Building. Solving. Serving.
Cyber Security Analyst
Location
United States
Posted
3 days ago
Salary
$150K - $155K / year
Seniority
Lead
Job Description
Cyber Security Analyst
Cherokee Federal
• Provide support to the MARAD Information Assurance Program for operations, business and administrative in support of the System Authorization Process and deliverables. • Direct involvement with MARAD Program Office and the Information System Security Manager (ISSM) on cybersecurity and authority to operate (ATO) matters. • Manage MARAD’s Information System’s core documentation, in accordance with each phase of the system engineering process / System Development Life Cycle (SDLC). • Support creation/update of FIPS 199 Security Categorization document; ensure information type(s) and special considerations (if applicable) are defined. • Support creation/update security control selection listing. • Support creation/update System Security Plan (SSP). • Assist in security incident response, risk mitigation, and compliance reporting.
Job Requirements
- 10+ years of experience in cybersecurity, with expertise in maritime/vessel cybersecurity, IT/OT security, and federal cybersecurity policies.
- US Navy or Coastguard Maritime Cyber Security Experience highly desired.
- Strong knowledge of NIST RMF, NIST Cybersecurity Framework (CSF), FISMA, and Navy or U.S. Coast Guard Maritime Organization cybersecurity requirements.
- Experience with Continuous Diagnostics and Mitigation (CDM), Information Security Continuous Monitoring (ISCM), and Identity, Credential, and Access Management (ICAM).
- Proven ability to lead cybersecurity assessments, compliance audits, and risk management activities.
- Understanding of the principles, methods, and tools of quality assurance and quality control used to ensure a product fulfills functional requirements and standards.
- Proficiency in Microsoft Office Suite, Power BI, Tableau, and SharePoint.
- Must pass pre-employment qualifications of Cherokee Federal
Benefits
- Medical
- Dental
- Vision
- 401K
- other possible benefits as provided
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Senior Competitive Intelligence Analyst – Cloud Security
CrowdStrikeCrowdStrike is an award-winning, global provider of cloud-delivered security technology, threat intelligence, and next-generation endpoint protection. Founded i
• Synthesize and formulate guidance from a variety of information levels and sources (technical, business, field, external) and regularly present key takeaways to the field and to senior leadership • Provide a field-actionable, in-depth and ever-evolving understanding and analysis of cloud security market relative to CrowdStrike solutions and capabilities • Provide tailored deal support (competitive surgeries & guidance), and develop a deep rapport with the field • Work closely with the rest of the Competitive Intelligence team at CrowdStrike, as well as other key stakeholders (including the office of the CTO, sales, product, and marketing teams), functioning as a primary liaison for cloud security competition which includes development of competitive support material and competitive readiness plans. • Make recommendations on sales tactics and product strategy to enable CrowdStrike to win in the market. • Be a self-starter with an ownership mentality. You will work autonomously in the development of project plans, requirements, timelines, content, and ongoing tracking/updates of the cloud competitive landscape. • Conduct win/loss analysis, using both quantitative and qualitative data source to determine why CrowdStrike wins and loses vs the competition.
Information Security Analyst
DidomiDidomi builds technology that allows organizations to place customer consent at the core of their strategy.
• Help maintain and improve our ISO 27001 management system, ensuring controls remain effective, documented, and continuously evidenced. • Contribute to internal audits, surveillance audits, and recertification cycles, including the upcoming unified audit covering Didomi and recently acquired business units. • Track corrective actions, nonconformities, and continuous improvement initiatives, supporting the security team in driving them to closure. • Carry out recurring activities on the security calendar in support of the security team, including vulnerability scanning campaigns, quarterly access reviews, risk assessments, business continuity tests, and policy review cycles. • Triage vulnerability findings from AWS GuardDuty, Inspector, and other sources, then work with the Security Manager to define remediation priorities and follow them through to closure. • Run periodic access reviews across critical systems (Google Workspace, AWS, Slack, JAMF, GitLab, GitHub, and internal applications), surfacing findings to the Security Manager and helping ensure they are remediated. • Contribute to the security team's reviews of new tools, vendors, and SaaS applications for security and compliance risks before adoption. • Help the security team assess and harden internal workflows, with a particular focus on identity, access management, MFA, SSO, and data handling. • Support the security team on security questionnaires, RFPs, and customer due diligence requests. • Support the security team on broader initiatives such as AI governance, SaaS governance, and integration of acquired entities into the ISO scope.
• Develop and enhance vulnerability scanning strategies to ensure comprehensive coverage • Conduct internal and external vulnerability assessments and validate scan results • Apply established vulnerability management standards to classify vulnerabilities • Categorize and prioritize assets according to criticality • Partner with EBTS teams to develop and execute vulnerability remediation plans • Track and report remediation activities • Analyze emerging cyber threats and assess potential impacts • Communicate current risk exposure and remediation efforts to senior leadership • Develop, maintain, and present vulnerability management metrics and executive reports • Create, update, and maintain policies, standards, procedures related to vulnerability management • Ensure security controls are operating effectively to satisfy audit and regulatory requirements • Assist in the development of a threat hunting program • Collaborate with internal teams to investigate, validate, and resolve vulnerability findings
Security Risk Analyst
College BoardAt College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive.
Role Description As a Security Risk Analyst, you will have the critical role of being responsible for evaluating and managing exceptions to IT security policies, for managing the Organization’s Risk and Control Issues Register (Risk Register), and for developing reports and metrics. Your strong technical communication and negotiation skills will help you build relationships and collaborate with diverse stakeholders and reduce risk to the organization and ensure compliance. Under the direction of management, you will manage the Risk Register and perform security policy exceptions to help the College Board understand its critical risks. - Manage the Risk Register (20%): - Leads the management of the issues and risks and quickly escalates any untimely completion of audit actions. - Works independently to communicate risks and works with others to problem-solve risks to tolerance levels based on data and evidence. - Maintains data quality of Risk Register and executes any required data clean-up exercises. - Understands College Board work to be able to drive Risk or Control Owners to ensure consistent application of policies and standards. - Raises awareness about Risk & Control Issues, Policy exceptions, and available risk reduction options. - Fosters a culture of risk awareness and compliance within the technology department and across the organization. - Manage Policy Exceptions (65%): - Independently analyzes policy exception submissions and provides risk assessment reports for critical service lines, applications, and infrastructure hosted on-prem and in the cloud. - Evaluates and manage exceptions to IT security policies. - Manages materials for the Exception Review Board and presents exception information to executive leadership and senior team members. - Maintains an up-to-date knowledge and understanding of IT security policies and principles. - Maintains a customer-focused attitude in all interactions with customers and colleagues. - Support Vendor Risk Management (10%): - Support the Vendor Risk Management program by understanding policies and procedures. - Perform New Vendor Risk Assessments and Reassessments. - Serve as backup to the Sr. Risk Analyst. - Manage Metrics and Reporting (5%): - Provides weekly and monthly reporting for the Risk Register and policy exceptions. - Produces trending metrics and escalate exceptions. - Performs other duties as assigned. Qualifications - 5-7 years of experience managing or supporting IT Security Risk and Control Risk Register and processing policy exceptions. - Strong understanding of risk management techniques such as risk identification, risk scoring, risk mitigation, and risk tracking. - Proven ability to lead conversations balancing risk and multiple business needs that result in positive outcomes with multiple stakeholders. - The capacity to assess risk information and make risk recommendations independently. - Strong organization and prioritization skills and the proven ability to manage multiple tasks simultaneously, both independently and as a member of the team. - Excellent verbal and written communication skills. - Experience with governance, risk, and compliance tools (e.g., OneTrust) preferred. - Experience with information security and privacy frameworks such as ISO 27001, COBIT, NIST-CSF, NIST 800-53, GDPR etc. - Current Information Security Certification (e.g., CISSP, CRISC, CISM, CISA, or related security certification) preferred or the ability to attain one within 6 months of hire. - Bachelor’s degree in computer science, cybersecurity, engineering, IT management or four years equivalent IT and security industry experience. - Vendor Risk Management policies and procedures. - Bachelor’s degree required. - The ability to travel 2-4 times a year to College Board offices or on behalf of College Board business. Benefits - At College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. - We’re a self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market. - The hiring range for this role is $72,000–$120,000. - Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board. - We aim to make our best offer upfront, rooted in fairness, transparency, and market data. - We adjust salaries by location to ensure fairness, no matter where you live. - You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process.



