Description
Are you passionate about safeguarding information and managing risks? We're looking for a dedicated Mid-Level Risk Assessor to join our team. In this role, you’ll be at the forefront of identifying and mitigating risks to protect our client’s operations, systems, and data. You’ll conduct thorough risk assessments, develop insightful reports, and provide actionable recommendations to enhance security posture and compliance.
Key Responsibilities
- Risk Assessments: Prepare and conduct risk assessments to identify potential threats and vulnerabilities. Evaluate impacts on operations, assets, and individuals, and determine the likelihood of risk occurrence.
- Analysis and Reporting: Develop qualitative risk analyses and provide detailed reports with justifications and solutions. Conduct comprehensive security assessments in line with industry standards and regulatory requirements.
- Security Controls: Evaluate the effectiveness of security controls, ensuring they align with best practices and frameworks such as NIST, RMF, and Zero Trust. Provide recommendations to strengthen security measures and mitigate risks.
- Collaboration: Work with cross-functional teams to create risk treatment plans, prioritize remediation efforts, and track the implementation of controls. Stay updated on evolving security requirements and industry trends.
- Policy Development: Assist in developing and maintaining security policies, procedures, and guidelines. Document findings, observations, and recommendations clearly and concisely.
- Technical Assessments: Perform detailed assessments of security controls, including interviews, examinations, and testing methods. Review network infrastructure and coordinate with stakeholders for comprehensive network assessments.
- Compliance and Documentation: Ensure compliance with federal requirements and document risk assessment results accurately. Prepare executive-level summaries and presentations to communicate outcomes and recommendations.
Qualifications
- Experience: 5 years of IT cybersecurity experience, including direct support of the US government, and 4 years in roles such as ISSO, assessor, or compliance analyst. Without a degree, 7 years of relevant experience is acceptable.
- Education: Bachelor's degree in Computer Engineering, Computer Science, IT, Cybersecurity, or a related field preferred.
- Certifications: At least one of the following: Certified Authorization Professional (CAP), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or a certification compliant with DoD 8570 IAM Level II or higher.
- Clearance: Active Secret Clearance required.
- Skills: Strong understanding of risk assessment methodologies, security architecture frameworks, and common cybersecurity threats. Excellent communication skills and the ability to explain complex concepts clearly.
Work Environment
- Location: Primarily remote, with occasional onsite work in Arlington, VA or within the United States.
- Hours: Business hours are from 8:00 am EST to 4:30 pm EST.
If you're ready to make a significant impact in risk management and cybersecurity, we'd love to hear from you!
Employment Type: Full-Time