Cybersecurity Risk Management Analyst

Location

United States

Posted

1 day ago

Salary

$140K - $150K / year

Seniority

Mid Level

Job Description

Cybersecurity Risk Management Analyst

Cherokee Federal

Role Description The Cybersecurity Risk Management Analyst provides advanced Governance, Risk, and Compliance (GRC) support for federal information systems in accordance with the Federal Information Security Modernization Act (FISMA) and the NIST Risk Management Framework (RMF). This role is responsible for managing Assessment & Authorization (A&A) activities, supporting external service authorizations, conducting cybersecurity risk assessments, and maintaining continuous monitoring efforts to ensure compliance with federal cybersecurity requirements. The position requires strong analytical, documentation, and stakeholder engagement skills while working collaboratively with federal system owners, Information System Security Officers (ISSOs), Cloud Service Providers, and executive leadership to maintain secure and compliant federal systems. Qualifications - Bachelor's degree in Cybersecurity, Information Technology, Public Policy, or related discipline (or equivalent experience). - Professional cybersecurity certification such as: - CISSP - CISM - CAP - Minimum seven (7) years of progressive cybersecurity experience. - Minimum four (4) years supporting federal Risk Management Framework (RMF) and Assessment & Authorization (A&A) programs. - Demonstrated experience implementing the NIST Risk Management Framework. - Strong working knowledge of: - Federal Risk and Authorization Management Program (FedRAMP) - NIST Special Publication 800-53 Revision 5 - Federal Information Security Modernization Act (FISMA) - Federal Zero Trust Strategy (OMB M-22-09) - Experience supporting Moderate and/or High Impact federal information systems. - Familiarity with federal cloud security requirements and FedRAMP-authorized cloud environments. - Proficiency with Microsoft Office 365 applications. - Excellent written and verbal communication skills. - Ability to communicate effectively with technical teams and executive leadership. - Active Public Trust clearance or the ability to obtain and maintain one. Requirements - Manage the full lifecycle of Risk Management Framework (RMF) activities in accordance with NIST Special Publication 800-37. - Develop, review, and maintain security authorization documentation including: - System Security Plans (SSPs) - Security Assessment Plans (SAPs) - Security Assessment Reports (SARs) - Plans of Action and Milestones (POA&Ms) - Review and evaluate FedRAMP authorization packages and package updates supporting cloud service authorization decisions. - Monitor Authorization to Operate (ATO) packages within the FedRAMP Secure Repository. - Coordinate with system owners, ISSOs, Cloud Service Providers, and security stakeholders regarding system changes and authorization activities. - Validate implementation of NIST SP 800-53 Rev. 5 security controls, including inherited and agency-implemented controls. - Conduct cybersecurity risk assessments utilizing NIST SP 800-30 methodologies. - Provide risk analysis and recommendations to Authorizing Officials and senior leadership. - Support continuous monitoring by reviewing vulnerability scans, managing POA&Ms, and coordinating remediation activities. - Peer review cybersecurity policies, standards, procedures, and implementation guidance. - Perform regulatory and policy analysis to ensure alignment with federal cybersecurity requirements. - Conduct compliance gap analyses and recommend remediation strategies. - Assist in developing security control overlays, baseline updates, and control tailoring guidance. - Provide cybersecurity governance subject matter expertise. - Support enterprise reporting, cybersecurity metrics, and compliance dashboards utilizing ServiceNow. - Support FISMA reporting activities. - Prepare documentation for internal and external audits and oversight reviews. - Assist with responses to oversight inquiries and corrective action tracking. - Perform quality assurance reviews of cybersecurity documentation. - Perform other job-related duties as assigned. Benefits - Estimated Starting Salary Range Cybersecurity Risk Management Analyst- $140,000 – $150,000 - Pay commensurate with experience. - Full-time benefits include: - Medical - Dental - Vision - 401(k) - Paid time off - Other company-sponsored benefits as provided. - Benefits are subject to change with or without notice. Company Description Criterion Systems LLC is part of Cherokee Federal—the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner supporting more than 60 federal clients, Criterion delivers innovative technology, cybersecurity, and mission support solutions that help federal agencies solve complex challenges and accomplish critical missions. Cherokee Federal is a military-friendly employer. Veterans and active military transitioning to civilian careers are encouraged to apply.

Related Job Pages

More Security Analyst Jobs

Netrix Global logo

Senior Security Analyst

Netrix Global

IT Consultant & Managed Service Provider

Full TimeRemoteTeam 501-1,000Since 1990H1B No Sponsor

• Monitor and triage security alerts from SIEM, EDR/XDR, firewall, IDS/IPS, endpoint, identity, email, cloud, and other client telemetry sources. • Perform initial investigations to validate alerts, determine scope, assess severity, and identify likely root cause. • Analyze intrusion detection alerts, firewall events, endpoint activity, system logs, network traffic, and authentication events to identify suspicious or malicious activity. • Determine whether attacks were successful, document supporting evidence, and notify clients according to established escalation and communication procedures. • Identify indicators of compromise, enrich events with threat intelligence, and map relevant activity to frameworks such as MITRE ATT&CK when appropriate. • Support incident response efforts by providing technical findings, recommended containment actions, and timely updates to clients and internal teams. • Document investigation steps, timelines, findings, client communications, and recommendations in case management systems. • Contribute to detection tuning, false-positive reduction, knowledge base articles, runbooks, and process improvements. • Conduct ongoing research on emerging threats, vulnerabilities, attacker tactics,and security operations best practices.

Argentina
securityfirst logo

Senior Information Security Analyst – Governance

securityfirst

Levando a expertise em segurança da informação do mercado financeiro para setores como Saúde, Infraestrutura e Varejo.

Full TimeRemoteTeam 51-200Since 2017H1B No Sponsor

• Protect critical industrial environments. • Ensure the security of automation systems, industrial networks and critical infrastructure. • Ensure resilience against cyber threats that directly impact operations. • Focus on implementing and maintaining security policies, standards and security practices.

Brazil
Golden Pear Funding logo

IT Analyst, Security

Golden Pear Funding

Empowering people to navigate the legal process with confidence and providing them financial solutions that work.

Part TimeRemoteTeam 51-200Since 2008H1B No Sponsor

• Support maintenance of HITRUST, HIPAA, and SOC 2 compliance tasks under CTO guidance • Help draft and update internal policies and security documentation • Conduct annual risk assessments and evidence gathering for third-party audits • Monitor security practices and incidents, and drive mitigation efforts • Execute employee onboarding and offboarding checklists (system access, device setup, deprovisioning) • Manage internal tools, access controls, device management, and vendor reviews • Support device management and assist with vendor review documentation • Help maintain GCP infrastructure compliance documentation alongside the CTO • Support incident response and change management procedures

California
$45 - $50 / hour
Full TimeRemoteTeam 10,001+Since 1987H1B Sponsor

Role Description As a key player in the Eurofins network, we oversee multiple European businesses in Clinical testing area. With a vast network spanning over 350 sites in Europe, we are committed to maintaining robust IT security measures in alignment with business requirements. - Approvals: Act as a gatekeeper for sensitive access and firewall rule approvals, ensuring compliance with security policies and business needs. - Reviews: Conduct regular reviews of access permissions, firewall configurations, and IT infrastructure settings (e.g., AD, Intune, Office 365, Azure) to ensure adherence to security best practices and expectations. - Architectural Review and Change Management: Review and approve all proposed changes to the IT infrastructure, ensuring changes do not compromise security integrity. - Testing: Conduct vulnerability scans at both regional and laboratory levels, overseeing remediation efforts. Collaborate with Group Security to facilitate penetration testing as required. - Incident Response: Assist in the investigation of security breaches and provide support for security intelligence reported by the Group Security Operations Center (SOC). - Advisory Role: Work closely with newly acquired laboratories to enhance their security posture, leveraging internal security standards and the expertise of a Senior Security Analyst. Evaluate the security of both in-house and externally developed applications, providing recommendations for security enhancements. - Reporting: Contribute to the development of operational security Key Performance Indicators (KPIs) and offer recommendations for improvement based on data analysis and industry best practices. - Vulnerability Management: Oversee the vulnerability management process for our entire infrastructure, ensuring timely identification, prioritization, and mitigation of vulnerabilities. Qualifications - Bachelor's degree in Computer Science, Information Security, or related field. - Minimum of 3-5 years of experience in information security roles, with a focus on vulnerability management, incident response, and security advisory. - Professional certifications such as ISO27001 (lead implementer or auditor) are preferred. - Other certifications such as CISSP, CEH, or CISM are a plus. - Strong knowledge of IT security principles, technologies, and best practices. - Experience with security tools and technologies (e.g., vulnerability scanning tools, SIEM solutions). - Excellent communication skills, with the ability to convey technical information to both technical and non-technical audiences. - Effective English speaking and writing is mandatory. - Additional spoken languages would be a plus, especially French or Spanish. - Strong analytical and problem-solving abilities, with a keen attention to detail. - Ability to work effectively in a fast-paced, dynamic environment with multiple stakeholders. Benefits - We support your development! - Do you feel you don’t match 100% of the requirements? Don’t hesitate to apply anyway! Eurofins companies are committed to supporting your career development. - We embrace diversity! - As an Equal Opportunity Employer, the Eurofins network of companies believes in strength and innovation through diversity. - Sustainability matters to us! - We are well on our way to achieving our objective of carbon neutrality by 2025, through a combination of emission reduction and compensation initiatives. Compensation RON 8500 - RON 10500 monthly

Romania
RON8.5K - RON10.5K / month