Overview
On Site
Depends on Experience
Accepts corp to corp applications
Contract - W2
Contract - Independent
Skills
Cyber Security
Risk Analysis
Risk Assessment
Risk Management
Risk Management Framework
Information Systems
Workflow
Vulnerability Scanning
Network
Regulatory Compliance
SAP GRC
ServiceNow
System On A Chip
RMF
Decision-making
HIPAA
ISO/IEC 27001:2005
NIST 800-53
ISACA
Evaluation
Analytical Skill
Attention To Detail
Business Operations
Auditing
CISSP
CISA
NIST RMF 800-37
and ISO 27001
Job Details
Role: Cyber Security Risk Analyst
Location: Rockville, MD (ONSITE)
PROFESSIONAL CERTIFICATIONS:
- CISSP (Certified Information Systems Security Professional)
- CRISC (Certified in Risk and Information Systems Control)
- GRCP (GRC Professional Certification)
- CISA (Certified Information Systems Auditor)
- CGRC (Certified in Governance, Risk, and Compliance)
IDEAL CANDIDATE:
- The ideal candidate is a mid-level cybersecurity professional with a solid track record in risk analysis, policy exception review, and control evaluation within a regulated environment. They possess hands-on experience with Governance, Risk, and Compliance (GRC) platforms preferably ServiceNow and are adept at navigating complex workflows related to policy deviations, risk acceptances, and control exceptions.
- This individual demonstrates a deep understanding of risk management frameworks such as NIST 800-53, NIST RMF 800-37, HIPAA, and ISO 27001, and can apply this knowledge to evaluate threats, assess vulnerabilities, and recommend appropriate mitigation strategies. The candidate brings a technical foundation that enables them to confidently interpret network diagrams, vulnerability scan results, and audit artifacts such as SOC 1/SOC 2 reports.
- They are detail-oriented, analytical, and capable of conducting structured risk assessments that support business operations while maintaining compliance with County security policies. The candidate excels at clearly communicating risk implications and recommendations to both technical teams and executive stakeholders. Experience working in hybrid government environments, supporting third-party risk assessments, and contributing to audit readiness activities is highly desirable.
- Above all, the candidate demonstrates professional maturity, sound judgment, and a collaborative approach to advancing the County s risk-informed decision-making and cybersecurity governance objectives.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.