's cyber risk exposure in real time. In a rapidly evolving, perimeter-less world, Armis ensures that organizations continuously see, protect and manage all critical assets - from the ground to the cloud. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7.

Role Overview

As Armis rapidly scales its operations, we are seeking a motivated Cybersecurity Analyst to join our Governance, Risk and Compliance team and directly support our commercial compliance efforts. This role will be an integral part of maintaining and strengthening our overall security posture. You will focus on the foundational work of security, assisting our team in gathering essential evidence, documenting control implementation across our platforms, and ensuring the smooth operation of our key security processes. You will collaborate closely with various departments and end-users across the company, primarily supporting the vital functions of the Office of the Chief Information Security Officer (OCISO) team.

What you'll do:

• Audit and Assessment Support: Provide direct support for external and internal audit efforts, specifically focusing on frameworks such as SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, and ISO 42001.
• Evidence Management & Monitoring: Execute and document procedures for continuous monitoring and evidence gathering. You will also implement automated solutions, including utilizing AI, to effectively reduce manual efforts associated with repetitive evidence collection tasks, ensuring security artifacts are accurately captured and readily available.
• Policy and Documentation: Review, edit and update internal security policies, standards and procedures to ensure they accurately reflect current operational controls and compliance requirements.
• Vendor and Supply Chain Risk Management (SCRM): Assist in the supply chain risk management program by tracking vendor compliance documentation, reviewing vendor security posture, and maintaining the vendor risk register.
• Risk and Sales Support: Participate in internal security audits and support the business development team by completing security questionnaires for Requests for Proposal (RFP), ensuring accurate and compliant representation of our controls.

What we expect:

• 5+ years of experience in a security, IT audit, GRC or related technical field.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent professional experience will be considered in lieu of a degree.
• Maintain industry certifications such as CompTIA Security+ and work toward advanced certifications such as (ISC)² CISSP.
• Foundational understanding of diverse regulatory environments and major security frameworks and compliance standards (e.g., ISO, SOC, HIPAA, SOX, NIST, FedRAMP, GovRAMP, DoD IL 5/6 PCI DSS).
• Foundational understanding of enterprise IT and OT/ICS environments, including network protocols, operating systems, cloud platforms and security technologies.