• Help manage the design, development, and implementation of systems to protect CCHMC data • Support communication between internal and external parties on project related issues and developments • Analyze, design, implement, and maintain moderately complex systems that greatly improve clinical care • Provide technical support and third-level problem resolution assistance for production and process issues • Ensure outstanding end-user support is provided, including ongoing monitoring of Service Level Agreements

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This role is a senior technical position focused on safeguarding critical IT systems and networks through advanced cybersecurity expertise. You will lead complex assessments, vulnerability testing, and cybersecurity evaluations, providing actionable guidance and technical direction across multiple platforms and environments. The role combines hands-on technical work with strategic advisory responsibilities, ensuring compliance with defense regulations and implementing innovative solutions to emerging security challenges. Working closely with cross-functional teams, you will influence cybersecurity strategy, tools, and processes that protect mission-critical systems. This position is ideal for a cybersecurity professional who thrives in a high-stakes, collaborative environment and enjoys solving sophisticated security problems at the enterprise and government levels. - Serve as the technical authority for cybersecurity assessments, providing guidance, interpretation, and innovative solutions for complex IT challenges. - Conduct and oversee vulnerability assessments, penetration testing, and CCRI evaluations across networks, databases, and applications. - Recommend and assist in the development of cybersecurity tools, including product-specific STIGs aligned with DISA SRGs. - Lead consultative engagements to define long-range cybersecurity goals, actions, and technical strategies. - Develop advanced technological ideas and guide their implementation into effective solutions. - Maintain up-to-date knowledge of DoD security regulations, DISA STIGs, and industry best practices, applying them to assessment and remediation activities. Qualifications - 7+ years of IT experience with at least 5 years in cybersecurity, including hands-on CCRI, vulnerability assessment, and penetration testing. - Expertise in network configuration and defense, internal systems, DNS, HBSS, and traditional security frameworks. - Command Cyber Readiness Inspection (CCRI) certification in at least one area, such as Retina scan analysis, boundary/internal defense, or HBSS modules. - Tenable Certified NESSUS Auditor and relevant certifications from nationally recognized authorities (e.g., CEH, GPEN, LPT, CEPT). - Experience with Oracle EBS R12.2 platform and federal cybersecurity compliance frameworks. - Strong analytical, problem-solving, and communication skills, with the ability to convey technical concepts clearly to diverse audiences. - Must possess a DOD SECRET clearance and be eligible for an IT-II Non-Critical Sensitive or Tier 3 (T3) clearance at the time of assignment. - Preferred knowledge of SCAP, RMF, VULNERATOR, USCYBERCOM CTO Compliance Program, and advanced skills in wireless, web services, database, email, and vulnerability scanning tools. Benefits - Competitive compensation reflecting experience and expertise. - Flexible remote work with the requirement to travel periodically to Ft. Belvoir, VA. - Opportunity to work on high-impact government cybersecurity projects in a collaborative, professional environment. - Professional development and mentorship opportunities with experienced cybersecurity teams. - Exposure to cutting-edge tools, frameworks, and advanced security methodologies.

Senior Cybersecurity A&A Risk Analyst Position Summary The Senior Cybersecurity Assessment & Authorization (A&A) Risk Analyst provides advanced governance, risk, and compliance (GRC) support to federal information systems in alignment with the Federal Information Security Modernization Act (FISMA) and the NIST Risk Management Framework (RMF). This position is responsible for managing external service authorization activities, conducting security risk assessments, and supporting NSF’s continuous monitoring efforts. The role requires strong analytical, documentation, and stakeholder engagement skills to ensure federal systems maintain compliance with applicable federal laws, regulations, and NSF directives. Essential Duties and Responsibilities Assessment & Authorization (A&A) - Manage full lifecycle Risk Management Framework (RMF) activities in accordance with NIST Special Publication 800-37. - Develop, review, and maintain security authorization documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms). - Review and assess FedRAMP authorization packages, and package updates, to support the evaluation and use of cloud services. - Monitor ATO packages in the FedRAMP Secure Repository - Communicate with system owners, information systems security officers (ISSOs), Cloud Service Providers, and security stakeholders frequently to review significant system changes and ensure continued compliance with federal security requirements. - Evaluate and validate implementation of security controls defined in NIST Special Publication 800-53 Rev. 5, including inherited and agency-implemented controls. - Conduct risk assessments using methodologies consistent with NIST Special Publication 800-30 and provide risk analysis and recommendations to Authorizing Officials and senior stakeholders. - Support continuous monitoring and ongoing authorization activities by reviewing vulnerability scans, tracking POA&Ms, and coordinating remediation efforts. Governance, Risk & Compliance (GRC) - Peer review cybersecurity policies, standards, procedures, and implementation guidance. - Perform regulatory and policy analysis to ensure alignment with federal requirements and agency directives. - Conduct gap analyses to assess compliance posture and recommend remediation strategies. - Assist in development of control overlays, baseline updates, and security control tailoring guidance. - Provide subject matter expertise in governance discussions. - Support enterprise reporting activities, including risk metrics and compliance dashboards in ServiceNow. Compliance & Oversight Support - Provide documentation and analysis support for internal and external reviews, including FISMA reporting activities. - Assist in preparing responses to oversight inquiries and tracking corrective actions. - Perform quality assurance reviews of security documentation to ensure accuracy and consistency. Required Qualifications - Bachelor’s degree in Cybersecurity, Information Technology, Public Policy, or related discipline (or equivalent experience). - Professional certification(s) such as CISSP, CISM, or CAP. - Minimum of 7 years of progressive cybersecurity experience, including at least 4 years supporting federal RMF/A&A efforts. - Demonstrated experience implementing the NIST Risk Management Framework. - Strong knowledge of: - Federal Risk and Authorization Management Program (FedRAMP) - NIST Special Publication 800-53 Rev. 5 - Federal Information Security Modernization Act (FISMA) - Federal Zero Trust Strategy (OMB M-22-09) - Familiarity with federal cloud security requirements and FedRAMP-authorized environments. - Experience supporting Moderate and/or High impact systems. - Experience with Microsoft 365 office applications. - Excellent written and verbal communication skills. - Ability to engage effectively with technical teams and executive leadership. - Active Public Trust clearance or ability to obtain. Preferred Qualifications - Experience with ServiceNow, CSAM and/or comparable GRC tools. - Familiarity with Atlassian Confluence and JIRA. - Experience contributing to enterprise-level cybersecurity policy initiatives. - Familiarity with guidance pertaining to responsible AI usage by federal agencies (e.g., Executive Order 13960, OMB M-25-21 and M-25-22). - Experience supporting federal research or grant-management systems. Core Competencies - Federal Cybersecurity Governance - Risk Assessment & Analysis - Policy Development & Regulatory Interpretation - Technical Documentation & Quality Assurance - Stakeholder Engagement - Analytical Problem Solving Work Environment This is a full-time remote position supporting Cherokee Federal’s cybersecurity contract with the U.S. National Science Foundation in Alexandria, VA. This position reports to the Cybersecurity Oversight and Compliance Lead, operates within a structured federal compliance environment, and requires collaboration with system owners, security personnel, program offices, and senior stakeholders. The role supports ongoing authorization, governance initiatives, and periodic oversight reviews to maintain a strong cybersecurity posture across NSF systems. About Criterion Systems Criterion Systems LLC is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com. Cherokee Federal is a military-friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply. - Cybersecurity RMF Analyst - Cybersecurity GRC Analyst - Information Security Risk Analyst - Cybersecurity Compliance Analyst - NIST RMF / NIST 800-53 - FedRAMP / ATO Authorization - FISMA Compliance - Security Authorization (A&A) - ServiceNow GRC / Cyber Risk Management - Federal Cybersecurity Risk Management #CherokeeFederal #LI-SM2 #AppC Legal Disclaimer: All qualified applicants will receive consideration for employment without regard to protected veteran status, disability or any other status protected under applicable federal, state or local law.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We are seeking a skilled Senior Cybersecurity Analyst to play a pivotal role in securing enterprise systems, managing compliance programs, and mitigating risk across complex technical environments. This position offers the opportunity to impact critical business operations while collaborating with cross-functional teams, including Engineering, Product, Legal, and Customer Success. You will act as a trusted security advisor, helping translate technical and regulatory requirements into actionable strategies. The ideal candidate thrives in a fast-paced, innovative environment, combining technical expertise, project management skills, and strong communication abilities to ensure robust cybersecurity and compliance outcomes. - Leading SOC 2 Type II audit cycles from scoping through evidence collection to final reporting, serving as the main contact for auditors. - Coordinating HIPAA compliance assessments, including risk analyses, policy reviews, and BAA management. - Conducting gap analyses against security frameworks (SOC 2, HIPAA, ISO 42001, NIST CSF) and developing prioritized remediation plans. - Tracking risk mitigation progress and ensuring accountability for all corrective actions. - Responding to enterprise customer security questionnaires and collaborating with clients on security matters. - Supporting architecture and design reviews, ensuring systems meet security and compliance requirements before deployment. - Developing and maintaining reusable security documentation, including trust portals, standard responses, and technical diagrams. - Leveraging AI-assisted tools to enhance efficiency in threat analysis, evidence collection, and cybersecurity workflows. Qualifications - Bachelor’s degree in Information Security, Computer Science, or a related field. - 6+ years of cybersecurity experience, including at least 2 years in compliance programs or audit processes. - Hands-on experience leading SOC 2 audits through the full lifecycle. - Practical knowledge of risk management frameworks (NIST RMF, ISO 42001, FAIR) and risk treatment procedures. - Experience responding to enterprise security questionnaires and interacting with customers. - Strong project management skills, capable of handling multiple priorities in a fast-moving environment. - Excellent communication skills for translating complex security topics to technical and non-technical audiences. - Active security certifications (CISSP and CISA preferred). Requirements - Experience in the healthcare industry or familiarity with healthcare data regulations. - Knowledge of project management methodologies (PMP, Agile, Scrum). - Familiarity with additional compliance frameworks such as ISO 27001, NIST CSF, or HITRUST. - Understanding of DevSecOps practices and integrating security into CI/CD pipelines. Benefits - Competitive salary and performance-based incentives. - Comprehensive Medical, Dental, Vision, and Life insurance. - HSA with employer match, FSA, and DCFSA options. - 401(k) plan. - Flexible PTO policy and 11 paid company holidays. - Remote-first location flexibility and annual company offsites. - Annual equipment stipend and periodic team events.