Cybersecurity Analyst - Commercial Compliance

As Armis rapidly scales its operations, we are seeking a motivated Cybersecurity Analyst to join our Governance, Risk and Compliance team and directly support our commercial compliance efforts. This role will be an integral part of maintaining and strengthening our overall security posture. You will focus on the foundational work of security, assisting our team in gathering essential evidence, documenting control implementation across our platforms, and ensuring the smooth operation of our key security processes.

You will collaborate closely with various departments and end-users across the company, primarily supporting the vital functions of the Office of the Chief Information Security Officer (OCISO) team.

What you'll do:

• Audit and Assessment Support: Provide direct support for external and internal audit efforts, specifically focusing on frameworks such as SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, and ISO 42001.
• Evidence Management & Monitoring: Execute and document procedures for continuous monitoring and evidence gathering. You will also implement automated solutions, including utilizing AI, to effectively reduce manual efforts associated with repetitive evidence collection tasks, ensuring security artifacts are accurately captured and readily available.
• Policy and Documentation: Review, edit and update internal security policies, standards and procedures to ensure they accurately reflect current operational controls and compliance requirements.
• Vendor and Supply Chain Risk Management (SCRM): Assist in the supply chain risk management program by tracking vendor compliance documentation, reviewing vendor security posture, and maintaining the vendor risk register.
• Risk and Sales Support: Participate in internal security audits and support the business development team by completing security questionnaires for Requests for Proposal (RFP), ensuring accurate and compliant representation of our controls.

What we expect

• 5+ years of experience in a security, IT audit, GRC or related technical field.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent professional experience will be considered in lieu of a degree.
• Maintain industry certifications such as CompTIA Security+ and work toward advanced certifications such as (ISC)² CISSP.
• Foundational understanding of diverse regulatory environments and major security frameworks and compliance standards (e.g., ISO, SOC, HIPAA, SOX, NIST, FedRAMP, GovRAMP, DoD IL 5/6 PCI DSS).
• Foundational understanding of enterprise IT and OT/ICS environments, including network protocols, operating systems, cloud platforms and security technologies.
• Foundational understanding of core cloud technologies, particularly security concepts and services within AWS and GCP.
• Strong organizational skills, exceptional attention to detail, and the ability to manage documentation effectively.
• Excellent written communication skills, with experience reviewing and editing formal technical documents and policies.

Preferred Skills

• Prior experience in directly supporting security audits for the frameworks noted above.
• Familiarity with the FedRAMP authorization process and compliance requirements.
• Detailed understanding of core security concepts, including data encryption, logical access controls, and boundary security mechanisms.
• Working experience with Linux operating systems.
• Experience supporting security or compliance efforts in AWS and GCP cloud environments.
• Experience working with a global team where the majority of team members are remote.
• Experience working with task planning tools like JIRA and Asana.
• Experience managing content throughout its lifecycle in the Microsoft Office 365 and Google Workspace ecosystems.
• Experience using GRC automation and evidence management platforms such as Anecdotes, Drata, or similar tools to streamline compliance processes and maintain continuous monitoring.