Cyber Risk Management Analyst

  • Springfield, VA
  • Posted 17 hours ago | Updated 17 hours ago

Overview

Hybrid
Depends on Experience
Full Time

Skills

Risk Management
FISMA
NIST
compliance

Job Details

Job Title: Cybersecurity Risk Management Analyst
Clearance Level Required: Secret
Spring Field, VA(Hybrid)
Fulltime
Position Summary:
We are seeking a proactive and experienced Cybersecurity Risk Management Analyst (Mid-Level) to support CLIENT s enterprise security compliance efforts. The analyst will play a key role in reviewing system documentation, tracking risk posture, supporting RMF assessments, and ensuring adherence to federal cybersecurity frameworks. This role supports system owners, ISSOs, and governance teams in achieving compliance with CLIENT, FISMA, and NIST requirements.
Key Responsibilities:
Review and validate security authorization documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, Risk Assessments, and Contingency Plans.
Assist ISSOs and stakeholders with RMF Step 1 6 activities, including ATO preparation and ongoing authorization requirements.
Monitor and report on compliance metrics, security status, and POA&M remediation progress.
Conduct document quality assurance reviews and ensure artifacts meet CLIENT and NIST standards.
Support internal audits and risk assessments by compiling evidence, coordinating responses, and tracking findings.
Track and update FISMA compliance artifacts in CLIENT-approved systems (e.g., ServiceNow, CSAM, Xacta).
Coordinate with system owners to review control implementations, identify risks, and update security documentation accordingly.
Contribute to the development of SOPs, process documentation, and security compliance reports.
Required Qualifications:
Minimum 5 years of experience in cybersecurity risk management, governance, or compliance.
Bachelor s degree in Cybersecurity, Information Systems, or a related field.
Active Secret clearance (or ability to obtain one).
Solid understanding of NIST SP 800-53 Rev 5, RMF, and FISMA requirements.
Experience supporting ATO packages, document reviews, and POA&M lifecycle management.
Strong skills in Microsoft Office tools (Excel, Word, PowerPoint) and collaboration platforms (e.g., SharePoint).
Strong communication, coordination, and stakeholder engagement skills.
Preferred Qualifications:
Certifications such as Security+, CGRC (formerly CAP), CISM, or CISSP (in progress or completed).
Experience using governance, risk, and compliance tools such as ServiceNow, Xacta, CSAM, or Archer.
Familiarity with FedRAMP, OMB directives, and Zero Trust principles.
Experience preparing responses for FISMA evaluations or internal control audits.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.