Information Security Risk Analyst - Senior

Technical Specialist, Information Security Risk Analyst - Senior

Raleigh, NC (Fully Onsite)

1. Information Security Risk Analyst
2. Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
3. This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation. Plan and conduct annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
4. Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
5. Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
6. Map risks and mitigation efforts to control domains to support future certification
7. Develop and deliver documentation, dashboards, and executive summaries.
8. Collaborate with internal stakeholders to validate findings and support security governance efforts.