Build Your Career in Cybersecurity -
YOUR WAY

Job Description

The Security Analyst is responsible for completing and maintaining system security plans (SSP) for new and existing systems. The system security plans are documented in the Governance, Risk, Compliance tool. This requires close coordination with IT project teams, tech leads, business and enterprise security representatives, and product owners, to establish and maintain processes and security controls for systems, and to identify security vulnerabilities and coordinate remediation plans. Security Analysts are assigned resources for DTMB development projects. Security Analysts are typically not assigned resources and are available for consult, if needed, for Commercial off the Shelf (COTS) procurement phase projects. For COTS implementation phase projects, Security Analysts are typically listed resources to navigate SSP/Authority to Operate (ATO) activities with Michigan Cyber Security (MCS) to support security requirements to Go Live.

• Create SSPs via collaboration with MDOT Automation Managers, System Owners, System Security Administrators, and project team for new applications in alignment with the Secure Application Development Life Cycle and Michigan Security Accreditation Process.
• Maintain SSPs for existing applications requiring ATO and those facing software and/or hardware enhancements.
• Collaborate with business representatives to establish system registration.
• Identify security testing and system scanning requirements.
• Perform risk assessments and provide responses for security controls.
• Continuously monitor plans of action and milestones and corrective action plans as they relate to the SSPs in collaboration with the MDOT Enterprise Information Management office.
• Validate respective SSPs to ensure NIST control requirements are met.
• Author recommendations associated with findings on how to improve the customer’s security posture in accordance with SOM Policies, Standards, and Procedures, and NIST (National Institute of Standards and Technology) controls.
• Assist team members and vendors with proper artifact collection to satisfy assessment requirements.
• Coordination of scanning activities/enterprise activities with MCS, tech leads, and business areas.
• Assist with performing system Data Classifications part of the SSP/ATO process.

Required Skills:

• 1+ Years experience in the IT industry analyzing and applying information security principles and practices
• 1+ Years experience reviewing IT systems/applications plus basic knowledge of networking components and various operating systems
• 1+ Years experience analyzing the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4 or 5, and 800-53A Revision 1.
• Experience working independently and in a team environment
• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
• Ability to collaborate on multiple projects/efforts at a given time
• Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change

​

Preferred/Desired Skills:

• CISSP, CISA, PMP and/or Security+ Certification.
• Experience with other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements (2+ Years)
• Experience working with software vendors to implement security controls

NA

About us:

RKON is an ISO27001 and AICPA SOC 2 Type II certified company that specializes in providing IT migration and transformation services for the Mergers and Acquisitions market.  RKON was recently recognized as one of the 100 best places to work in IT, highlighting our competitive advantage of empowering thought leaders and providing cutting-edge solutions for the fast-paced industry of private equity. RKON is looking for ambitious professionals to join our award-winning team. We have a proven track record for finding and developing top talent with people that believe they can achieve something greater. We also pride ourselves on fostering an environment where initiative, creative thinking, and collaboration are encouraged and rewarded—a key reason for the extraordinary level of service we deliver to our customers.

​

RKON does not accept unsolicited resumes from staffing agencies, search firms or any third parties.

​

About the position:

The vCISO – GRC Advisor (Private Equity & Carveout Focus) will play a critical advisory role in assessing and enhancing governance, risk, and compliance (GRC) for entities undergoing private equity carveouts or mergers and acquisitions (M&A). The advisor will be responsible for evaluating the target or newly independent entity’s security posture, identifying GRC gaps, and assisting with the development of tailored roadmaps to address key risks and compliance needs. This role requires a strategic thinker who understands the fast-paced environment of PE-backed entities and can provide actionable recommendations without being directly involved in technical implementation.

• GRC Assessment & Gap Analysis: Conduct comprehensive GRC assessments, including the evaluation of existing policies, procedures, controls, and regulatory requirements (e.g., ISO 27001, NIST CSF, SOC 2).
• Identify areas of risk, regulatory gaps, and weaknesses in security governance.
• Evaluate third-party vendor risks and interdependencies in newly structured entities.
• Roadmap Development: Develop strategic GRC roadmaps that align with the organization’s business goals and private equity timelines.
• Prioritize recommendations to address short-term risks and long-term security objectives.
• Provide actionable steps to help organizations meet key regulatory or compliance milestones.
• Regulatory and Compliance Advisory: Provide expert guidance on compliance frameworks, including NIST, ISO 27001, SOC 2, and emerging privacy regulations.
• Ensure that recommendations reflect PE-backed entities’ scalability needs.
• Support compliance initiatives with documentation, reporting, and audit preparation.
• Board and Stakeholder Reporting: Collaborate with executive leadership, private equity sponsors, and other key stakeholders to communicate risk findings and mitigation plans effectively.
• Prepare executive-level reports summarizing key risks, recommendations, and compliance progress.
• M&A Transition Support: Advise on the security implications of post-merger integration, carveout transitions, or divestitures.
• Identify transitional risks (e.g., access management, data segregation) and provide practical guidance to mitigate them.
• Support operational resilience and business continuity during transitions.
• Third-Party and Vendor Risk: Assess the security posture of critical vendors and service providers, ensuring proper risk management during onboarding and throughout the engagement lifecycle.
• Policy and Framework Development: Assist clients in developing or updating GRC frameworks, policies, and procedures to reflect their newly independent operating model.

Required Technical and Professional Expertise

• 5+ years of experience in GRC, information security, or internal audit roles with a focus on risk assessment and compliance.
• Familiarity with private equity environments, carveouts, or M&A-related GRC challenges.
• Strong knowledge of compliance regulations such as ISO 27001, NIST CSF, SOC 2, and emerging privacy laws (e.g., GDPR, CCPA).
• Proven ability to develop GRC roadmaps and work with cross-functional teams to prioritize and implement recommendations.
• Strong business acumen and the ability to communicate technical risks in business terms.
• Experience engaging with executive leadership and providing board-level presentations.

​

Preferred Technical and Professional Expertise

• Experience supporting PE-backed entities in M&A, carveouts, or other high-pressure transition environments.
• Familiarity with third-party risk management and vendor assessment frameworks.
• Industry-related certifications: CISSP, ISO 27001 Lead Auditor, CISA, CGRC (formerly CAP), or CDPSE.

NA

Role: SW Product Engineer

Location: Austin, Texas

Job Type: Contract

Interview: Phone/Skype

​

Greetings, job seekers!

We are seeking a talented SW Product Engineer to join our team. If you have experience in driver or firmware development and cross-platform software development, this is the role for you!

• Develop cross-platform software for Linux and Windows.
• Work extensively with C/C++ for driver code.
• Upgrade and refactor Emerson SW connection to third-party components.
• Manage packages, installers, and build automation tools.

Skills Needed: #DriverDevelopment #FirmwareDevelopment #LinuxDevelopment #WindowsDevelopment #CProgramming #C++Programming #SoftwareEngineering #CybersecurityVulnerability #BuildAutomation

All your information will be kept confidential according to EEO guidelines.