Risk Analyst (High Value Assets)

SkyePoint Decisions
Washington, DC
Jul 30, 2022
Aug 08, 2022
Full Time
Overview: SkyePoint Decisions is looking for a highly motivated, team-orientated individual to fill the role of Risk Analyst (High Value Assets) to provide cybersecurity services and advisory support to clients. The customer location is Washington, DC, though telework is standard with onsite work as needed. In this role, the candidate will perform cybersecurity risk management, including reviewing threat and vulnerability data, audit logs for security systems (eg, firewalls, intrusion detection systems, and other SIEM sources), and ensure compliance and effectiveness of established security controls; Support ad hoc and routine reporting requests such as for annual FISMA, GAO, and OIG audits, and unscheduled data calls to verify adherence to IT security policies and procedures; and provide expertise as it relates to IT Audits and enhancing our client's controls environment based on FISCAM and NIST Special Publications and Standards. Responsibilities: Conduct regular policy and plan reviews, report on findings, recommend policy and plan updates.Gather and analyze threat and vulnerability information from information sharing forums and sourcesConduct Tier1 and Tier 2 level cybersecurity risk assessments in accordance with National Institute of Standards and Technology Federal Information Processing Standards and Special Publications, OMB guidance, DHS Binding Operational Directives, and other regulatory authoritiesIdentify, coordinate, track remediation, and monitor risk exposuresEvaluate agency cybersecurity program effectiveness in managing and reducing riskConduct targeted tier 3 level cyber risk assessmentsWrite and communicate detailed reports to support leadership decision makingPresent cyber risk analysis and findings to senior leaders, and provide recommendations for risk remediation and/or opportunitiesHave in depth understanding of NIST frameworks and special publications, and apply principles throughout cyber risk assessment tasksConduct research on current and emerging cybersecurity trends, including threats and vulnerabilitiesCollaborate with other security analysts, enterprise risk management SMEs, and advanced analytics resources to support client needsDevelop written communications to senior executives regarding the organization's cybersecurity risk posture Qualifications: Must have an active Secret clearance or higherBachelors Degree and 3-4 years of related experienceExperience conducting Tier 1, Tier 2, or Tier 3 Cyber Risk Assessment following NIST SP 800-30Knowledge and/or experience implementing Cyber Risk Management Framework for Information Systems and Organizations (NIST 800-37 rev 2)Experience writing research papersExperience aggregating large amounts of information into a reportExperience identifying, vetting, and mitigating strategies associated with Cyber RisksPOA remediation experienceExperience briefing and writing at both a technical and executive levelAbility to respond quickly and coordinate with team management to respond to ad-hoc requestsKnowledge and/or Experience working with US Government Agency in the implementation of integrating Cybersecurity and Enterprise Risk Management in alignment with NIST 8286Experience evaluating US Government agency policies for policy change implicationsKnowledge and/or Experience in US Government Enterprise Risk Management and/or Cyber Risk ManagementKnowledge of BOD 18-02 and US Government Agency High-Value Asset System RequirementsKnowledge and/or experience implementing Cyber Risk Management Framework for Information Systems and Organizations (NIST 800-37 rev 2)Experience managing US Government agency High-Value Asset System or providing High-Value Asset System Oversight at the agency levelAbility to draft and follow Standard Operating Procedures sourcing appropriate government NIST standardsExperience assessing or mitigating threats and vulnerabilities to US Government agency HVA systemsAbility to respond quickly and coordinate with team management to respond to ad-hoc requests SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the US We provide innovative enterprise-wide solutions as well as targeted services addressing the complex challenges faced by our federal government clients. Our focus is on enabling our clients to most efficiently and effectively deliver their mission - anytime, anywhere, securely. We combine technical expertise, mission awareness, and an empowered workforce to produce meaningful results. SkyePoint Decisions is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 (with SAM) for Services. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve. SkyePoint Decisions is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. US Citizenship is required for most positions.

Similar jobs