Cyber Risk & Compliance Analyst

DatamanUSA is looking for a Cyber Risk & Compliance Analyst for our direct client based in MD. This is a great opportunity for someone who is a quick learner with excellent people skills.

Job Details:

Job Title: Cyber Risk & Compliance Analyst

Location: Rockville, MD

Duration: 6 months

Hands-on Knowledge, Skills and Abilities:

*) Hands-on experience of cyber security and privacy industry, including the technology used to protect the confidentiality, integrity and availability of sensitive information.

*) Hands-on experience working knowledge of security frameworks and regulatory requirements such as NIST SP 800-171, CIS Controls, FERPA, GLBA, PCI-DSS, and privacy standards.

*) Knowledge, appreciation and prioritization of principles and practices of project organization, planning, records management, and general administration.

*) Working knowledge of IT enterprise operations, architecture, and IT as a Service.

*) Hands-on experience of vulnerability management principles, methodologies, and tools

*) Hands-on experience with patch management processes, secure configuration standards, and system hardening practices.

*) Hands-on experience knowledge of common threat vectors, exploitation techniques, and the vulnerability lifecycle.

*) Hands-on knowledge of risk management concepts, risk scoring, risk registers, and POA&M tracking.

*) Hands-on experience with SOC reports, third-party risk assessments, and due diligence reviews.

*) Hands-on experience to analyze vulnerability data, correlate findings with threat intelligence, and assess potential business impact.

*) Hands-on experience in interpreting scan results, identifying false positives, and validating remediation actions.

*) Ability to perform root-cause analysis for recurring or high-risk findings.

*) Strong attention to detail when documenting risks, findings, or compliance gaps.

*) Ability to manage multiple assessments, findings, risks, and remediation efforts simultaneously.

*) Hands-on experience in writing policies, standards, processes and procedures.

*) Hands-on experience in leading and/or conducting audits, assessments or reviews of technical systems and processes.

*) Effective verbal and written communication skills, presentation, and public speaking skills.

*) Effective skills in developing and presenting educational or training programs.

*) Effective planning, organizational and multi-tasking skills with minimal supervision.

*) Ability to think critically and analyze information and situations; present findings and make recommendations.

*) Ability to identify compliance and security needs independent of management direction.

*) Ability to grasp technical concepts at all levels of computer systems, from system hardware components and architecture to system integration and implementations.

*) Ability to work independently and as part of a team.

*) Ability to advise, train, and motivate technical and non-technical individuals in regulatory compliance and information and systems security efforts.

*) Ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse.

*) Ability to communicate technical concepts and data to non-technical audiences.

*) Ability to achieve goals through influence, collaboration, and cooperation.

*) Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

*) Ability to produce technical documentation.

*) Ability to handle and maintain confidential information.

*) Ability to exercise judgment when policies are not well-defined.

*) Ability to think critically, analyze issues and solve sensitive and complex problems under pressure.