This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description BARR is seeking a part-time contractor to join as the Lead CMMC Certified Assessor (CCA) for our growing CMMC service line. This role offers a unique opportunity to be involved from the outset of our journey towards becoming a C3PAO, with anticipated engagement work starting in 2026. Pending business needs, there's potential for this position to transition to full-time. - Lead and oversee dedicated Assessment Teams for CMMC Level 2 certification assessments on behalf of the C3PAO. - Act as the primary liaison with organizations seeking certification (OSCs), ensuring all assessment activities adhere to CMMC-AB and CAICO requirements. - Ensure assessment integrity and consistency by providing leadership, oversight, and quality assurance across multiple assessment engagements. - Verify adherence to CMMC methodology, guiding Assessment Teams in scoping, evidence collection, and scoring procedures. - Coordinate with CAICO and stakeholders to meet formal designation requirements, submit documentation, and maintain compliance with CMMC assessment protocols. - Utilize industry expertise to train CCAs and other CMMC team members. - Assist the CMMC leadership team in scoping validation, engagement pricing, and resource management. - Provide regular updates to the BARR CMMC Leadership team on engagement status. Qualifications - Lead CMMC Certified Assessor (LCCA) designation by the CyberAB. - United States citizenship required. - Ability to travel approximately 25-35%. - Active DoD Secret Clearance or ability to obtain one. - 8+ years of cybersecurity experience, including 5+ years in managerial roles and 3+ years in CMMC assessments. - Experience with large government contractors and effective communication with executive leadership. - Hold one (1) or more of the following active certifications: - CISM - CISSO - CPTE - CompTIA CySA+ - FITSP-A - GCSA - CISA - CISSP - CISSP-ISSEP - GSLC - GSNA Requirements - Manage assigned Assessment Teams, ensuring roles are defined, daily coordination is effective, and assessors comply with CMMC Assessment Process (CAP) and NIST SP 800-171A. - Oversee evidence collection and validation to ensure objectivity, consistency, and compliance. - Review and approve assessment findings, including preliminary and final scoring, and ensure accurate documentation submission. - Coordinate assessment schedules, logistics, interviews, site visits, and secure information handling. - Participate in post-assessment reviews and continuous improvement efforts, providing feedback to refine internal assessment procedures. Desired Qualifications & Skills - Additional experience with cloud platforms (AWS, Azure, GCP). - Strong leadership, team management, problem-solving, and communication skills. - Deep knowledge of CMMC model, assessment processes, NIST standards, and DFARS requirements. Benefits - BARR Advisory specializes in meeting clients where they are, from small start-ups to global enterprises and everything in between. - Ability to customize cybersecurity compliance and consulting services based on individual client needs. - Focus on building trusted client relationships through partnership and support. - Commitment to a remote culture that ensures autonomy, mastery, and purpose. - Inclusive workplace dedicated to hiring and developing diverse talent. - Equal opportunity employer with a commitment to reasonable accommodations for individuals with disabilities.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Information Security Analyst is responsible for protecting an organization’s computer systems, networks, and data from security threats. This role involves monitoring security systems, analyzing incidents, implementing security controls, and ensuring compliance with security standards. The analyst works closely with IT teams to identify vulnerabilities, respond to cyber incidents, and support the overall cybersecurity strategy. Key Responsibilities - Security Monitoring & Incident Response - Monitor security events, alerts, and logs using SIEM and other monitoring tools. - Investigate potential security incidents and take remedial action. - Conduct root-cause analysis and document findings. - Respond to security breaches and support incident resolution processes. - Vulnerability & Risk Management - Perform routine vulnerability scans and risk assessments. - Assist in patch management and mitigation strategies. - Track and report security risks, ensuring timely remediation. - Security Tools & Technologies - Maintain and configure security tools such as firewalls, endpoint protection, IDS/IPS, and DLP systems. - Support deployment and tuning of SIEM solutions. - Evaluate new security technologies and assist with implementation. - Policy, Compliance & Governance - Support compliance initiatives such as ISO 27001, NIST, SOC 2, GDPR, or HIPAA. - Assist in developing and maintaining security policies, procedures, and standards. - Participate in internal and external audits. - Security Awareness & Training - Collaborate with HR/IT to conduct employee cybersecurity training. - Help develop awareness content on phishing, password hygiene, and secure practices. - Documentation & Reporting - Prepare technical documentation, risk assessments, and incident reports. - Provide regular updates to leadership on security posture and incidents. Qualifications - Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience). - 1–3 years of experience in information security, IT systems, or network administration. - Knowledge of common security frameworks (e.g., NIST CSF, ISO 27001). - Familiarity with security tools: SIEM, IDS/IPS, endpoint security, vulnerability scanners. - Understanding of networking concepts (TCP/IP, DNS, firewalls, VPN). - Strong analytical, troubleshooting, and communication skills. Preferred Qualifications - Industry certifications such as: - CompTIA Security+ - Certified Ethical Hacker (CEH) - GIAC Security Essentials (GSEC) - Certified Information Systems Security Professional (CISSP) (associate level acceptable) - Experience with cloud platforms (AWS, Azure, GCP) and cloud security tools. - Familiarity with scripting languages (Python, PowerShell, Bash).

Position Overview: The Forensic Collection Specialist is responsible for the acquisition, preservation, and documentation of digital evidence in a legally defensible manner. You will work directly with internal teams, clients, and occasionally custodians to collect electronically stored information (ESI) from devices, email systems, cloud services, and enterprise data sources. Key Responsibilities: - Conduct forensic collections of ESI from computers, mobile devices, servers, cloud storage, and network environments. - Ensure the integrity and defensibility of all collections through proper chain-of-custody and documentation. - Use industry-standard tools such as EnCase, FTK, X1 Social Discovery, Cellebrite, Magnet AXIOM, and others. - Interface with clients to schedule and conduct collections with professionalism and discretion. - Collaborate with project managers, legal teams, and review staff to support litigation and investigation workflows. - Maintain current knowledge of digital forensics best practices, legal considerations, and new technologies.

Job Summary and Mission This role supports Starbucks Technology by driving compliance programs—including SOX, PCI, SWIFT, and emerging regulations—through effective risk‑to‑control alignment and scalable compliance operations. The cybersecurity analyst senior partners across GCS, ST, and business teams to develop and improve enterprise compliance services, requiring strong interpersonal skills and clear communication. The role designs and maintains GRC capabilities across policies, standards, controls, assessments, and automation. The ideal candidate brings deep IT compliance expertise and hands‑on experience with GRC/IRM platforms, enabling continuous control monitoring, evidence automation, and actionable risk insights. This position operates with significant independence, proactively identifying requirements, improving processes, and leading cross‑functional change. Summary of Key Responsibilities Leadership – - Serve as a subject-matter expert across key technology compliance domains (e.g., SOX ITGC, PCI DSS, SWIFT, ISO/IEC 27001, NIST CSF/800-53, SOC 2), navigating cross-functional dependencies and translating regulatory obligations into actionable, risk-based controls. - Partners with managers, engineers, and cross-functional teams to drive compliance within technology products and solutions, build strong working relationships, and provide advisory support that aligns requirements, policies, standards, and controls that reduce risk and strengthen operational resilience - Develop training and reusable templates to help compliance scale across the enterprise - Operate in a largely self-directed manner; escalate risks and decisions appropriately. Solution Design and Automation – - Lead compliance automation initiatives to streamline control execution, validation, evidence collection, and monitoring through scalable, technology-driven workflows. - Design and configure Governance Risk Compliance (GRC)/Integrated Risk Management (IRM) capabilities (e.g. control libraries, issues and risk management, assessments, evidence orchestration), integrating with enterprise systems to automate data flows, control testing, and compliance reporting. - Enable continuous control monitoring by defining data models, automation patterns (APIs, eventing, scripting), with an increasing focus on AI-assisted detection, testing, and anomaly identification to reduce manual effort and expand assurance coverage. - Build intelligent dashboards and metrics that visualize control health, risk posture, findings, exceptions, and remediation progress, incorporating role-based experiences and leveraging AI/ML insights to surface emerging risks and control degradation trends. - Continuously identify and implement automation, standardization, and reuse opportunities to improve productivity, quality, and cost efficiency. Compliance Program Operations – - Design risk and control matrices that support regulatory requirements and internal standards. - Provide consulting and guidance to ensure effective use of compliance and risk‑management tools and processes. - Develop budget recommendations to support compliance initiatives and program maturity. - Own multiple compliance products and maintain deep knowledge of relevant Starbucks and industry domain areas. - Apply LEAN and user‑centered design techniques to simplify compliance processes and improve partner experience. - Administer and support GRC tools and integrations, including triaging requests, managing queues against SLAs, and coordinating with vendors and cross‑functional teams. - Develop and maintain documentation (wikis, knowledge articles, runbooks) and deliver training on compliance services, tooling, and governance processes. - Coordinate and execute control assessments, readiness reviews, and walkthroughs, collecting and validating evidence for internal and external audits. - Perform root‑cause analysis and drive durable remediation through control improvements, process changes, or automation. - Track and report remediation status, risk acceptance, and exceptions in partnership with control owners and audit stakeholders. Agile Delivery – - Own and refine the compliance services backlog by creating user stories, defining acceptance criteria, and driving delivery within agile sprint cadences. - Manage GRC/compliance products and services, applying continuous improvement to mature capabilities over time. - Collaborate with stakeholders to define requirements, assess business value, prioritize backlog items, and maintain user personas that support the compliance program. - Define controls and compliance goals, KPIs, and measurement plans to evaluate program effectiveness with minimal oversight. - Balance scope, capacity, and timelines to deliver small feature sets and enhancements aligned to business and compliance outcomes. - Develop strategic and operational plans for compliance services, ensuring effective execution and measurable results. Basic Qualifications - Bachelor's degree in computer science or related field or 3+ years of relevant experience. - Apply knowledge of business principles and technology practices to achieve successful outcomes in cross-functional activities. - Excellent analytical and problem-solving skills. - Generate comprehensive documentation in support of systems. - Exhibit exception oral and written interpersonal and communication skills. - Experience with Microsoft Office products such as Word, Excel, and PowerPoint proficiently. - Apply a deep understanding of business processes and process improvement initiatives. - Provide top-tier customer service. - Implement system development concepts effectively. - Proven working knowledge of system development lifecycle and IT operations. - Ability to use business knowledge, sound judgement, and resourcefulness to design and deploy highly reliable and sustainable technology solutions. - Ability to balance multiple priorities and meet deadlines. - Configuration knowledge of relevant applications/modules/platforms. Preferred Qualifications - 3+ years of progressive industry experience in Information Risk Management, IT Governance, IT Compliance, Data Privacy or Internal/External - Technology Audit disciplines, with at least two of those years in an IT or a software development setting. - Exposure to Common Control Framework (CCF) practices with knowledge and ability to track common control requirements across numerous security and regulatory standards - Ability to work within large organizations to collaborate and drive cross-functional efforts, and build partnerships to secure the resources necessary to achieve goals - Certifications such as CISA, CISSP, CISM, CIPM or others focused on controls assurance, information security, data privacy or information risk management is a strong plus - Detailed and results-oriented, able to analyze data to justify product decisions and apply key learnings. - Strong verbal and written communications skills - Consistently uses communications skills to influence outcomes within a known skill set - Ability to balance multiple priorities and meet deadlines - Ability to thoroughly understand complex business and technical issues and influence decision making - Hands on experience in developing roadmaps, story outlines, writing user stories, refining product backlogs, and coordinating/prioritizing conflicting requirements across teams in a fast-paced, changing environment - Ability to apply knowledge of multidisciplinary business principles and practices to achieve successful outcomes in cross-functional projects and activities - Experience in engineering and/or platform role for GRC solutions and/or cybersecurity risk management solutions. As a Starbucks partner, you (and your family) will have access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits. Partners have access to short-term and long-term disability, paid parental leave, family expansion reimbursement, paid vacation from date of hire*, sick time (accrued at 1 hour for every 25 hours worked), eight paid holidays, and two personal days per year. Starbucks also offers eligible partners participation in a 401(k) retirement plan with employer match, a discounted company stock program (S.I.P.), Starbucks equity program (Bean Stock), incentivized emergency savings, and financial well-being tools. Additionally, Starbucks offers 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan, student loan management resources, and access to other educational opportunities. You will also have access to backup care and DACA reimbursement. Starbucks will comply with any applicable state and local laws regarding employee leave benefits, including, but not limited to providing time off pursuant to the Colorado Healthy Families and Workplaces Act, and in accordance with its plans and policies. This list is subject to change depending on collective bargaining in locations where partners have a certified bargaining representative. For additional information regarding partner perks and more detailed information about benefits, go to starbucksbenefits.com. *If you are working in CA, CO, IL, LA, ME, MA, NE, ND or RI, you will accrue vacation up to a maximum of 120 hours (190 in CA) for roles below director and 200 hours (316 in CA) for roles at director or above. For roles in other states, you will be granted vacation time starting at 120 hours annually for roles below director and 200 hours annually for roles director and above. The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, geographical location, and internal equity.  At Starbucks, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. Join us and inspire with every cup. Apply today! Starbucks Coffee Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or protected veteran status, or any other characteristic protected by law. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.   Starbucks Coffee Company is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at applicantaccommodation@starbucks.com or 1(888) 611-2258.