Cybersecurity Analyst, IT Operations

WHO WE ARE:

At Fors Marsh , we take on issues that matter. We are a team of researchers, strategists, and communicators working together to drive lasting change. We look at human behavior from all angles with a deep understanding of people and context to design solutions that influence decision-making and move people to action. Our work promotes health and well-being, shapes resilient communities, and builds effective and accountable institutions. We are a certified B Corporation and a Top Workplace for 7 consecutive years.

WHO WE ARE LOOKING FOR:

We are seeking a detail-oriented Cybersecurity Analyst with hands-on experience in enterprise security operations and a strong understanding of federal compliance frameworks such as NIST SP 800-171, NIST SP 800-53, and CMMC. The ideal candidate has experience securing primarily Windows-based environments, with some exposure to Linux systems, managing vulnerabilities, and responding to security incidents, while also demonstrating a solid grasp of data classification and the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). This individual should be comfortable working in regulated environments where sensitive data is restricted to secure systems, supporting audits, maintaining compliance documentation, and collaborating across IT and business teams. Strong analytical skills, clear communication, and a proactive, accountable approach to safeguarding sensitive data are essential for success in this role. Responsibilities include: •Support the implementation, monitoring, and enforcement of security controls aligned with NIST SP 800-171, NIST SP 800-53, and CMMC Level 2 requirements •Monitor security events and alerts across enterprise systems (e.g., SIEM, endpoint detection, network devices) and perform incident triage, investigation, and response •Assist in maintaining and securing Windows-based enterprise environments, including Active Directory, servers, and endpoints •Conduct vulnerability scanning and remediation tracking, including prioritization of findings based on risk and compliance impact •Support the protection, processing, and storage of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) in accordance with company policy and contractual requirements •Support and enforce organizational data classification policies, including identification, labeling, and handling of FCI, CUI, and other sensitive data types •Ensure appropriate access controls, data handling procedures, and system protections are applied based on data classification levels •Collaborate with IT and business teams to ensure systems and workflows properly segregate and protect sensitive data in secure environments •Assist in monitoring and validating that CUI is restricted to authorized systems and not stored on end-user devices outside approved environments •Participate in internal and external security