Cyber Risk Management Analyst

GCyber is hiring a Cyber Risk Management Analyst to support data security risk assessments for a high visibility Executive Branch customer. Your primary focus will be on identifying and evaluating potential data security risks and vulnerabilities within the systems and developing effective mitigation strategies.
 
This is a dynamic role that will require knowledge and understanding in data security planning and controls compliance as well as a technical background to interpret data security risk and security assessment results and technical guidance. 
 
This position is hybrid telework with 3 days onsite in Washington, DC. Given the unique mission requirements, there is no opportunity for full-time remote work arrangements.
As a Cyber Risk Management Analyst, you will:
 

• Perform security risk assessments to data security principles and best practices are applied to applications architectures during the design, implementation, and operations phases.
• Risk assessments include evaluating system interconnections for potential risks or vulnerabilities in how data is transmitted, accessed, and stored.
• Develop risk assessment reports that can be presented to senior executives, highlighting features, functionality, interoperability, and other critical aspects.
• Research data security capabilities for applications to provide recommendations for enhancing data security.
• Identify and recommend appropriate security measures to mitigate identified risks. Collaborate with offices such as Cloud Application Security, Data Governance, and others to incorporate their findings into the risk assessment package.
• Draft and maintain waivers, Plan of Action and Milestones (POA&Ms), and other relevant artifacts.

Minimum Qualifications and Experience:
 

• Active DoD Top Secret/SCI clearance
• BA/BS Degree in IT, Security, or a related field (or equivalent experience)
• DoD IAT II certification (i.e., CCNA-Security, CySA+, GICSP, GSEC, Security+, CND, SSCP) https://public.cyber.mil/wid/cwmp/dod-approved-8570-baseline-certifications/
• 4+ years of experience including demonstrated experience conducting security risk assessments for IT systems, applications, or services within a Government environment
• Solid knowledge of cybersecurity frameworks, standards, and best practices such as NIST, FISMA, FedRAMP, etc.
• Strong problem-solving abilities and attention to detail.
• Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders.

GCyber is an Equal Opportunity Employer. This means you don't have to worry about whether your application process will be fair. We consider all applicants without regard to race, color, religion, age, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, veteran status, or disability.
For future job notifications please follow GCyber on LinkedIn. https://linkedin.com/company/gcyber