Revel IT

Position Summary

The Cybersecurity Compliance Analyst is responsible for maintaining and enhancing the organization’s StateRAMP Continuous Compliance Program. This person has day-to-day responsibility for executing and maintaining all CCP, change management, patching, and incident response processes, including ensuring that all documentation, meeting minutes, and other compliance deliverables are kept accurate, up to date, and current.

The ideal candidate must be excellent at documentation, organization, and follow-through, ensuring that compliance activities are executed with precision and consistency. The analyst will play a central role in gathering and maintaining compliance documentation, monitoring vulnerabilities, and driving accountability across IT and engineering teams to meet defined Service Level Agreements (SLAs) for security remediation.

This position requires a proactive “Champion of Change” who thrives on collaboration, precision, and continuous improvement in compliance posture.

Key Responsibilities

1. Continuous Compliance Operations

• Manage daily and monthly compliance activities to ensure continuous alignment with StateRAMP and NIST 800-53 frameworks.
• Collect, validate, and maintain all evidence and documentation required for audits and assessments.
• Coordinate with internal and external auditors during annual and continuous monitoring reviews.

2. Governance, Risk & Compliance (GRC) Management

• Operate within the organization’s GRC platform to maintain real-time visibility of compliance controls and risks.
• Aggregate and analyze vulnerability data (CVEs) from various scanning tools (e.g., Nessus, Qualys, Azure Defender) into a unified monthly report.
• Ensure vulnerability reports are updated daily or in real time within the GRC tool.

3. Change, Patch & Incident Management

• Administer and continuously improve the Change Management, Patch Management, and Incident Management programs.
• Track and enforce patching, CVE remediation, and configuration changes in accordance with defined SLAs.
• Escalate SLA violations directly to the CISO, with the full backing of the CIO and CTO for enforcement actions.
• Partner with engineering, network, and application teams to ensure timely resolution of findings and ongoing compliance.

4. Cybersecurity Awareness & Training

• Support and help enforce the Cybersecurity Awareness Program.
• Provide input into awareness campaigns, training metrics, and compliance participation tracking.
• Act as a culture advocate to promote security-first behaviors across the organization.

5. Continuous Improvement

• Identify process gaps and propose improvements to strengthen the compliance lifecycle.
• Support automation of evidence collection, patch validation, and compliance reporting through GRC integrations and scripts.
• Contribute to the maturity roadmap for continuous monitoring and compliance automation.

Qualifications

Required

• ITIL Certification (v3 or v4) — required.
• Bachelor’s degree in Information Technology, Cybersecurity, or related field, or equivalent experience.
• 3+ years of experience in cybersecurity governance, compliance, or risk management.
• Working knowledge of StateRAMP, FedRAMP, or NIST SP 800-53 control frameworks.
• Strong understanding of change, patch, and incident management best practices.
• Experience using GRC tools (e.g., Archer, ServiceNow, Microsoft Compliance Manager, or similar).
• Demonstrated ability to analyze CVEs, manage vulnerability data, and track remediation activities.

Preferred

• Certifications such as Security+, CAP, CISA, or CISSP.
• Experience with Azure, Microsoft Purview, or other cloud compliance solutions.
• Familiarity with automated compliance reporting and dashboarding tools.
• Excellent communication, collaboration, and influence skills to drive accountability.

Attributes

• Champion of Change: Motivates others to adopt and maintain a compliance-first mindset.
• Detail-Oriented: Diligent in documentation, reporting, and control evidence accuracy.
• Accountability-Driven: Holds cross-functional teams responsible for SLA adherence.
• Collaborative: Works effectively with software, network, and infrastructure teams.
• Analytical: Able to synthesize vulnerability and compliance data into actionable insights.
• Organized & Reliable: Demonstrates exceptional follow-through on deliverables and commitments.

Reporting Structure & Authority

• Reports to: CISO
• Supports: CIO and CTO on escalations and compliance initiatives.
• Authority: Empowered to hold engineering, network, and infrastructure teams accountable to patching, CVE remediation, and compliance SLAs.

Job Type: Full-time

Pay: $80,000.00 - $100,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Vision insurance

Work Location: In person