Cybersecurity Risk Analyst

communication and organizational skills, Cyber Maturity Model Certification, CMMC, CISSP, CISA, CAP, Security+, GSEC, NIST, DFARs, RMF, NISPOM compliance
Contract W2, 3 Years
Travel required to 10%.

Job Description

Background:

This is an opportunity to work at a world famous, federally funded research & development organization with a great culture.
They are are seeking a Cybersecurity Risk Analyst for maintaining the security plan, developing policies, plans and procedures and conducting security compliance audits, in accordance with DoD standards, as well as information security industry best practices.
Position Scope/Job Functions:
  • Develop policies, plans and procedures IAW Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting and Cyber Maturity Model Certification (CMMC).
  • Perform risk analysis and reporting on DFARs, NIST, RMF, and NISPOM compliance
  • Audit information systems according to NIST SP 800-37, 800-171, CMMC and 800-53, NISPOM and DFARs frameworks
  • Assess requirements for compliance with government regulations and prepare documentation and policy IAW requirements
  • Perform complex analysis of risk of security exceptions through the data security plan process
  • Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls
  • Develop and enforce information security policy
  • Conduct staff security outreach and engagement
  • Assess security risks of cutting edge technology
  • Support vulnerability management operations through documentation and reporting of findings to lab leadership
  • Support incident response and remediation efforts.
  • Ability to work effectively in teams.
Skills: Required
  • Demonstrated knowledge of the Defense Federal Acquisition Regulation Supplement, contract clause 252.204-7012, ''Safeguarding Covered Defense Information and Cyber Incident Reporting.'' and Cyber Maturity Model Certification (CMMC) cybersecurity framework requirements and security controls.
  • CISSP, CISA, CAP, Security+, GSEC, or equivalent.
  • 3-5 years of experience with NIST 800-53/800-171 controls / NIST Risk Management Framework.
  • Experience reviewing/analyzing vulnerability scans or configuring host based security solutions is a plus.
  • Demonstrated capabilities in presenting ideas written and orally are required. Some local and overnight travel may be required (less than 10%).
  • Perform risk analysis and reporting on DFARs, NIST, RMF, and NISPOM compliance
  • Audit information systems according to NIST SP 800-37, 800-171, CMMC and 800-53, NISPOM and DFARs frameworks
  • Assess requirements for compliance with government regulations and prepare documentation and policy IAW requirements
  • Perform complex analysis of risk of security exceptions through the data security plan process
  • Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls
  • Develop and enforce information security policy
  • Conduct staff security outreach and engagement
  • Assess security risks of cutting edge technology
  • Support vulnerability management operations through documentation and reporting of findings to lab leadership
  • Support incident response and remediation efforts.
  • Ability to work effectively in teams.
Skills: Preferred
  • Prior experience in a DoD Industrial Security environment is preferred.
  • Familiarity with requirements identified in the National Industrial Security Operations Manual (NISPOM) is preferred.
Education
  • Bachelor's degree. Bachelor's degree in Computer Science, Information Technology, Computer Information Systems, or related field is required. (Master's degree in one of the above fields is preferred).
  • Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e., CISSP, CISA) may be considered substitutes for education and experience
Work Authorization: US Citizenship is required.

"We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law."

Dice Id : EMCON
Position Id : 2020-30
Originally Posted : 8 months ago
Have a Job? Post it