Cybersecurity Risk and Compliance Analyst

• This is 100% On-Site position.
  
• Selected candidate must be willing to work on-site in Woodlawn, MD 5 days a week.
  

• The Subject Matter Expert (SME) will provide technical guidance for assessing the management, operational, assurance, and technical security controls implemented on an information system via security testing and evaluation methods.
  
• The SME will provide guidance on improvement of policies and procedures to support the federal client's business processes for security assessment of Organizations.
  
• Provide technical advisory functions to staff.
  
• Provide administrative support for pre- and post-assessment activities.
  
• Provide continued modernization support for the Technical System Security Requirements (TSSR) and Security Evaluation Questionnaire (SEQ),
  
• Determine security controls effectiveness to ensure controls are implemented correctly, operating as intended and meeting requirements.
  
• Provide Cloud technical assistance/data privacy technical assistance.
  
• Provide technical assistance with ensuring suite of controls are implemented and operating as intended.
  

• Strong business documentation and technical writing skills;
  
• Must know NIST 800-53 revision 5;
  
• How to assess cybersecurity control based on NIST 800-53a R5;
  
• Strong experience working in Excel
  

Requirements

• Bachelor's Degree and 3 years of relevant experience, or master's degree and 1 year of relevant experience, or 7+years of relevant experience in lieu of a degree.
  
• 2+ years of security control assessment experience
  
• Strong business documentation and technical writing skills.
  
• Must have strong experience working in Excel
  
• Must be able to obtain and maintain a Public Trust. Contract requirement.
  

• Must possess a relevant cybersecurity certification (e.g., Security+, CISSP, CISM, or CAP)
  
• Experience with interpreting and applying federal laws, OMB directives, and client-specific policies to security and compliance efforts.
  
• Experience with interpreting and assessing security controls using NIST SP 800-53A Rev. 4, NIST SP 800-53 Rev. 5, NIST SP 800-37 Rev. 1, NIST SP 800-30 Rev. 1, NIST SP 800-39, and FIPS publications.
  

• Experience supporting Risk Management Framework (RMF) activities in accordance with NIST guidelines.
  
• Experience coordinating with the federal agency and partner agencies, understanding and leveraging existing agreements.
  
• Experience producing and maintaining business and technical documentation related to the Risk Management Framework.