Cyber Security Risk Analyst - Rockville, MD (ONSITE)

Role: Cyber Security Risk Analyst

Location: Rockville, MD (ONSITE)

PROFESSIONAL CERTIFICATIONS:

• CISSP (Certified Information Systems Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• GRCP (GRC Professional Certification)
• CISA (Certified Information Systems Auditor)
• CGRC (Certified in Governance, Risk, and Compliance)

IDEAL CANDIDATE:

• The ideal candidate is a mid-level cybersecurity professional with a solid track record in risk analysis, policy exception review, and control evaluation within a regulated environment. They possess hands-on experience with Governance, Risk, and Compliance (GRC) platforms preferably ServiceNow and are adept at navigating complex workflows related to policy deviations, risk acceptances, and control exceptions.
• This individual demonstrates a deep understanding of risk management frameworks such as NIST 800-53, NIST RMF 800-37, HIPAA, and ISO 27001, and can apply this knowledge to evaluate threats, assess vulnerabilities, and recommend appropriate mitigation strategies. The candidate brings a technical foundation that enables them to confidently interpret network diagrams, vulnerability scan results, and audit artifacts such as SOC 1/SOC 2 reports.
• They are detail-oriented, analytical, and capable of conducting structured risk assessments that support business operations while maintaining compliance with County security policies. The candidate excels at clearly communicating risk implications and recommendations to both technical teams and executive stakeholders. Experience working in hybrid government environments, supporting third-party risk assessments, and contributing to audit readiness activities is highly desirable.
• Above all, the candidate demonstrates professional maturity, sound judgment, and a collaborative approach to advancing the County s risk-informed decision-making and cybersecurity governance objectives.