Sr. Cybersecurity Audit Analyst

Overview

The Senior Cybersecurity Audit Analyst is responsible for coordinating and supporting external cybersecurity audits and continuous compliance assessment programs across hybrid enterprise on-premises and cloud environments. This role includes providing assurance with SOC 2, ISO/IEC 27001, FedRAMP, and CMMC compliance, combining traditional audit coordination with ongoing control monitoring and compliance program execution. The role requires strong program management and organizational skills to manage multiple concurrent audits, remediation tracking, continuous monitoring and improvement activities, and internal and external stakeholder communications.

• Coordinate end-to-end external third-party cybersecurity audits, including scoping, readiness planning, timelines, and evidence coordination.
• Serve as the primary point of contact between external auditors, assessors, and internal stakeholders.
• Manage evidence requests, walkthroughs, interviews, and follow-up inquiries.
• Ensure audit evidence is complete, accurate, well-organized, and delivered on schedule.
• Coordinate audit close‑out activities and remediation planning.
• Improve and consolidate audit activities to reduce duplication and improve efficiencies.
• Educate and communicate the importance of external third‑party audits to key internal and external stakeholders, including executive management.

• Establish and maintain continuous compliance and recurring assessment programs between formal audits.
• Track control effectiveness, evidence currency, and remediation activities.
• Support continuous monitoring and evidence automation initiatives.

• Manage multiple concurrent compliance initiatives with competing deadlines.
• Ensure documentation and evidence repositories are inspection‑ready at all times.
• Work with internal key stakeholders to ensure they are meeting their compliance and continuous monitoring objectives.
• Work with business and technical stakeholders to assess the scope of compliance frameworks associated with systems in scope and adapt to changing cybersecurity framework baselines.

• 5+ years of experience, or an equivalent combination of education and work experience, in business, program management, cybersecurity, regulatory compliance, or related field.
• A keen interest in learning and developing skills and understanding in IT, cybersecurity and compliance.
• Strong interpersonal and communication skills to work effectively with IT and business units, including senior leadership; ability to bridge communications between technical IT team members, external stakeholders, and compliance team members.
• Strong attention to detail, organization and structure, communication, and presentation skills including the ability to translate business needs into solutions and build effective working relationships.
• Strong, self‑motivated, and productive team player with ability to thrive in a dynamic, fast‑paced environment.
• U.S. citizenship with ability and willingness to obtain a security clearance.
• Bachelor’s degree in Cybersecurity, business administration, or project management.

• Cybersecurity certifications such as Security+, CISSP, CRISC, and CISA.
• ISO Lead Auditor, Lead Implementor, Cybersecurity Maturity Model Certification (CMMC) Certified Professional or (Lead) Assessor.
• PMP certification.
• Master’s degree in Cybersecurity, business administration, or project management.

Base salary range: $87,360 USD – $150,800 USD. Additional benefits include medical, dental, vision, life insurance, 401(k) and profit‑sharing, 80 hours of vacation, twelve paid holidays, and professional development opportunities.

Esri is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Esri is committed to protecting your privacy and complying with CCPA and GDPR. For more information about our privacy practices, visit our website.