Cybersecurity Compliance Analyst II

At HDR, our employee-owners are fully engaged in creating a welcoming environment where each of us is valued and respected, a place where everyone is empowered to bring their authentic selves and novel ideas to work every day. As we foster a culture of inclusion throughout our company and within our communities, we constantly ask ourselves : What is our impact on the world?

Watch Our Story : ' '

Each and every role throughout our organization makes a difference in our ability to change the world for the better. Read further to learn how you could help make great things possible not only in your community, but around the world.

As a Cybersecurity Compliance Analyst II, you will be a key player in ensuring our organization's cybersecurity and GRC (Governance, Risk, and Compliance) posture aligns with modern industry standards and critical government regulations. This role is crucial for an A / E / C (Architecture, Engineering, and Construction) firm that works with government and commercial clients. You will be responsible for maturing our cybersecurity program, with a specific focus on navigating complex compliance requirements such as the Cybersecurity Maturity Model Certification

(CMMC), Federal Acquisition Regulation (FAR), and Defense Federal Acquisition Regulation Supplement (DFARS). You will operate with a high degree of independence, leading projects, performing detailed assessments, and translating technical and regulatory requirements into actionable business practices.

Responsibilities :

In the role of a Cybersecurity Compliance Analyst II, we'll count on you to :

• Compliance and Frameworks : Support and enhance the company's GRC program by focusing on key government and industry compliance frameworks, including NIST SP 800-171 / 53, CMMC, DFARS, and FAR. Direct experience with SOC 2 and ISO 27001 is a plus.
• Risk and Vulnerability Management : Conduct risk assessments, support the vulnerability management program, and track remediation efforts. Your work will directly support our mission to identify and mitigate cybersecurity risks.
• Audits and Controls : Participate in internal and external security audits, perform control testing, and review security policies and procedures. You'll ensure our documentation is accurate and our practices align with applicable standards.
• Incident Response : Assist with the coordination of incident response activities, investigate security-related incidents, and recommend remediation steps to improve our security posture.
• Solution Implementation : Under the guidance of senior staff, you will help design and implement new security solutions. You'll perform technology implementation tasks with limited oversight, demonstrating your ability to execute projects from start to finish.
• Security Development and Strategies : Assist with the design and implementation of new security solutions under the direction of senior team members.
• Documentation and Reporting : Maintain up-to-date documentation for our GRC program, including policies, procedures, and reports for management. You will translate complex technical and regulatory requirements into clear, actionable business practices.
• Technology Implementation : Conduct technology implementation tasks with limited review required by higher-level technical / managerial staff.

Preferred Qualifications :

#LI-KV1

Required Qualifications

What We Believe

HDR is our company. Together, we build on each other's life experiences and perspectives to make great things possible every day. This shapes our collaborative culture, encourages organizational trust and connects us closer to the clients and communities we serve.

Our Commitment

As employee owners, we all have a role in creating an inclusive environment where each of us is welcomed, valued, respected and empowered to bring our authentic selves to work every day.

Our eight Employee Network Groups (Asian Pacific, Black, Hispanic / Latino(a), LGBTQ+, People with Disabilities, Veterans, Women, Young Professionals) help create a sense of belonging and foster a supportive environment where everyone is empowered to engage and contribute. Each group has an executive sponsor and is open to all employees.

Primary Location : United States-Massachusetts-Boston Industry : IT Schedule : Full-time Employee Status : Regular BusinessClass : Marketing and Admin Job Posting : Sep 25, 2025