Mission Critical Group (MCG) is an end-to-end power solutions and services provider that accelerates time-to-power and delivers scalable, resilient infrastructure for mission critical environments. By integrating engineering, manufacturing, modular deployment, and lifecycle services under one platform, we streamline execution and bring complex projects online faster - without compromising performance. With more than 1.5 million square feet of U.S. manufacturing capacity, MCG supports data centers, power generation, healthcare, oil & gas, pharmaceuticals, semiconductors, and industrial facilities where uptime is non-negotiable. Mission Critical Group designs, manufactures and provides value-added services for customers requiring critical power solutions. Powering a new electric world for a brighter, more secure future.

Position Summary

The IT Security & Compliance Analyst is responsible for supporting the organization's cybersecurity program, regulatory compliance initiatives, risk management activities, and security governance processes. This role helps protect company information systems and data by monitoring security controls, assessing risks, ensuring compliance with industry standards, and supporting audits and remediation efforts.

The ideal candidate combines technical security knowledge with a strong understanding of compliance frameworks, policies, and risk management practices.

Key Responsibilities

Security Operations

• Monitor security alerts, vulnerabilities, and incidents across enterprise systems.
• Assist in investigating and responding to cybersecurity events and security breaches.
• Support vulnerability management programs, including scanning, assessment, remediation tracking, and reporting.
• Review security logs and reports to identify potential threats or compliance gaps.
• Participate in security awareness and training initiatives.

Compliance & Governance

• Maintain compliance with regulatory and industry standards such as:
  • NIST Cybersecurity Framework (CSF)
  • NIST 800-53
  • ISO 27001
  • SOC 2
  • CIS Controls
  • HIPAA (if applicable)
  • PCI-DSS (if applicable)
  • CMMC (if applicable)
• Assist with internal and external audits.
• Develop, review, and maintain security policies, standards, procedures, and documentation.
• Track compliance requirements and remediation activities.
• Support third-party risk management and vendor security assessments.

Risk Management

• Conduct security risk assessments and document findings.
• Evaluate security controls and recommend improvements.
• Assist business units in identifying and mitigating cybersecurity risks.
• Maintain risk registers and track remediation plans.

Reporting & Documentation

• Prepare security and compliance reports for management and stakeholders.
• Document audit evidence and compliance artifacts.
• Maintain accurate records of security incidents, risk assessments, and compliance activities.
• Develop metrics and dashboards to measure security program effectiveness.

Collaboration

• Work closely with IT, infrastructure, application, and business teams to implement security controls.
• Support project teams by providing security and compliance guidance.
• Participate in change management and system implementation reviews.

Required Qualifications

• Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Computer Science, or related field.
• 3–5 years of experience in information security, IT compliance, risk management, or related roles.
• Knowledge of cybersecurity principles, security technologies, and regulatory requirements.
• Experience supporting audits and compliance assessments.
• Familiarity with security tools such as:
  • SIEM platforms
  • Vulnerability management tools
  • Endpoint security solutions
  • Identity and Access Management (IAM) systems
• Strong analytical, problem-solving, and documentation skills.
• Excellent written and verbal communication skills.

Preferred Qualifications

• Professional certifications such as:
  • CompTIA Security+
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Ethical Hacker (CEH)
• Experience with cloud security platforms (Microsoft Azure, AWS, Google Cloud).
• Experience with governance, risk, and compliance (GRC) tools.
• Knowledge of industrial, utility, or critical infrastructure environments.

Key Competencies

• Cybersecurity Risk Assessment
• Regulatory Compliance
• Security Governance
• Audit Support
• Incident Response
• Vulnerability Management
• Policy Development
• Vendor Risk Management
• Security Awareness Training
• Technical Documentation
• Communication and Stakeholder Management

A Note to our Recruitment Partners: We really appreciate the interest, but MCG currently manages hiring through our internal team. We love getting to know our candidates directly! Because of this, we don’t accept unsolicited resumes from agencies at this time. If we ever need an extra hand, we’ll be sure to reach out to the community. Thanks for understanding!

MCG is an equal opportunity employer prohibiting discrimination based on race, color, creed, religion, sex, marital status, physical or mental disability, and any other protected classes stated by applicable federal and state laws. DVM is committed to providing equal employment opportunities to qualified individuals with disabilities and to act in accordance with regulations and guidance issued by the Equal Employment Opportunity Commission (EEOC).