SAIC is seeking a Cyber Risk Management Analyst to join our MSI team supporting the Commonwealth of Virginia (COV). The Risk Analyst team will be interacting with COV technology suppliers about their compliance with COV cybersecurity policies and practices, and providing a wide range of Risk management services to them and the Commonwealth. This will require a combination of the following Knowledge, Skills, and Abilities:
Strong understanding of applying Risk Management Frameworks (preferably NIST RMF and/or ISO 27000), including:
- Identification of business priorities,
- Analysis of Risk to those priorities,
- Planning of security controls to best protect those priorities while meeting requisite policies and procedures,
- Conducts risk and vulnerability assessment at the network, system and application level, and assesses resulting impact on risk,
- Develops and implements security controls and formulates operational risk mitigations to remediate weaknesses,
- Quantifies and reporting on remediation progress,
- Assesses remediation effectiveness,
- Analysis of threat landscapes,
- Re-prioritization of remediation activities as dictated by changing threat landscapes,
- Automation of continuous monitoring solutions,
- Incident response and incident Root Cause Analysis,
- Assists in the implementation of required government policy (SEC501), and
- Maintenance of a consolidated Risk Register, with escalation of known issues that surpass the risk appetite of the organization.
Strong verbal, analytical, and written communication abilities:
abilities should be confident but non-confrontational, articulate but not wordy, equally comfortable leading and following, and as eager to listen as to contribute.
abilities should avoid black-and-white thinking, and instead embrace diversities of opinions and viewpoints for their ability to inform complex solutions to complex real-world problems.
abilities should produce grammatically correct, concise, informative, and visually appealing written products.
to both technical and non-technical audiences and a strong customer-service focus
will be critical since this is a role that will have frequent contact with our COV customer.
Required Education and Experience:
• Candidates must have a Bachelor's
degree and at least two (2) years of experience. Degrees in engineering, science, and mathematics are preferred. We will accept an additional 4 years of relevant experience in lieu of a degree.
• Must have at least one year of direct IT security experience.
• Must be able a U.S. citizen with the ability to pass a Commonwealth of Virginia background check.
• Continual Learning. Completion of advanced course work, or attainment and maintenance of cybersecurity-related credentials and certifications, is preferred.
• ITIL Certification. Candidates who have completed ITIL v3 2011 Foundation or above are preferred.
• Location. Work will be performed in Richmond, VA, with some telework allowed subject to customer needs and ability to adhere to telework policy. Desired Qualifications
My SAIC Benefits.