Talent.com
Senior Cybersecurity Risk Management Analyst
Senior Cybersecurity Risk Management AnalystEvolver Federal • Springfield, VA, USA
Senior Cybersecurity Risk Management Analyst

Senior Cybersecurity Risk Management Analyst

Evolver Federal • Springfield, VA, USA
[job_card.30_days_ago]
[job_preview.job_type]
  • [job_card.full_time]
  • [filters_job_card.quick_apply]
[job_card.job_description]

Evolver Federal is seeking a Senior Cybersecurity Risk Management Analyst to support its Federal client in Springfield, VA in managing a portfolio of systems participating in Ongoing Authorization / Continuous ATO. This role will ensure compliance with established guidance / processes for Ongoing Authorization (OA) including but not limited to : developing and reviewing security documentation in support of the OA process and compiling related security packages for submission, validating control sets for testing, and conducing internal compliance reviews of assigned systems processes, as well as develop various compliance reports relating to all areas of risk and compliance.

The successful candidate will have previous experience managing a Federal Government Ongoing Authorization Program or previous experience as an ISSO with assigned systems participating in Ongoing Authorization / Continuous ATO Program. The candidate will also have experience with FISMA metrics and in reviewing and analyzing data output from scanning tools for the purposes of identifying risks and trends at the enterprise level in support of continuous monitoring and drive remediation efforts.

Responsibilities :

  • Provide security SME-level input to working groups to improve FISMA metrics and continuous monitoring processes.
  • Advise on architectural requirements for system / network security, Active Directory, application integration, and system hierarchy.
  • Analyze data from continuous monitoring, configuration, vulnerability, asset, and software management tool output to identify security trends and risks.
  • Support risk mitigation through performance analysis and anomaly detection.
  • Guide System Team stakeholders on OA processes and ensure compliance with OA Methodology.
  • Perform document reviews for all security documentation in support of initial authorization, reauthorization, and ongoing Security Authorization packages, as well as compile and prepare authorization packages.
  • Conduct monthly reviews and annual assessments of OA systems.
  • Validate system control assessment test plans and ensure control testing is in alignment with OA assessment frequency requirements.
  • Organize and lead monthly Organizational Risk Management Board (ORMB) meetings, including preparing and distributing meeting minutes.
  • Develop, maintain, and make recommendations for enhancing Cybersecurity Policies.
  • Develop, update, and maintain Standard Operating Procedures (SOPs) and make recommendations for new processes and / or SOPs needed to mature and improve Government Programs.
  • Apply knowledge of NIST 800-53 security controls and recommend appropriate allocation to support OA / Continuous ATO.
  • Communicate clearly with system owners, developers, and executive leadership on various cybersecurity, risk and compliance topics, including providing recommendations on system and network security architecture, Active Directory integration, and application security.
  • Coordinate, schedule, develop agendas, and facilitate meetings for large governance groups and working groups comprised of all levels of government and contractor stakeholders.
  • Perform other duties as assigned by the Government.
  • Ability to work efficiently and effectively in a dynamic and fast-paced environment.

Basic Qualifications

  • 8 years of related experience with Bachelor's Degree or 10 years of overall related experience in a relevant field
  • 5 years of experience with NIST 800-37, experience that can span across a subset, or all, of the steps within the Risk Management Framework.
  • 3 years of experience in DHS environment
  • 1 year of experience assessing security controls in accordance with NIST 800-53 in support of the Federal Government to include evaluating and validating security control implementation.
  • Must have a current Active Secret clearance
  • 3 years of experience with NIST SP 800-53, 800-37
  • 3 years of experience with DHS 4300A / B
  • 1 year of experience with FISMA metrics, and security compliance.
  • 3 years of experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management.
  • 3 years of experience with government GRC tools such as Archer, IACS, CSAM, etc.
  • 5 years' experience managing / supporting cybersecurity architecture and governance.
  • Must have previous client-engagement experience.

    • Preferred Qualifications

  • 2 years of experience assessing security controls in accordance with NIST 800-53 in support of the Federal Government to include evaluating and validating security control implementation.
  • 5 years of experience as an Information System Security Office (ISSO) in / in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to : System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs).
  • 3 years of experience as an Information System Security Office (ISSO) in / in support of the Federal government, developing and maintaining comprehensive security documentation in support of the Risk Management Framework, including, but not limited to : System Security Plans (SSPs) (Sections 1 & 2), Contingency Plans (CPs), Contingency Plan Tests (CPTs), Privacy Impact Assessments (PIAs), and Privacy Threshold Analyses (PIA), and Business Impact Assessments (BIAs).
  • Ability to schedule and lead meetings, including Working Groups and formal Governance Groups, with a diverse group of government and contractor stakeholders at various levels within the organization, including developing and maintaining agendas, meeting notes, and meeting records, including maintaining a repository of all meeting records.
  • Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
  • Ability to clearly communicate complex technical concepts to Information Technology Project Managers, ISSOs, Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners.
  • Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and / or Federal Leads.
  • Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
  • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
  • Possess strong analytical and critical thinking skills with the ability to apply them to the client / contract workspace.
  • Excellent organizational skills and attention to detail.
  • Strong analytical, critical thinking, and problem-solving skills.

    • Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military / veteran status, or any other factor protected by law.

    Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.

    Job Posted by ApplicantPro

    [job_alerts.create_a_job]

    Risk Management Analyst • Springfield, VA, USA

    [internal_linking.similar_jobs]
    Director, Enterprise Risk : Integration Strategy & Delivery

    Director, Enterprise Risk : Integration Strategy & Delivery

    Capital One National Association • McLean, VA, United States
    [job_card.full_time]
    A leading financial services organization in Virginia is looking for a Director of Integration Strategy to oversee integration efforts for a large-scale company merger. The role requires at least 7 ...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Tier 3 Incident Response Senior Analyst

    Tier 3 Incident Response Senior Analyst

    Resource Management Concepts, Inc. • Quantico, VA, US
    [job_card.full_time]
    [filters_job_card.quick_apply]
    Tier 3 Incident Response Senior Analyst.Quantico, Virginia, providing defensive cyberspace operations and Cyber Security Service Provider (CSSP) functions. This position will support the government'...[show_more]
    [last_updated.last_updated_30]
    Senior Systems Analyst

    Senior Systems Analyst

    Network Designs Inc. • King George, VA, US
    [job_card.full_time]
    NDi) is a leading Federal contractor that specializes in designing, developing, and delivering information technology and network solutions for government customers. Founded in 1985, NDi's firml...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Risk Analytics, Senior Director

    Risk Analytics, Senior Director

    Freddie Mac • Falls Church, VA, US
    [job_card.full_time]
    Senior Director Risk Analytics.At Freddie Mac, our mission of Making Home Possible is what motivates us, and it's at the core of everything we do. Since our charter in 1970, we have made home possi...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Senior SOC Analyst

    Senior SOC Analyst

    KeenLogic • Merrifield, VA, US
    [job_card.full_time]
    [filters_job_card.quick_apply]
    Senior SOC Analyst and Incident Responder KeenLogic is seeking to hire a Senior SOC Analyst & Incident Responder to join our team at the Drug Enforcement Administration.All the duties listed su...[show_more]
    [last_updated.last_updated_30]
    Director, Integration Strategy - Enterprise Risk

    Director, Integration Strategy - Enterprise Risk

    Capital One National Association • McLean, VA, United States
    [job_card.full_time]
    Director, Integration Strategy - Enterprise Risk.The Enterprise Services Risk organization is expanding with a focus on attracting innovative, pioneering, collaborative, and highly skilled professi...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Associate Cybersecurity Analyst

    Associate Cybersecurity Analyst

    Visa • Ashburn, Virginia, United States
    [job_card.full_time]
    Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more t...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    VP Risk Management

    VP Risk Management

    Apple Federal Credit Union • Fairfax, VA, United States
    [job_card.full_time]
    Join to apply for the VP Risk Management role at Apple Federal Credit Union.At Apple Federal Credit Union, we’re more than a financial institution. we’re a community‑focused organization powered by...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Cybersecurity Lead

    Cybersecurity Lead

    BTI • Quantico, VA, US
    [job_card.full_time]
    [filters_job_card.quick_apply]
    Business Technology Integrators (BTI), A Service -Disable Veteran Owned Small Business with over 25 years of experience delivering innovative IT Solutions to the Federal Government, is seeking a...[show_more]
    [last_updated.last_updated_30]
    Senior SOC Analyst – Cybersecurity Operations Support

    Senior SOC Analyst – Cybersecurity Operations Support

    Gormat • Fairfax, VA, USA
    [job_card.full_time]
    [filters_job_card.quick_apply]
    The Senior SOC Analyst is a critical member of a 24 / 7 / 365 Security Operations Center, responsible for advanced threat detection, incident response, and proactive threat hunting across enterprise IT...[show_more]
    [last_updated.last_updated_30]
    Cybersecurity Research Analyst (Federal Focus)

    Cybersecurity Research Analyst (Federal Focus)

    Merlin International Inc • Vienna, VA, US
    [job_card.full_time]
    Merlin Group operates at the intersection of cyber innovation, national security, and technology-driven transformation.With a mission to accelerate the adoption of high-impact technologies across t...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Cybersecurity Solutions Architect

    Cybersecurity Solutions Architect

    Avint • Herndon, VA, US
    [job_card.full_time]
    [filters_job_card.quick_apply]
    Avint is seeking a dynamic and innovative Cybersecurity Solutions Architect (CSA) to join our Growth team.In this role, you will be at the forefront of developing and delivering cutting-edge cybers...[show_more]
    [last_updated.last_updated_variable_days]
    Senior Integrated Defense Risk Management Process Analyst

    Senior Integrated Defense Risk Management Process Analyst

    Integrity Management Consulting • McLean, VA, United States
    [job_card.full_time]
    Senior Integrated Defense Risk Management Process Analyst.Experience conducting an asset criticality assessment in the Air Force critical asset management database. Experience using the Protection L...[show_more]
    [last_updated.last_updated_1_day] • [promoted]
    Risk Management Framework (RMF) Analyst

    Risk Management Framework (RMF) Analyst

    DeVillier's Technology Solutions • Stafford, VA, USA
    [job_card.full_time]
    [filters_job_card.quick_apply]
    The candidate shall be responsible for analyzing Software applications and encryption technology product(s) being assessed or developed for the purpose of specifying and developing Risk Management ...[show_more]
    [last_updated.last_updated_30]
    RMF Cyber Security Analyst, Senior

    RMF Cyber Security Analyst, Senior

    Nationwide IT Services • Quantico, VA, US
    [job_card.full_time]
    [filters_job_card.quick_apply]
    RMF Cyber Security Analyst, Senior Quantico, VA (On-Site) Security Clearance : .Active Secret Overview : Nationwide IT Services (NIS) is seeking a Cybersecurity Analyst to support programs, systems, a...[show_more]
    [last_updated.last_updated_variable_days]
    Operational Risk Senior

    Operational Risk Senior

    Freddie Mac • Falls Church, VA, US
    [job_card.full_time]
    At Freddie Mac, our mission of Making Home Possible is what motivates us, and it's at the core of everything we do.Since our charter in 1970, we have made home possible for more than 90 million fam...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Senior Technical Risk Analyst (Vendor Relationship Manager)

    Senior Technical Risk Analyst (Vendor Relationship Manager)

    Virginia Staffing • Vienna, VA, US
    [job_card.full_time]
    Overview Navy Federal Credit Union currently does not provide sponsorship for this role.Applicants must be authorized to work in the United States without the need for current or future sponsorship...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    REL Risk Analyst

    REL Risk Analyst

    Apex Systems • Falls Church, VA, United States
    [job_card.full_time]
    Responsible for supporting the operation of the risk function by evaluating and analyzing.May have a focus on one or more particular types of risk such as. Typically requires an individual a profess...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]